It's Software, Not Magic: Navigating the Vulnerability Speed Wave and Shadow AI

In this episode of The Resilience Room, Sam Dickison sits down with Lee Stephens, a 31-year veteran at BT. Lee shares his unique journey from sales into cyber security, detailing how the industry's variety and fast-paced environment have kept him engaged at BT across wildly different roles spanning research, marketing, and operations.

The conversation dives deep into the realities of modern threat landscapes, reflecting on the simplicity behind major retail ransomware attacks and why mastering the "boring basics" remains the most critical line of defense for businesses of any size. They tackle the explosive progression of vulnerability exploitation speed, tracking how the average time to exploit a CVE plummeted from one year in 2021 to just over a week in 2026—effectively destroying traditional 90-day patch windows.

Lee and Sam also strip away the hype surrounding artificial intelligence in the Security Operations Center (SOC). Lee offers a grounded perspective on "Shadow AI," the realistic limits of autonomous SOCs, and why AI should be treated as software rather than magic. Finally, they look over the horizon at the looming "Y2K moment" of quantum computing, discussing how post-quantum cryptography will fundamentally alter global encryption standards.

Topics covered: Breaking into cyber security, building a long-term tech career, ransomware and the retail sector, vulnerability exploitation timelines, patch management at scale, autonomous SOCs and analyst burnout, Shadow AI and corporate data guardrails, and post-quantum cryptography readiness.