Cyber Security Business

There are a handful of genuinely useful practitioner nuggets—particularly the counterintuitive point about not training employees to spot deepfakes but to reinforce existing controls, and the dependency of AI on prior digital transformation—but they are surrounded by lengthy change management platitudes and a filler rapid-fire segment that contributes nothing.

“the goal really there is not to scare people. And it's definitely not to train them on how to spot a deepfake, but really just train them on going back to the controls that we set for us years ago”

“it's hard to do AI right without first doing digital transformation, especially around data”

The framing of deepfakes as a training tool rather than a threat to detect is mildly counterintuitive, and using AI to manufacture skeptic buy-in through live demos is a practical angle. However the bulk of the episode recycles familiar change management and top-down culture arguments without adding a genuinely fresh framework or contrarian thesis.

“I've used those as a way to make the culture stronger. I've done things like send out deep fakes of myself and other colleagues just to show how easy it is to create it”

“I went to senior management and I said, look, this is a chance to lead”

Sean Dobson is a genuine dual-role CISO/CTO at a real $29B AUM investment firm who has actually built and run the programs he describes; he is a practitioner, not a circuit-riding thought leader. His credibility is solid but the firm and role are not exceptional scale, and nothing in the transcript reveals unusually hard-won or rare expertise.

“I created the working group, collaborated with the department heads, you know, work with them on finding champions around the firm”

“Since I'm the CTO and the CISO, I sort of go back and forth, which makes it a lot easier”

The episode includes a few concrete data points—roughly 200 employees, $29B AUM, 10 training sessions, 'hundreds of demos'—and names specific use cases like prompt engineering training and an AI collaboration hub. However, there are no hard outcome metrics (phishing click-rate changes, hours saved, dollar figures on efficiency) and the portfolio company examples stay vague.

“we only have a couple hundred employees here”

“We did 10 different training sessions to get everyone on board”

The host asks leading, complimentary questions throughout ('I know you've done a lot of work,' 'you're doing it right'), never pushes back on any claim, and devotes the final quarter of the episode to irrelevant personal questions about piano and the Adirondacks. There is no productive disagreement or follow-up that extracts deeper or more specific information.

“I think you're a great leader. Buffer's probably lucky to have you there”

“you're doing it right. Where do you think most companies go wrong when trying to embed AI into their security culture”