Episode 484CybersecurityAI in MarketingRisk Management

How to secure your business as AI turns everyone into a builder, with Jeffrey Bernstein

Jeffrey Bernstein, a cybersecurity consultant of more than 25 years and the founder of Critical Defence, joins Content Amplified to explain how to secure a business in an era when marketers are building their own AI tools without a security team behind them, and his blunt starting point is that the attacks have barely changed while the excuse for being unprepared has disappeared. He frames the internet as the ultimate attack platform, an endless supply of targets combined with attacker anonymity, plug-and-play ransomware-as-a-service, and international borders that make legal recourse nearly impossible, which is why in his view most crime has moved online. His single most repeated fix is multi-factor authentication: business email compromise and wire fraud account for roughly half of all the dollars stolen by cyber criminals per FBI data, and nearly every case his firm investigates shares one commonality, no MFA enabled, so turning it on avoids probably 99 percent of it. Beyond MFA he tells businesses to shrink their attack surface by deleting unused apps, shutting off unused systems, encrypting everything, setting device time-outs, and updating software, and to treat their communications with the same skepticism they would give a stranger knocking at 4 a.m., since email and text remain the main attack vector even as deepfakes make it worse. He argues that trust moves faster than technology, that everyone became an AI expert overnight, and that the AI companies who win will be the ones who earn trust, while third-party vendor governance matters more than ever because you are only as secure as your weakest partner and AI introduces many new vendors and components into any platform. He closes on human error as the common thread, told through the Microsoft-impersonation scam that drains a retirement account overnight and sextortion schemes aimed at kids, and leaves listeners with two lines to remember: it doesn't take much to secure yourself, and the fastest network in the world is still slower than human doubt.

Jeffrey Bernstein

Jeffrey Bernstein

Founder of Critical Defence

22 min

Key Takeaways

  • 1Multi-factor authentication is the single highest-leverage thing most businesses are not doing. Jeffrey points to FBI data showing business email compromise and wire fraud account for about 50 percent of all the dollars stolen by cyber criminals, and in case after case his firm investigates there is one commonality: no multi-factor authentication was enabled. Turning MFA on across every account, app, and system is a little bit of a burden, but he estimates it will help you avoid probably 99 percent of these attacks. It will never be perfect, but it is the closest thing to a universal, near-free defense a business or an individual can adopt.
  • 2Shrink your attack surface, because everything is now connected over internet protocol. Jeffrey's basics are concrete and cheap: delete the apps on your phone you are not using, shut off the systems at home you are not using, put encryption on everything, give your devices and systems time-outs, and update your software, since software updates usually include security components and skipping them leaves you terribly exposed. The internet is what he calls the ultimate attack platform, an endless supply of targets plus attacker anonymity plus international borders that make legal recourse nearly impossible, and plug-and-play ransomware-as-a-service means an attacker no longer needs to be sophisticated. Reducing what is exposed in the first place is how you take yourself off the easy-target list.
  • 3Treat your communications with deliberate skepticism, because that is where the attacks come. Jeffrey's analogy is that you would not leave your front door open for the weekend, leave the windows open while you sleep, or fling the door open to a 4 a.m. knock without verifying who it is, so give your email and text the same caution. These attacks are more often than not targeting email, text messaging, and communications channels, and that was true 25 years ago and is still true now, only amplified by deepfakes and more sophisticated AI-driven schemes. The technical controls matter, but human doubt is the last and fastest line of defense, which is why he ends on the line that the fastest network in the world is still slower than human doubt.
  • 4You are only as secure as your weakest partner, and AI multiplies the number of partners. About 10 years ago NIST added third-party vendor governance to the cybersecurity framework everyone uses, and Jeffrey has watched big brands with every security control in the world get compromised through a partner that had access to their systems or data and did not apply the same diligence. AI makes this sharper, because any AI feed or platform is rarely a single firm; it pulls in many components, businesses, and producers, each one a new exposure. The defense is knowing exactly who you do business with, vetting those partners, and running security and privacy assessments before you trust them with data.
  • 5Consumer-privacy regulation has spread far beyond healthcare and finance, so almost every business is now exposed. It used to be that only highly regulated industries, healthcare under HIPAA, finance under the SEC and regulators like New York's DFS, really had to protect data, but Jeffrey notes that consumer privacy laws now span more than a dozen US states plus GDPR in Europe. If you lose consumer data today, everybody is regulated: any business of any size in any sector that is connected to the internet and holds private data is terribly exposed. His framing is that you can spend a little proactively to protect your reputation, productivity, dollars, staff, and customers, or you can pass and face a breach that is debilitating once it happens.

