Guest
Steve Cobb,
Chief Information
Security Officer at SecurityScorecard
"The Future Focused CXOs"
PODCAST - Episode 37
The Future Focused CXO is the podcast for C-level executives aiming to scale their organizations, lead through transformative challenges, and stay ahead in adopting cutting-edge technologies like Artificial Intelligence. Each episode explores actionable leadership strategies, insights on managing rapid organizational change, and real-world examples from top executives tackling the complexities of modern business operations.
In this episode, we interview Steve Cobb, Chief Information Security Officer at SecurityScorecard, known across the industry as “Cyber Santa.” With more than 30 years of experience spanning healthcare, finance, telco, and enterprise technology, Steve shares his journey from fixing infected floppy disks to becoming a CISO, along with his candid perspective on leadership, security, and AI’s role in the future of defense.
Key takeaways include:
- Compliance ≠ Security: Regulations are only minimum standards; real security comes from proactive, risk-based defense.
- Rethinking Access Management: Why Just-in-Time Provisioning (JIT) is more effective than traditional two-account systems.
- Security as a Business Enabler: How reframing security from “hindrance” to “growth partner” changes executive perception.
- Balancing Convenience & Safety: Lessons from healthcare on finding practical middle grounds, like biometric authentication.
- AI in Cyber Defense: The biggest risks (prompt engineering, SaaS defaults, employee misuse) and opportunities (automation, faster detection, AI-driven war games).
- Peer Collaboration Matters: How the Carolina CISO Group creates a safe space for leaders to share challenges and solutions.
- Career Lessons: Why staying technical shaped Steve’s leadership style and kept him close to evolving threats.
Tune in for an insightful conversation with Steve Cobb on how CISOs and CXOs can navigate the fast-changing cybersecurity landscape, balance innovation with protection, and prepare for the new era of AI in business.
Engage with our Latest Conversations Featuring Industry Experts!
.png)
The Future Focused CXO Episode 37: Show Notes
1. Compliance Does Not Equal Security
Steve emphasizes that regulations are minimum standards, not complete protection. True cybersecurity means going beyond checkboxes to address real risks and evolving threats.
2. Rethink Privilege Access Management
Instead of the traditional two-account system (which engineers often bypass), Steve advocates Just-in-Time Provisioning (JIT) to grant temporary admin access. This reduces risk from standing admin accounts, that are prime targets for attackers.
3. Balance Security with Convenience
In high-stakes fields like healthcare, strict security often clashes with urgent decision-making. Creative solutions like biometric authentication can protect sensitive data without slowing down life-saving work.
4. Make Security a Business Enabler
Steve pushes leaders to shift their mindset: cybersecurity is not just a “necessary evil.” When positioned as a growth enabler, it builds trust, protects reputation, and even creates new business opportunities.
5. Approach AI with Caution and Optimism
AI brings both promise and peril. Risks include prompt engineering attacks, data leakage, and SaaS platforms enabling AI features by default. AI can handle routine security tasks, spot threats faster, and even run simulated attack-and-defense exercises.
“There will always be a human in the SOC. AI can accelerate, but it won’t replace
human judgment.”
— Steve Cobb
6. Build Trusted Peer Communities
Through the Carolina CISO Group, Steve has created a safe space for leaders to share failures, compare strategies, and learn without fear of exposure. He believes teamwork is just as important as technology in today’s cybersecurity world.
Conclusion – Security Beyond the Checklist
Steve Cobb’s journey makes one truth clear: cybersecurity leadership is about shaping a mindset that sees security as a driver of trust, growth, and resilience.
His lessons on rethinking access controls, balancing security with user convenience, and reframing cybersecurity as a business enabler show that the most effective CISOs do beyond protecting systems. They enable organizations to move faster and with more confidence.
The rise of AI adds both urgency and opportunity. Used recklessly, it can amplify risk. If used responsibly, it can transform the speed and depth of defense.
Steve’s story reminds us that security is as much about people, culture, and priorities as it is about firewalls or frameworks. Modern CISOs must learn to protect data, and also the trust, agility, and values that make organizations thrive.
For more inspiring stories and actionable strategies from top executives, subscribe to the Future Focused CXOs podcast on your favorite streaming platform:
