Randy Barr has held the CISO title at over 10 companies — including Cisco, Zoom, and BioRender — and has seen every version of how security programs succeed and fall apart.

He now leads security at Sequence Security, focused on API security, bot management, and AI protection. In this episode, Randy takes us through what security teams think they're doing well but aren't, what incidents actually look like at scale, and why AI is rewriting the rules faster than most organizations can keep up.

He explains:

1. Why compliance and security are not the same thing — and confusing them is dangerous
2. How insider threats often hide inside your own growth and broken processes
3. What a war room actually needs to function under pressure
4. Why MCP servers and prompt injection are the next wave of incidents no one is ready for
5. How to build a CISO career that doesn't burn you out

Episode Timeline:

1. (00:00) From ASP to cloud to AI — how the security industry has shifted
2. (07:33) Why 80% of internet traffic is now machine to machine
3. (09:46) What most startups get wrong about security programs
4. (15:01) How to make the business case for a security budget
5. (19:36) When buying more tools is actually the wrong move
6. (28:30) War story: stolen servers sold online by an infrastructure manager
7. (36:25) War story part 2: third-party contractors scripting their own reimbursements
8. (42:00) The website defacement that launched Randy's security career
9. (46:11) What a good incident war room actually looks like
10. (53:50) Shadow AI, MCP servers, and the prompt injection risk no one is tracking
11. (01:02:00) Where AI can genuinely replace manual security work
12. (01:12:43) Advice for new and experienced CISOs on what actually matters

Connect with Randy on LinkedIn

Powered by Control D