About this episode

Turn on multi-factor authentication and you will avoid the vast majority of the attacks that quietly drain business bank accounts. That is one of the blunt, practical lessons cybersecurity veteran Jeffrey Bernstein, founder of Critical Defence, brings to this episode of Content Amplified, recorded as marketers everywhere start building their own AI tools without a security team behind them. Jeffrey has spent 25 years in high-touch security consulting, from ransomware and wire fraud investigations to regulatory compliance, and he argues the attacks have barely changed while the excuse for being unprepared has disappeared. He explains why business email compromise and wire fraud account for roughly half of all the dollars stolen by cyber criminals, how to shrink your attack surface by killing unused apps and updating software, and why third-party vendors are the weak link that sinks even well-defended brands, since you are only as secure as your weakest partner. He gets into deepfakes, the Microsoft-impersonation scams that empty retirement accounts overnight, and why trust moves faster than technology. If your marketing team is shipping its own AI tools, this is the security briefing to hear before you build.

Topics covered

  • The internet as the ultimate attack platform
  • Multi-factor authentication and business email compromise
  • Limiting your attack surface
  • Third-party vendor governance and AI
  • Human error, deepfakes, and trust

Notable quotes

In my mind, the internet is the ultimate attack platform. You have an endless amount of targets for the attackers.

Jeffrey Bernstein(08:14)

Any account that you have, any app, any system, you're gonna avoid a lot of this stuff. It's not gonna be perfect, but you're gonna avoid probably 99% of it.

Jeffrey Bernstein(10:40)

To me, trust moves faster than technology.

Jeffrey Bernstein(14:15)

The fastest network in the world is still slower than human doubt. So be skeptical of everything when you're online.

Jeffrey Bernstein(21:41)

Resources mentioned

  • Checklist

    The Attack-Surface Shrink: The Basics That Stop Most Breaches

    Jeffrey's core defense is a short list of things any business or individual can do without a security team. Enable multi-factor authentication on every account, app, and system, since that alone avoids roughly 99 percent of the business email compromise and wire fraud cases his firm sees. Then limit what is exposed: delete the apps on your phone you are not using, shut off the systems at home you are not using, put encryption on everything, give your devices and systems time-outs, and keep your software updated, because updates usually carry security components. None of this is exotic, and skipping it is what leaves people terribly exposed to plug-and-play attacks that no longer require a sophisticated criminal.

  • Playbook

    Third-Party Vendor Governance: You Are Only as Secure as Your Weakest Partner

    About 10 years ago NIST added third-party vendor governance to its cybersecurity framework, and Jeffrey's rule is that you are only as secure as your weakest partner that has access to your data. He has watched big brands with every control in place get breached because a partner with access to their systems or data did not apply the same diligence. The playbook: know exactly who you are doing business with, vet those partners before granting access, and run security and privacy assessments on them. This matters more in the AI era because any AI feed or platform is rarely one firm; it stitches together many components, businesses, and producers, and each new vendor is a new exposure that needs the same scrutiny.

  • Framework

    Treat Your Email Like Your Front Door: The Human-Doubt Defense

    Jeffrey's mental model is that skepticism about communications is the fastest line of defense a person has. You would not leave your front door open for the weekend, leave the windows open while you sleep, or open the door to a 4 a.m. knock without verifying who is there, so extend that same caution to your email and text, which are the channels attacks most often target. He warns this is getting harder as deepfakes and AI-driven schemes make impersonation more convincing, pointing to the Microsoft-and-Google impersonation scam where remote-access software installed by a fake support agent leads to a retirement account being drained overnight, and to sextortion schemes aimed at children. Teach the same skepticism at home, to kids and to the elderly, not just at work, and remember his closing line that the fastest network in the world is still slower than human doubt.

Full Episode Transcript

Benjamin Ard00:04Welcome back to another episode of Content Amplified. Today I'm joined by Jeffrey. Jeffrey, welcome to the show.

Jeffrey Bernstein00:12Thanks, Ben. Thanks for having me here today. Like I said before, congratulations on all of your success. I love the platform and I'm grateful for the opportunity to speak with you and your audience today.

