In this episode, CISO and founder Jason Rebholz joins the show to share how his roots in incident response shaped his approach to modern security. He discusses key concepts like Zero Trust, MFA, and continuous authorization, alongside lessons from the recent Snowflake breach. Hear why “trust, but verify” remains at the core of effective cybersecurity today.
Hey everybody.
Welcome to today’s episode of John Has Trust Issues, where I discuss issues relevant to the world of authorization and zero trust in a short amount of time. It used to be a couple of minutes, but it’s grown.
I am John Martinez, the technical evangelist at StrongDM, and I am very honored to have with us today Jason Re Holtz, who has a long list of things he does. He’s a CISO and also known as the “Teach Me Cyber” guy. He runs a newsletter I subscribe to - and one I think everyone in cybersecurity should read - called The Weekend Bite. So, a very busy person.
One thing that stood out to me, Jason, when I looked at your LinkedIn posts is all the animated GIFs you use. They’re great. I love them. So welcome, and thanks for coming on.
Let’s start with a quick overview. Can you walk the audience through what you do and how you manage all of it?
It’s a lot, but it all comes down to systems—that’s been the theme of my career. By day, I’m a CISO, but even that’s not a simple answer. I manage internal security for a cyber insurance company, run a threat intelligence team, and lead a risk advisory team that supports policyholders and underwriters. It’s never just one thing.
Outside of that, I spend a lot of time creating content to help educate others on what’s happening in cybersecurity. My focus is on real-world examples—how attacks actually happen and what we can learn from them. My background is in incident response, so I learned through real situations, and I think that’s the best way to understand how attacks work and how to defend against them.
Before we get into the main topics, I always start with a trust issue. Jason, what’s yours?
Right now, it’s service providers telling me they’ll call me back - and then never doing it. I had an issue with my AC during a heat wave and waited days for a callback that never came. Even when they said they’d call in a few minutes, I didn’t believe them - and they still didn’t call. So yeah, I’ve got trust issues there.
That’s relatable, especially with the heat lately.
Let’s dig in. I’ve been talking to a lot of CISOs recently, especially in regulated or government-related environments, and zero trust comes up constantly. So from your perspective as a CISO and content creator, what does zero trust mean to you?
For me, it’s about continuous validation. It’s not enough to trust that someone is who they say they are, even after authentication. You have to keep validating that identity and their behavior over time.
In today’s environment, where session cookies can be stolen and credentials are constantly compromised, initial authentication isn’t enough. Even MFA can be bypassed with techniques like prompt bombing. So zero trust means continuously monitoring and validating identity and behavior from start to finish.
It’s about asking: is this really the same person, and are they acting in ways that match their normal patterns?
That aligns with what I’ve been hearing. There’s also been a lot of discussion about the hype cycle around zero trust. What’s your take on that?
I think people have gotten confused because zero trust is such a broad term. It means different things to different people. That’s why I focus on the core philosophies rather than the buzzword.
If we can align on those principles and figure out how to implement them with the right tools, that’s what matters. Zero trust is more of a philosophy than a product.
Let’s shift to breaches. You write a lot about them. As a CISO, what keeps you up at night - or what helps you sleep better?
It all comes down to identity. Attackers don’t hack in anymore - they log in. One compromised account can take over an entire environment. We’ve seen that with real-world examples like MGM.
What gives me optimism is that we can address this. We’re in a moment where we can improve security and make things easier for users at the same time, especially with advancements in authentication. That’s rare in security.
Since you’ve been publishing, is there a breach that stands out to you?
The Snowflake incident stands out because it highlights key risks today. Info stealer malware, lack of MFA, and massive data exposure - all from compromised credentials.
It reinforces the importance of MFA and shows how a single account can expose huge datasets. It’s not about the damage - it’s about what we can learn from it.
Let’s talk about your day-to-day. How do you manage everything?
It comes back to systems. I’m very regimented. I wake up early, walk the dog, work out, and then start my day. After work, I spend time researching, writing, and creating content. Saturdays are usually for writing my newsletter.
It might sound boring, but it works for me.
It doesn’t sound boring at all.
For people looking to become CISOs or build a public presence, what advice would you give?
First, if you want to be a CISO, ask yourself why. It’s not just about the title - it’s about the responsibilities. Communication and relationship-building are critical skills.
For building a public presence, learn to write clearly and concisely. Don’t overthink posting - most people won’t see it at first anyway. Just start. You’ll improve over time.
That’s great advice. Thanks again for coming on.
Thanks for having me.
Anything you want to plug before we wrap?
Sign up for The Weekend Bite. It’s an easy way to stay up to date on cybersecurity and have a little fun along the way.
That’s another episode of John Has Trust Issues. This episode was brought to you by StrongDM, the modern access management platform that enables continuous zero trust authorization for all your infrastructure.
Thank you very much.
