3556: How Illumio Is Helping Leaders Rethink Cybersecurity for a World Where Attacks Keep Happening

What happens when we finally admit that stopping every cyberattack was never realistic in the first place?

That is the thread running through this conversation, recorded at the start of the year when reflection tends to be more honest and the noise dial is turned down a little. I was joined by returning guest Raghu Nandakumara from Illumio, nearly three years after our last discussion, to pick up a question that has aged far too well. How do organizations talk about cybersecurity value when breaches keep happening anyway?

This episode is less about shiny tools and more about uncomfortable truths. We spend time unpacking why security teams still struggle to show value, why prevention-only thinking keeps setting leaders up for disappointment, and why the conversation is slowly shifting toward resilience and containment. Raghu is refreshingly direct on why reducing cyber risk, rather than chasing impossible guarantees, is the only metric that really holds up under boardroom scrutiny.

We also talk about the strange contradiction playing out across industries. Attackers are often using familiar paths like misconfigurations, excessive permissions, and missing patches, yet many organizations still fail to close those gaps. The issue, as Raghu explains, is rarely a lack of tools. It is usually fragmented coverage, outdated processes, and a talent pipeline that blocks capable people from entering the field while claiming there is a skills shortage.

One of the most practical parts of this conversation centers on mindset. Instead of asking whether an attacker got in, Raghu argues that leaders should be asking how far they were able to go once inside. That shift alone changes how success is measured, how teams prepare for incidents, and how pressure-filled P1 moments are handled when boards want answers every fifteen minutes.

We also touch on how legal action, public claims campaigns, and customer lawsuits are changing the stakes after a breach, forcing executives to rethink how they frame cyber investment. From there, Raghu shares how Illumio has been working with Microsoft to strengthen internal resilience at massive scale, and why visibility and segmentation are becoming harder to ignore.

This is a conversation about realism, responsibility, and growing up as an industry. If cybersecurity is really about safety and not slogans, what would you want your organization to stop saying, and what would you rather hear instead?

Please feel free to upload the podcast. Here are also the links we discussed on the call:

Useful Links

• Connect with Raghu Nandakumara on LinkedIn and Twitter
• Learn more about Illumio
• Lateral Movement in Cyberattacks
• Illumio Podcast
• Follow on Facebook, Twitter, LinkedIn, and YouTube

Thanks to our sponsors, Alcor, for supporting the show.