Benjamin Ard00:21Thank you. Jeffrey, I'm excited. This is going to be a little bit different of an episode, but I think it's one that marketers need to hear everywhere. Sales enablement, anyone in go to market for that matter. I think this will be great. But Jeffrey, before we dive in, let's get to know your work history, background, all that fun stuff. It's super relevant to today's episode.

Jeffrey Bernstein00:39Sure. Pre-2000, I was working at a company called CMGI. CMGI was one of the original internet incubators, and they had a huge market cap. It was larger than General Motors at the top, and they had their brand on Foxborough Stadium, the Patriots stadium up in Massachusetts. It was just a crazy time, and I was a hobbyist of security. That's basically how I got into it. There was a point where I decided I really wanted to go work for a security company, and I found one of the original managed security service firms. Now it's part of Verizon Business, but at the time it was a spin-off from the Catholic University in Belgium, and they gave me a job there. It was mostly sales and business development, but I learned security. I worked on investigations and regulatory compliance and security testing and training, and it was an interesting time. This is just before the year 2000. We had to be evangelists. We had to go out and evangelize the reasons why people should do a security penetration test or a security education program, or have an investigative capability, and the customers would always say to us, well, what about privacy rights and civil liberties? They didn't understand why they needed a trusted security partner like our firm. Fast forward to now, and if you look at a lot of the compromises that are happening, they're still the same types of attacks they had back then. But now, if you're not doing these things, shame on you, because you need to do it to secure your infrastructure, and you need to do it to comply with all the different legal and regulatory guidelines that are out there. So that's how I started in the business. Over the 25-year period, I've been doing almost the same thing the entire time. It's very high-end, high-touch consulting, work at the courts, investigations. I work on a lot of ransomware cases, wire fraud, and business email compromise. If you look at the FBI data, they say that wire fraud and business email compromise is about 50 percent of all the dollars that are stolen by cyber criminals. That's a huge area for us. We also investigate matters including HR matters for companies, when somebody has done something internally, maybe something suspicious, went to a competitor, exfiltrated some type of intellectual property or something else. We do security testing, security training, security investigations, and regulatory compliance. I've been doing those things the entire time I'm in this space. When I was younger, I started a little consulting company and I was providing services under a white-label approach to a very high-profile Washington DC firm that was led by former directors from the ATF, the Bureau of Alcohol, Tobacco, Firearms, and Explosives. They had two former directors from the United States Secret Service, one an assistant director and one a director. One of the guys was also a participant from FEMA and the founding director of the TSA after 9/11, the Transportation Security Administration. The company was led by the equivalent of a director of Shin Bet, the Israeli security agency. There was a point where I was helping them deliver services and they asked me to join full-time. So I went to work for them, and it was a great lesson to work alongside those people. I've always had an entrepreneurial streak in me. There was a point, after a few years working for that firm, where I started a company called Critical Defence. Critical Defence is spelled with a C, D-E-F-E-N-C-E, for a couple of reasons. I had this idea of protecting critical infrastructure globally. The work I do is for businesses, their leaders, and VIPs. When you look at the word defence in Canada, where I had an office, and in London where I had an office through a partnership, they use the C. The other reason I went with defence with a C was because I couldn't afford to get defense with an S. The domain was too expensive, so I went with the C, and it's kind of cool. Over my career, I got to work at a couple of really world-class firms. Even recently, I worked as a managing director of cybersecurity strategy for Marcum, one of our nation's largest public accounting firms. They merged recently, so they're part of another firm, but they're top 10 in size. And recently I worked for a firm called Kaufman Rossin, where I directed cybersecurity and data privacy. This is an amazing firm, a 65-year-old firm with a history of excellence, 700 employees based in Miami, a real heavyweight here in South Florida but also globally, and just wonderful people. These are wonderful companies. I don't have a bad word to say about any of them. Sometimes I feel like I'm living in a dream, like I should be paying these companies because I enjoy it so much. But like I said, I have a bit of an entrepreneurial streak, and I fired Critical Defence back up recently, and I've got a great team. I've got a former US government Computer Crimes Division director who prosecuted with the Department of Justice and worked side by side with me. We've been working together since 2004, believe it or not. In 2004, we were the trusted security partner to John Kerry when he ran for president, and we've been together ever since. The guy's brilliant. If anybody needs help with cybersecurity, data privacy, or even law, he's an attorney also. An amazing man, and I've had him for 25 years. He was like having an AI engine for 25 years. Now I don't need him so much because we have AI. We have other former participants from Secret Service and other law enforcement agencies. We're a boutique, but we do a lot of different things. We work in crypto environments, virtual environments, fixed systems, and mobile environments. If there's something happening with cyber, we're a great source. I don't mean to market here, but I just love it. We live and breathe security, and you can call any time of day and get our help.

