GCS CEO, David Bloxham sits down with Francis Gorman, Principal Security Architect and host of the Entropy podcast, for a practical, no jargon tour of today’s cyber realities. They unpack why disgruntled insiders can out risk outside attackers, how AI is shifting from phishing helper to core attack mechanism, and what “no click” prompt injection looks like in the wild.

Francis shares a leadership playbook that treats security as an enabler, do the basics brilliantly, align to business risk appetite, and build security in from the start. The conversation closes with a clear primer on quantum risk: Q Day as the “Y2K of our time,” harvest now decrypt later threats, and why post quantum migrations touch apps, middleware, networks, and vendors. Plus, Francis’ unconventional path from farm and film to cyber, and how teaching and community accelerate learning.

Timestamps

00:00 Cold open: insider threats, AI attack speed, and a Q Day tease

00:00:52 Intros and why this topic matters for business leaders

00:03:44 From farm and film to security architect: Francis’ career pivot

00:11:00 Building community and learning by teaching (Entropy, AI security courses)

00:14:36 Insider threats: unhappy employees as a leading risk signal

00:17:02 Do the basics brilliantly: MFA, WAF, EDR, audits, and Zero Trust culture

00:22:47 AI’s next phase: from phishing aid to core attack mechanism (2026–2027 outlook)

00:26:16 No click phishing explained: white on white prompt injections and co pilot trigger phrases

00:29:09 Security as an enabler: start small, build privacy/ethics in, avoid vendor hype

00:31:17 Aligning business and security risk; threat modeling every major delivery

00:37:38 Quantum 101 and Q Day as the “Y2K of our time”

00:41:00 Harvest Now Decrypt Later, PQC planning, and why dependencies (and EU timelines) matter