In Episode 69 of CYBR.SEC.CAST, hosts Michael Farnum and Sam Van Ryder sit down with Crush Security CEO Joshua Jones, CTO Josh Johnson, and JB Poindexter & Co. CISO John Barrow to explore a growing problem facing security leaders: the inability to effectively evaluate, compare, and manage cybersecurity products at scale.
SHOW NOTES:
Things Mentioned:
- Crush Security website: https://www.crushsecurity.com/
- Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
- CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:
- Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.
EPISODE 69 Timestamps:
00:00 – Introduction and Sponsor Disclosure
Michael Farnum introduces Crush Security as the episode sponsor and frames the discussion around real-world CISO challenges involving cybersecurity purchasing and vendor management.
05:00 – Joshua Jones' Cybersecurity Journey
Jones recounts entering cybersecurity during the early days of MFA, building global sales and consulting organizations, and eventually identifying inefficiencies in the reseller ecosystem that inspired Crush Security.
09:15 – Josh Johnson's Path from Digital Forensics to AI
Johnson discusses his background in computer forensics, incident response, consulting, and cybersecurity leadership before co-founding Crush Security.
11:45 – John Barrow's Evolution from Military Intelligence to CISO
Barrow explains how his nontraditional background became a leadership advantage, helping him bridge communication gaps between security teams and executive leadership.
17:00 – The Hidden Cost of Security Tool Sprawl
The group examines how organizations accumulate overlapping technologies, duplicate capabilities, and unnecessary spending while struggling to understand what they actually own.
21:30 – Why Traditional VAR Models Fall Short
Jones argues that too many reseller relationships remain transactional and fail to provide the strategic guidance security leaders need.
24:30 – Using AI to Evaluate Security Products
Johnson explains how Crush maps cybersecurity products, controls, compliance frameworks, and capabilities to help organizations identify gaps, overlaps, and alternatives.
29:00 – The Coming Explosion of Security Categories
The panel discusses how AI is enabling vendors to rapidly expand into adjacent markets, creating even more confusion for buyers evaluating security platforms.
33:30 – Crush Security's Vision for a 'Super VAR'
Jones outlines the company's vision of combining AI, security architecture, contract intelligence, and procurement guidance into a unified platform for security leaders.
35:20 – Final Thoughts
The panel closes by reflecting on why cybersecurity procurement remains largely unsolved and why data-driven decision making may finally change that reality.
Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com
Keep up with CYBR.SEC.CON.:
Keep up with CYBR.SEC.Media:
Check out our Conferences and Events:
Support or apply to our Scholarship Program:
Subscribe to the podcast:
In this episode:
- Host: Michael Farnum
- Host: Sam Van Ryder
- Guests: Josh Jones, Josh Johnson, John Barrow
- Production and editing: Bill Brenner
- Music by: August Honey