Benjamin Ard07:09I love it, and that's incredible. What's so cool is you can hear the passion. Your whole career, like you said, it's almost like you've been gifted this opportunity to learn all this stuff that you love. I love the passion that comes from that. Jeffrey, I'm excited, because I think this is a discussion that everyone needs to hear. I think this is going to be valuable information, especially now that we're entering this day and age of artificial intelligence. There's so many things you can do with it, including building your own tool sets and doing all sorts of stuff. Marketers are now creating these powerful internal tools that they've never had before. But I do think there's an opportunity for us to talk about the security side. Even though you can build everything and do all this cool stuff, there are probably some things we should keep an eye out for. Jeffrey, to kick it off, what are some of the top security concerns a business should be focused on nowadays, especially with AI? And maybe a few steps to protect themselves as we're entering this day and age where anyone can be a builder.

Jeffrey Bernstein08:12Yeah, for sure. Let's frame this out first by saying that, in my mind, the internet is the ultimate attack platform. You have an endless amount of targets for the attackers. You can hit banks, whatever you want, consumers. There's an endless list of targets. The internet provides the attackers with anonymity. It's very hard to fingerprint somebody that's behind an attack. And even when you can fingerprint that person or that source, it's hard to know who's in the seat of the computer or the device that's delivering the attack. And even if you can do that, there are international components, and it's very hard to get any legal recourse out of any kind of response. So it's very difficult. The other thing is you don't have to be sophisticated to be a criminal online. There's ransomware as a service, there are tools that are plug and play. Any person with any level of internet savvy can be a successful criminal online. It's really crazy. The tools out there are easily accessible, there are tutorials everywhere, so it makes it really easy. In my opinion, most crime has moved online. When I was a kid, it was smash-and-grab robberies. You have someone come in, steal jewelry, or come into a bank under the camera, with the security guard, with people watching you. To rob a bank, you'd have to go in and expose yourself terribly, and they'd know who you are, you'd get caught. Now you don't need that. It's a click of a mouse. For that reason, I feel like almost all crime has moved online. So what can we do to protect ourselves? I talked about some of the things we investigate. One of the first things I said was that the most dominant type of attack where money goes missing is business email compromise or wire fraud, and we see it over and over. It's sick, because these attackers prey on the elderly, they prey on kids, everybody in between, businesses, anybody with any kind of wealth that's connected. Those business email compromises and wire fraud, over and over when we investigate them, we see one commonality, which is that there's no multi-factor authentication enabled. So if you can enable multi-factor authentication anywhere you have it, it's a little bit of a burden, but on any account, any app, any system, you're going to avoid a lot of this stuff. It's not going to be perfect, but you're going to avoid probably 99 percent of it. So multi-factor authentication is huge. The other thing is everything's connected now and running over internet protocol, they call it IP. Limit your attack surface. If you have apps on your phone you're not using, delete them. If you have systems at home you're not using, shut them off. Put encryption on everything. Give your devices and your systems time-outs. These are very basic practices that could be adopted, and they're going to make a big difference. If you do have any kind of infrastructure, update your software. The software updates are important. They usually include security components, so if you're not updating the software on your systems, you're leaving yourself terribly exposed. The biggest thing I could say is just exercise common sense. Don't be promiscuous with your device. Be skeptical of everything. Treat your communications, especially your email, like you would treat your home. You wouldn't leave your home's front door open if you went away for the weekend. You wouldn't leave the windows open when you go to sleep. If someone knocked on your door at 4 a.m., you wouldn't just open it, you'd want to verify who it is. So be skeptical of everything when you're online, but mostly your communications, because these attacks are more often than not targeting email, text messaging, and your communications channels. I started this over 25 years ago. It was that way then, it's that way now, and they're getting much more sophisticated with deepfakes and some of these sophisticated AI attacks, but they're still coming at communication. So just exercise common sense, be skeptical. There are a bunch of other things. If anybody's interested, please reach out. We've got great reference points. We're not looking to monetize this, but if we can help any of your audience, let us know.

