Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Offense is running on AI. Defense has to as well. That's the throughline of Garrett Hamilton's conversation with Jay Wilson, CIO and CISO at Insurity, on The Security Strategist, hosted by Shubhangi Dua at EM360Tech. What they get into.

Nancy Phillips, Chief Information Security Officer (CISO) at Ensemble Health, discusses how Reach Security provides her team with continuous assurance that the team's security controls are operating as intended.

Threat actors used to need days or weeks to exploit a vulnerability. Now AI lets them do it in seconds. Most security teams are already buried. Too many tools, too many alerts, manual processes that can't keep pace, and break-glass changes that get made and forgotten. Keeping everything configured and optimized correctly is a full-time job on its own. Nancy Phillips, Chief Information Security Officer at Ensemble Health Partners: "I want my teams doing the innovative stuff. Not the mundane, repeatable stuff.".

At Black Hat last year, we sat down with Kevin Mandia to talk about what's coming. His take: offense is going to accelerate with AI. Not slow down. Not plateau. Accelerate. When you've run more red teams than practically anyone on the planet, the pattern is clear. Getting into a victim network is already a race. AI compresses those time frames further. The attack surface isn't changing. Misconfigurations, things that slipped, controls that were on and got turned off. The entry point stays the same. AI just makes the race to exploit it faster.

Zscaler Secure Internet Access (ZIA) provides powerful secure access, inline inspection, decryption, and data loss prevention capabilities. But as your security and IT environments scale, and security controls change, Zscaler ZIA protections can drift away from established baselines, increasing your risk and leaving you open to attack. Reach analyzes your Zscaler ZIA controls to find and fix misconfigured controls, activate unused capabilities, and stop configuration drift. This hardens your defenses and protects you against fast-moving adversaries.

Microsoft Defender for Office 365 is powerful out of the box. The problem? Configurations drift. IT teams make changes the security team doesn't know about. Anti-phishing policies weaken. Safe Links gaps open up. And AI-powered attackers are finding those openings faster than any team can manually catch them. Reach analyzes your Microsoft Defender for Office 365 controls, activates underutilized capabilities, remediates misconfigurations, and keeps your deployment aligned to your security baseline continuously.

Garrett Hamilton recently presented at the North Texas ISSA Lunch & Learn in Plano, TX to talk about what risk reduction actually looks like in practice. Reach shows customers exactly which controls they've deployed, the user impact of those changes, and how much risk has been reduced across IAM, EDR, email, firewall, and SASE. Not feature checklists. Targeted, measurable outcomes tied to the business.

New year, new faces, big goals. To close out 2025 and open 2026, we welcomed 43 new team members across engineering, sales, customer success & solutions, marketing, and operations. Reach was founded to close the gap between knowing where you're exposed and actually fixing it. That mission doesn’t scale without the right people. Growth is exciting, but aligned growth—with the right people, at the right time, for the right mission—is what really matters.

Microsoft Defender for Office 365 protects against phishing, malware, and malicious links across email and collaboration tools. But as environments scale and settings are changed, your Defender security controls can drift away from security baselines and degrade your security posture. Reach continuously analyzes your Defender deployment to find and fix misconfigurations, activate unused capabilities, and stop configuration drift.

Garrett Hamilton, CEO & Co-Founder of Reach, joined Bryce Carter, CISO for the City of Arlington, at the NTX ISSA Lunch & Learn in Plano, TX — a practical, operator-focused discussion with the local security community.