Insight from Joe Carson on Agentic AI, Cyber Resilience, and Lessons from Estonia
In the rapidly evolving landscape of cybersecurity, a significant shift towards a new paradigm has begun, according to Joe Carson, the chief security evangelist and advisory CISO at Segura. He describes this emerging reality as an "AI versus AI" scenario, where both attackers and defenders deploy autonomous agents. This shift signifies that human operatives are increasingly transitioning from operators to orchestrators in the battle for cybersecurity.
Carson emphasizes the critical role artificial intelligence (AI) plays in enhancing organizational capabilities. AI serves as an accelerator, enabling faster decision-making processes and promoting greater operational efficiency. However, he cautions that organizations must define clear objectives and assess risks associated with the adoption of AI technologies. Without a well-defined strategy and appropriate guardrails, Carson warns, AI could inadvertently exacerbate existing vulnerabilities rather than mitigate them.
"The way forward is to work together with AI," Carson states, highlighting the cooperative potential of human intelligence alongside artificial intelligence. He firmly believes that AI technology will not replace human workers but rather empower them in their roles.
In a video interview with Information Security Media Group at the RSAC Conference 2026, Carson elaborated on several vital considerations for cybersecurity leaders. One notable recommendation he made is for Chief Information Security Officers (CISOs) to conduct infrastructure failure simulations. This approach offers a proactive measure against potential threats, moving beyond traditional risk assessments.
Carson also reflected on Estonia’s historical experiences with cybersecurity challenges, specifically GPS jamming, undersea cable sabotage, and hybrid threats that affect both physical and digital domains. He noted that Estonia’s experiences can serve as invaluable lessons for other nations seeking to enhance their cyber resilience. By learning from such incidents, organizations can adopt more robust preventive and responsive strategies.
Additionally, Carson discussed the concept of "data sovereignty," describing it as a critical subset of data resilience. In today’s interconnected world, understanding the ramifications of data location is essential for organizations that aim to maintain control over their sensitive information. Data sovereignty involves recognizing the regulatory and operational implications of where data is stored and processed, emphasizing the need for a comprehensive strategy that prioritizes data protection.
With over 25 years of experience in enterprise security, Carson is not only an ethical hacker but also an established author of works such as "Privileged Account Management for Dummies" and "Cybersecurity for Dummies." His extensive background enables him to provide insight into various facets of cybersecurity, having served as an advisor to several governments and critical infrastructure entities, including those in financial and transportation sectors. Carson is a recognized speaker in global conferences, showcasing his commitment to enhancing cybersecurity awareness and practices.
The implications of AI’s role in cybersecurity are profound. As both attackers and defenders increasingly leverage AI technologies, the need for continuous adaptation becomes crucial. Organizations must cultivate an environment where innovation is matched with vigilance, ensuring that AI serves as a tool for defense rather than a catalyst for vulnerability.
Furthermore, the increasing complexity of cyber threats calls for a cohesive strategy that integrates AI capabilities while prioritizing human oversight and decision-making. This holistic approach could provide organizations with a strategic advantage in navigating the uncertain terrain of cyber warfare.
As industries continue to explore the intersection of AI and cybersecurity, the insights shared by Joe Carson at the RSAC Conference offer a roadmap for organizations looking to enhance their cyber resilience. With clear goals and well-defined strategies, organizations can leverage AI to fortify their defenses, ultimately fostering a more secure digital environment for all.
In conclusion, as artificial intelligence becomes a pivotal part of the cybersecurity landscape, understanding its capabilities and limitations is paramount. This understanding not only enhances an organization’s readiness but also empowers human operatives to take on increasingly strategic roles in the fight against cyber threats. As echoed by Carson, the future lies in collaboration between human intelligence and AI, ushering in a new era of resilience in the face of evolving cyber challenges.