Benjamin Ard12:38Yeah, I love that. So how is this all changing with artificial intelligence? As we communicate more now with agents than with people, what are some of the trends you're seeing that maybe we should keep our eyes out for as we move forward into this crazy, adventurous new future that we're all looking at and wondering what's going to happen?

Jeffrey Bernstein13:00It's crazy, Ben. I almost feel like I'm being set up here, because I don't know when this happened. It feels like it happened almost overnight. All of a sudden you turn on the news and we're talking about extraterrestrial and UFO disclosure. At any time I'm expecting to see robots in construction, and you're seeing autonomous vehicles, and the stuff that's happening with AI is ridiculous. Only a few years ago I was fascinated by robotic process automation. I thought that was a big thing. In the snap of a finger, the world's going to change, and there are entire industries that are exposed. I have a relative who was a printer, by the way. In 2000, when the internet was really coming on the scene, it changed entire industries. Printing, everything's digital now. If you needed a plane ticket, you had to go into a travel agency back then, you couldn't buy it online. If you wanted to do a stock trade, you had to call your broker. Everything's quick and online now. There was a drastic change in society 25, 26 years ago, and I think it's happening again. This, to me, seems much more profound. So I'm using the AI tools to enhance the experience. But to me, trust moves faster than technology. Companies and people, they're not afraid of adopting technology sometimes, they're afraid of the people offering the technology. So trust is always going to be important. It's part of why I started this business up again. I felt terribly exposed as a consultant. You have 100 hours of consulting time, and you get a request from a customer, a five-page list of questions, and that 100 hours is now a few hours because you have AI, you can output the information. You need to verify it, of course, re-verify it, take it and make it your own, reformat it, but it's really scary. So I think the world's going to change really quickly. The reason I bring up trust is there's a lot happening with AI now, and everybody's an AI expert, too. Overnight, everybody's an AI expert. But to me, the companies in that space that are going to be the most successful are going to be the ones that earn trust. Right now there's a lot of sketchy activity and people out there in that space, so you want to be careful. You asked about some of the ways you can protect yourself. Third-party exposures are also very important. About 10 years ago, NIST, the National Institute of Standards and Technology, started to include third-party vendor governance in their security framework that everybody uses, the NIST cybersecurity framework. This has been going on for 10 years, but the idea behind it is you're only as secure as your weakest partner that has access to your data. We've seen terrible breaches. When you look at the news, you see big brands being compromised. They could have all the security controls in the world, but if they're using a partner that has access to their systems or their data, and that partner is not going through the same diligence with their security controls, they're just as exposed as if they didn't have those controls in place. So you have to know who you're doing business with and vet those partners. AI really introduces a lot of new components. It's usually not just one firm. There are a lot of different components and a lot of different businesses and producers that come into any kind of AI feed or AI platform. So third-party exposures, knowing who you're doing business with, and performing security assessments and privacy assessments keeps data really safe. A lot of the security questions around AI remain unresolved. We have an AI assessment that we deliver, but we're learning every day, and there are a lot of new findings every day. It's scary. It's a little bit like the wild west. And if you lose consumer data, it used to be that healthcare or finance and banking were these very highly regulated industries. You have the SEC, you have HIPAA for healthcare, you've got a lot of different regulators. New York has DFS. It used to be that the highly regulated industries were really the ones that needed to protect the data. But now you have all these consumer privacy laws coming on. There are over a dozen states, you have GDPR in Europe. If you lose consumer data now, everybody's regulated. It's any business of any size in any sector. If you're connected to the internet, if you're taking private data, you're terribly exposed. So we joke around sometimes that you can hire us now, proactively, to secure yourself and understand what the threats are, and you can protect your reputation, your productivity, your dollars, your staff, and your customers, or you can pass, and after the breach occurs, it's debilitating. You've lost your brand and your reputation, and the damage list goes on and on. So if you do a little bit to improve your security posture, it goes a long way. If you look at a lot of the exposures, by the way, they involve human error. These attackers prey on people. They get you to give up your username and password, they phish you, they deliver something with a payload, you download it. Over and over, for instance here in South Florida, there's an older community. I get so many calls from people where somebody, like my father, gets phished and something goes on his computer, but then he gets a call from Microsoft or Google. They say, hey, we see there's a problem with your computer, we want to help you. He says, oh, that's great, I'm getting help from Microsoft. They're talking to him, and they put remote access software onto his computer, and they're helping him. He thinks he's getting help, and then that night he goes to sleep and a million dollars in his Marcus by Goldman Sachs account goes missing. It wasn't Microsoft. It was the attacker pretending to be Microsoft. They put remote access software on the computer, they steal the money. That didn't happen with my father, by the way, but we get those calls all the time. The other one is that they prey on children and younger people with these sextortion schemes, and it's just scary. So again, you have to be very skeptical of everything, and not just in business, but at home. Let's teach the kids the importance of being skeptical and not being promiscuous with their devices and their computers, and the elderly too, obviously.

