Sign up to save your podcasts
Or
Share Security Is Everyone's Job and Why That Matters More Than Ever with Bryan Tomczyk
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Is Everyone's Job and Why That Matters More Than Ever with Bryan Tomczyk
Guest Introduction
Bryan Tomczyk serves as a Cybersecurity Engineer at GP Strategies Corporation, where he works closely with senior IT and infrastructure teams to secure systems across a large, global organization. GP Strategies operates primarily as a training and professional services company, supporting clients across multiple countries and industries. Bryan's role places him at the intersection of security engineering, vendor risk management, and user education, with a strong emphasis on enabling the business rather than obstructing it. His background reflects a long term evolution into cybersecurity, shaped by decades of security focused thinking before formally entering a cyber role.
Here's a Glimpse of What You'll Learn-
Why cybersecurity must be embedded into every role, not isolated to IT teams
-
How security advocacy grows organically through education and experience
-
The real risks of AI adoption without proper guardrails
-
Why large language models are not a complete solution for security
-
How supply chain risk has become one of the biggest threats to organizations
-
What secure by design actually looks like in modern environments
-
Practical considerations for evaluating AI tools and SaaS vendors
Bryan Tomczyk explains why the idea that security is everyone's job only works when organizations invest in education and context. He describes how working directly with users, especially after incidents, creates awareness that policies alone cannot achieve. Security, in his view, must enable productivity while quietly reducing risk in the background.
The conversation dives deep into AI and cybersecurity, with Bryan outlining why machine learning excels at correlating massive volumes of data but struggles when used without constraints. He cautions against treating large language models as universal solutions, noting their susceptibility to hallucination, prompt injection, and misuse. Instead, he advocates for narrowly scoped, self learning systems that are heavily restricted in access.
Bryan also addresses the growing complexity of modern environments, from email security and MFA fatigue to operational technology and supply chain risk. He highlights why vendor reviews, SOC 2 reports, and infrastructure transparency are no longer optional. Throughout the discussion, he reinforces a consistent theme that security must evolve thoughtfully, balancing innovation with responsibility to protect users, data, and operations.
View all episodes
By Matthew ConnorGuest Introduction
Bryan Tomczyk serves as a Cybersecurity Engineer at GP Strategies Corporation, where he works closely with senior IT and infrastructure teams to secure systems across a large, global organization. GP Strategies operates primarily as a training and professional services company, supporting clients across multiple countries and industries. Bryan's role places him at the intersection of security engineering, vendor risk management, and user education, with a strong emphasis on enabling the business rather than obstructing it. His background reflects a long term evolution into cybersecurity, shaped by decades of security focused thinking before formally entering a cyber role.
Here's a Glimpse of What You'll Learn-
Why cybersecurity must be embedded into every role, not isolated to IT teams
-
How security advocacy grows organically through education and experience
-
The real risks of AI adoption without proper guardrails
-
Why large language models are not a complete solution for security
-
How supply chain risk has become one of the biggest threats to organizations
-
What secure by design actually looks like in modern environments
-
Practical considerations for evaluating AI tools and SaaS vendors
Bryan Tomczyk explains why the idea that security is everyone's job only works when organizations invest in education and context. He describes how working directly with users, especially after incidents, creates awareness that policies alone cannot achieve. Security, in his view, must enable productivity while quietly reducing risk in the background.
The conversation dives deep into AI and cybersecurity, with Bryan outlining why machine learning excels at correlating massive volumes of data but struggles when used without constraints. He cautions against treating large language models as universal solutions, noting their susceptibility to hallucination, prompt injection, and misuse. Instead, he advocates for narrowly scoped, self learning systems that are heavily restricted in access.
Bryan also addresses the growing complexity of modern environments, from email security and MFA fatigue to operational technology and supply chain risk. He highlights why vendor reviews, SOC 2 reports, and infrastructure transparency are no longer optional. Throughout the discussion, he reinforces a consistent theme that security must evolve thoughtfully, balancing innovation with responsibility to protect users, data, and operations.