Navigating the Future of Cybersecurity with Christopher Steffen
In the latest episode of The Cyber PMM Podcast, I had the opportunity to sit down with Christopher Steffen, Vice President of Research at Enterprise Management Associates (EMA), to break down the most pressing trends in the industry. Chris is a veteran cybersecurity analyst, a thought leader, and a technology evangelist with deep expertise in Zero Trust, agentic AI, and security operations. Our conversation spanned everything from the impact of AI on cybersecurity to practical strategies for product marketers in this space.
Cybersecurity in Motion: Trends, Travel, and Tech
Chris kicked off our discussion by sharing his recent travels, touching on the vastly different climates he’s experienced—some of which might make even Colorado’s weather look predictable. But beyond the scenery, his focus remained firmly on how security leaders are navigating today’s evolving threat landscape.
Chris shared some tips for attending RSAC not just for networking but for staying ahead of innovation. He emphasized that the Innovation Sandbox at RSAC offers invaluable insight into cutting-edge security technologies, giving practitioners a hands-on look at what’s coming next.
AI was a central theme in our conversation, particularly its impact on cybersecurity. We explored how AI is streamlining security operations, enabling no-code development, and reshaping incident response and threat detection. While AI promises efficiency, it also introduces new risks, especially in API security, which brought us to our next topic.
Watch the interview:
PLEASE BE SURE TO SUBSCRIBE ON YOUTUBE
The Expanding Attack Surface: APIs and AI
Chris and I dug into a topic that’s becoming impossible to ignore: the growing cybersecurity risks associated with APIs. As AI-driven agents proliferate, APIs—often requiring credentials—become a prime target for exploitation. APIs power modern applications, but without diligent security practices, they can also expose organizations to new threats.
Chris underscored the importance of API governance, particularly as AI systems increasingly rely on API-based integrations. Security teams need to think beyond just securing data—they must also secure the mechanisms that move data between systems.
The Zero Trust Debate: Compliance vs. Reality
Few topics spark more debate in cybersecurity than Zero Trust—and Chris has strong opinions on where it’s headed. “I’m constantly worried about Zero Trust being commoditized into a set of compliance controls that don’t mean anything,” he shared.
At its core, Zero Trust is about verifying every request, regardless of where it originates. But Chris cautioned against reducing it to a check-the-box exercise. He stressed the importance of practical implementation, ensuring organizations don’t just claim Zero Trust but actually enforce it in meaningful ways.
For those looking to deepen their understanding, Chris pointed to John Kindervag, one of the original architects of Zero Trust, as a key figure to follow.
Cybersecurity Marketing: Insights from an Analyst’s Perspective
No conversation on Cyber PMM would be complete without actionable insights for product marketers. Chris delivered some of the best takeaways of the episode here:
- Make the buyer the hero. Don’t position your product as the protagonist—position it as the enabler that helps the buyer succeed.
- Authenticity wins. Whether you’re briefing analysts or crafting marketing content, avoid overhyped messaging and stick to real-world impact.
- Preparation matters. Analyst briefings are not the place to wing it. Know your narrative, anticipate objections, and be ready to back up your claims with data.
Final Thoughts
As we wrapped up, I asked Chris if he had any parting requests for our audience. His response reflected the ethos of cybersecurity itself: Collaboration is key. He urged everyone—practitioners, analysts, and marketers alike—to join the collective effort in fortifying cybersecurity measures and staying ahead of evolving threats.
A huge thank you to Chris for sharing his time and expertise. His insights provide a clear-eyed perspective on where cybersecurity is headed, and I’m looking forward to continuing the conversation at future events like RSAC. Until then, let’s fight digital chaos, cut through the hype and do more with less.
⤵️ Join the conversation with 300+ other Cyber PMMs
- Subscribe to the newsletter on LinkedIn or Substack. (You can also subscribe directly below.)
- Follow Cyber PMM and/or me on LinkedIn.
- Subscribe to the YouTube channel.
- Subscribe to the Podcast on Spotify or Apple.
- Follow on X and @Cyber_PMM on Instagram.