Benjamin Ard20:09No, that was great, I love it. Well, Jeffrey, we are out of time. This was such a cool reminder about how to keep ourselves protected, how to use the internet properly as we're building all these kinds of things. The great advice of two-factor authentication, using trust, making sure that as we're working with third-party vendors that they're vetted, that they have the security that we need, or else it compromises our own systems. Jeffrey, this is so cool. For anyone who wants to reach out and continue the conversation online, how and where can they find you?

Jeffrey Bernstein20:42Well, you can find Critical Defence online, and you can connect with me on LinkedIn. Just do a search and you'll find us everywhere. I do a lot of writing, I've written for Gannett, and I've got a real estate publication. Just do a search, you'll find us. And let me finish on this note. Number one, Ben, thank you so much. You're amazing, and I can't wait to see what you do moving forward. You're already a wild success, and I feel so grateful to be a part of this platform and this show today. If I leave everybody with one thought, it's that it doesn't take much to secure yourself. Do some of those basic things, enable MFA, have good backups, have a good trusted advisor like our firm, and just remember that the fastest network in the world is still slower than human doubt. So be skeptical of everything when you're online. And thank you, Ben.

Benjamin Ard21:55I love it. Jeffrey, again, thank you for the time. I really do appreciate it today.

About the guest

Jeffrey Bernstein

Jeffrey Bernstein

Founder of Critical Defence

Jeffrey Bernstein has worked in cybersecurity for more than 25 years. He got his start as a security hobbyist at the internet incubator CMGI before joining one of the original managed security service providers, a firm now part of Verizon Business, where he learned the trade across investigations, regulatory compliance, security testing, and training. He went on to deliver high-touch consulting alongside former directors of the US Secret Service, the ATF, and the TSA at a high-profile Washington DC firm, then founded his own company, Critical Defence, spelled with a C. His work centers on security testing, security training, investigations, and regulatory compliance, with deep experience in ransomware, wire fraud, and business email compromise cases. Most recently he directed cybersecurity strategy and data privacy practices at two of the nation's larger accounting and advisory firms, Marcum and Kaufman Rossin, before firing Critical Defence back up with a team that includes a former US government Computer Crimes Division director. He uses he/him pronouns.

Connect on LinkedIn

Continue Exploring

Masset MCP for AI Tools

Connect your approved content library to Claude, ChatGPT, and every MCP-compatible AI tool so every AI output stays on-brand.

See how MCP works

Get new episodes in your inbox

Join listeners who get episode summaries, key takeaways, and content strategy insights every week.

Frequently Asked Questions

Jeffrey's first and most repeated step is enabling multi-factor authentication on every account, app, and system, which he says avoids probably 99 percent of the business email compromise and wire fraud attacks his firm investigates. Next is limiting your attack surface: delete unused apps, shut off unused systems, encrypt everything, set device time-outs, and keep your software updated so you are not missing the security components that updates carry. He also stresses exercising common sense and being skeptical of your communications, since email and text are the main attack vectors. For businesses adopting AI specifically, he adds vetting third-party vendors and running security and privacy assessments, because AI platforms pull in many new components and partners.

According to FBI data Jeffrey cites, business email compromise and wire fraud account for about 50 percent of all the dollars stolen by cyber criminals, making it the single biggest category where money goes missing. When his firm investigates these cases over and over, they find one commonality: multi-factor authentication was not enabled. Turning MFA on adds a small amount of friction, but it means an attacker who steals a username and password still cannot get in. Jeffrey estimates it will help you avoid roughly 99 percent of these attacks, which makes it the highest-leverage and cheapest control most people are still skipping.

