
#284 - Lessons Learned from SQL Slammer to AI Agents (with Aaron Turner)
From CISO Tradecraft® by G Mark Hardy & Ross Young
May 18, 2026 · 46 min · Episode 284
About this episode
The episode discusses lessons learned from past cyber outbreaks and their relevance to current AI security challenges.
What can today’s CISOs learn from the chaos of Code Red and SQL Slammer? In this episode, G Mark Hardy interviews Aaron Turner about what it was like responding inside Microsoft during two of the most infamous cyber outbreaks in history. Aaron shares firsthand stories from the era when SQL Slammer infected at least 75,000 systems in roughly 10 minutes, exposing massive gaps in patch management, security QA, firewall design, and enterprise readiness. He explains how Microsoft’s early security culture operated, how major incidents and source-code theft forced change, and why many of the same mistakes are now reappearing in enterprise AI adoption. The conversation connects the lessons of Code Red and Slammer directly to today’s AI security challenges, including: Unauthenticated MCP servers and weak authorization models AI accelerating exploit development and vulnerability discovery Why the traditional “patching game” no longer scales The growing importance of identity security, ITDR, SASE, and developer controls How CISOs should think about technical debt and legacy modernization Why serverless and cloud-native architectures may become security necessities If you’re a CISO, deputy…
People in this episode
Host: G Mark Hardy
Guest: Aaron Turner
Topics covered
- cybersecurity
- AI security challenges
- incident response
- patch management
- identity security
- cloud-native architectures
Keywords
- SQL Slammer
- Code Red
- cyber outbreaks
- security culture
- AI-driven attacks
- technical debt
- cloud security
Mentioned in this episode
Organizations: Microsoft
More episodes of CISO Tradecraft®
- #287 - Cybersecurity Insights You'll Want to Hear (with Michael Hammer) · June 8, 2026 · 45 min
- #286 - AI-Native Security (with Nishant Doshi & Saro Subbiah) · June 1, 2026 · 46 min
- #285 - Passwordless Authentication (with Nishant Kaushik) · May 25, 2026 · 42 min
- #283 - Leadership Lessons and the Art of the Performance (with Chris Brogan) · May 11, 2026 · 48 min
- #282 - Top 10 Agentic AI Attacks (with Rock Lambros) · May 4, 2026 · 45 min
- #281 - SIEM Secrets They Don’t Tell You (with Anton Chuvakin & Alex Hurtado) · April 27, 2026 · 48 min
Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.