
Security Debt: The Risk Nobody is Reporting
From Cyberside Chats: Cybersecurity Insights from the Experts by Chatcyberside
April 28, 2026 · 29 min · Episode 70
About this episode
This episode discusses security debt and its role in major cybersecurity incidents, highlighting recent examples and offering a framework for understanding the issue.
In this live episode of Cyberside Chats, we dig into security debt and why it continues to sit behind so many major incidents. This is the risk that builds quietly over time when controls are available but never turned on, systems aren’t fully decommissioned, or ownership is unclear. Using recent examples like Stryker, along with Change Healthcare and Colonial Pipeline, we walk through how attackers don’t always need sophisticated techniques. In many cases, they just take advantage of gaps that have been sitting there for years. We also introduce a simple framework to think about security debt across identity, lifecycle, architecture, governance, and operations, and why most real-world incidents cut across more than one of these areas. We close with a look at how things are changing. With AI accelerating exploit development, the window to fix these issues is getting smaller. What used to be a manageable delay is quickly becoming real exposure. Audience takeaways Require dual approval for destructive admin actions. Any system where one administrator can wipe, delete, or lock out at scale — Intune, Entra, identity providers, backup consoles, remote management tools — should require…
People in this episode
Host: Chatcyberside
Topics covered
- security debt
- cybersecurity incidents
- AI in cybersecurity
- identity governance
- risk management
Keywords
- security debt
- cybersecurity
- AI
- identity governance
- risk management
- Stryker
- Colonial Pipeline
Mentioned in this episode
Organizations: Stryker, Change Healthcare, Colonial Pipeline, Microsoft
More episodes of Cyberside Chats: Cybersecurity Insights from the Experts
- Damaged Goods: When your new hire is already compromised · June 9, 2026 · 15 min
- The CRM Goldmine: Inside the Salesforce Breach Wave · June 2, 2026 · 17 min
- Shadow Agents: When Your AI Workforce Has No Boss · May 26, 2026 · 29 min
- Better Than Google, Still Risky: The OpenEvidence Story · May 19, 2026 · 15 min
- Finals Week Fallout: The Canvas Hack That Shook Education · May 12, 2026 · 11 min
- 9 Seconds to Zero: Misbehaving AI · May 5, 2026 · 17 min
Explore listener stats, chart rankings, contacts and more on the Cyberside Chats: Cybersecurity Insights from the Experts podcast page.