Jeffrey's principle is that you are only as secure as your weakest partner that has access to your data. About 10 years ago NIST built third-party vendor governance into the cybersecurity framework most organizations use, and he has seen big brands with every security control in place get compromised anyway because a partner with access to their systems or data did not go through the same diligence. In that situation the company is just as exposed as if it had no controls at all. He says this is intensified by AI, because an AI feed or platform is usually not a single firm but a chain of components, businesses, and producers, so knowing who you do business with and running security and privacy assessments on them becomes essential.

Jeffrey believes the change is profound and happened almost overnight, comparable to how the internet reshaped entire industries around the year 2000, and attackers are already using deepfakes and more sophisticated AI-driven schemes even though they still come at people through communications. His deeper point is that trust moves faster than technology: everyone became an AI expert overnight, there is a lot of sketchy activity in the space, and the companies that succeed will be the ones that earn trust. He also flags that human error remains the common thread in most breaches, illustrated by the scam where attackers impersonate Microsoft or Google, install remote-access software, and drain a retirement account overnight, and by sextortion schemes targeting children. The takeaway is to stay skeptical, vet the AI vendors and components you rely on, and remember that it does not take much to secure yourself.

EP 48317 min

Why AI should make your marketers better, not replace them, with Mark Boothe

with Mark Boothe

Handing your team an AI tool and telling them to go figure it out fails for about nine out of ten people. In this episode of Content Amplified, Mark Boothe, CMO at Domo, explains how he gets marketers to two, three, even five times their impact: a dedicated AI enablement hire on both the marketing and account development teams, role-specific toolkits (this is what an email marketer uses, this is what the web team uses) installed on each person's machine, and hands-on teaching instead of a company-wide email. Mark shares the story of hiring Jake, whose resume was a custom GPT built to answer deep questions about him, and how that same hire taught a VP of communications with no editing background to produce professional-looking video in a fraction of the time it used to take. He also draws a hard line on AI slop: Google still reigns supreme, mass-produced junk content gets dinged, and with research this easy there is no excuse for lazy outreach. If your AI mandate stops at efficiency, this conversation makes the case for quality and for keeping the human magic in the work.

July 16, 2026Listen
EP 48221 min

Why AI's do-more pressure is burning out creative teams, with Karen Cooper

with Karen Cooper

Everyone in marketing has been told to do more with AI, but almost nobody is asking what that volume actually costs. In this episode, Karen Cooper, Director of Marketing, Content Experience at Wolters Kluwer Health, shares what she is learning from the LinkedIn polls she is running ahead of her talk at B2B Ignite. The results surprised her: when teams are pushed to move faster, the first thing sacrificed is not creative quality, it is clarity on priorities, because in a shared services team everybody thinks their project is the top priority. And the biggest threat to A plus work is not a lack of creative time, it is last-minute requests, an expectation AI has inflated because people assume anything can be prompted in two seconds. Karen explains why the do-more era is creating what a Superside breakpoint report calls a new kind of burnout, a human problem rather than a technology problem, how to keep creative people from becoming order takers by getting them into planning discussions early, and why leaders have to push back when volume stops moving the needle. If you lead a creative team in the AI era, this conversation puts words to the strain you are feeling, and offers a way through it.

July 15, 2026Listen
EP 48120 min

Why your content should be infrastructure, not output, with Vanessa Mbonu

with Vanessa Mbonu

The most expensive thing you can make in marketing is an assumption. In this episode of Content Amplified, Vanessa Mbonu, Vice President of Marketing at the NAACP, explains what changes when a team stops treating content as output, checking the box on this week's blog post, flyer, or TikTok, and starts treating it as infrastructure: a strategic system the whole organization feeds, from programming to policy to operations. Vanessa shares the leadership moment that sparked the shift, when her CEO said the organization focused a lot on output and not enough on outcome, why audience-first means meeting supporters where they already are, since they care about voting rights and also watch Love Island and March Madness, and her rule for AI: start with AI or end with AI, but never AI from start to finish. She closes with a tactical playbook: run a skills assessment, use the start-stop-continue framework, automate what a human doesn't need to do, and pick a brand mentor outside your category, whether that's Nike, Beyonce, or Labubu. If your content program feels like throwing things at the wall and seeing what sticks, this conversation shows you the smarter way.

July 14, 2026Listen

Get new episodes in your inbox

Join listeners who get episode summaries, key takeaways, and content strategy insights every week.