In this episode of John Has Trust Issues, host John Martinez talks with Darwin Salazar - Head of Growth at Monad and creator of the Cybersecurity Pulse newsletter - about what’s really changing in modern security and what’s mostly noise.
Um, talk to us a little bit about the tee-up to the obvious question: AI and security. Tell us the Darwin view. You gave us a little bit of a taste, but let’s get into that.
Yeah. With the recent Anthropic intel report about them thwarting a threat campaign that was 80–90% automated using Claude Code, this is a question that’s top of mind for a lot of people. As we often see in security, I think it’s overblown.
There’s a fire alarm going on—let’s pause that right there.
It’s nothing serious. Go take care of it. If it’s just a piece of toast in the toaster, we’ll laugh about it. That’s a first for the podcast—we might have to put that in the outtakes.
Yeah, I think it ties into the Anthropic situation being a bit of a fire drill—pre-Thanksgiving noise. It’s under control, they say.
Hey everybody, welcome back to another episode of John Has Trust Issues. My name is John Martinez. I’m the tech evangelist here at StrongDM. It’s an honor for me to have Darwin Salazar with us today.
Hey Darwin, how’s it going? Everything good?
What’s good, John? Yeah, man—it’s Thanksgiving. Things in the cyber sphere continue to move fast. It doesn’t matter whether it’s a holiday or not, there’s always something happening. But all things considered—work, cyber, and personal life—things are going well.
That’s awesome, man. Happy to be here. Long time coming, and I love what you’re doing.
Thank you. Let’s get started. I read your most recent Cybersecurity Pulse newsletter, and those pictures from Peru looked incredible. It’s on my bucket list. Is it really like that?
It is—but it’s a lot of hard work. I’d recommend doing it sooner rather than later. Climbing from 9,000 to 14,000 feet at a steep incline is no joke. The destination is beautiful, but the hikes are tough and altitude sickness is real. Be ready to work for it.
So prep before you go—that’s what I’m hearing.
Exactly.
Awesome. Darwin, thank you again for being here. For everyone listening, Darwin is a cybersecurity veteran with a background as a practitioner who’s now in go-to-market roles and strategy. He also runs the Cybersecurity Pulse newsletter. Anything else you’re working on?
No, that pretty much covers it. My hands are full.
Before we dive into questions, give us a quick snapshot of your career journey—how you got here and why.
Yeah, great question. My security and hacking journey started around 2010–2011. Like many in IT, it began with gaming—Halo, Call of Duty, competitive play, and trash talking. That led to getting kicked offline and wondering how it happened. I learned how to do it myself—hardware mods, controller tweaks—and that mindset of manipulating systems stuck with me.
I didn’t have an outlet for it until college. I found digital forensics and national security programs at the graduate level, but nothing at undergrad. So we started a cybersecurity club and taught ourselves—Wireshark, Metasploit, CTFs. It was very self-driven.
Eventually I qualified for grad-level courses and things accelerated. I’ve worn many hats: cyber policy at a think tank, business continuity in finance, red teaming at Ford, a security fellowship in Tel Aviv, then medical device security at Johnson & Johnson. That exposed me to cloud security through digital twins.
From there I went to Accenture as a cloud security consultant, working across detection engineering, compliance frameworks, and large enterprise environments. Eventually I wanted broader exposure beyond Azure and moved to Datadog, where I worked across AWS, GCP, and Azure.
That’s where I discovered a passion for product and user experience in security. I saw firsthand how some tools created more friction than value. That led me into product and go-to-market work, and eventually to my current role in growth at Monad and building my newsletter.
Looking back, I wouldn’t have predicted ending up on the marketing side—but I’m enjoying it.
That’s awesome. So what do you bring from your practitioner experience into go-to-market roles?
I often feel like one of the few voices representing practitioners. That shows up in sales calls—understanding how prospects react—and in marketing copy. Security practitioners have a strong radar for nonsense. You can’t BS them.
That experience also helps advocate for better product design. Deploying a solution across thousands of endpoints shouldn’t take six months. Practitioner experience informs everything I do.
Do you think the relationship between go-to-market and practitioners is tighter in cybersecurity than other industries?
It depends on the company. Sometimes they’re aligned, sometimes completely disconnected. A symptom of disconnect is overpromising in marketing while engineering says, “That’s not in the product.” That gap still exists.
Let’s talk about your newsletter. How do you approach it, and how do you decide what to write?
My perspective comes from all my experiences—policy, red teaming, cloud, business continuity. I look at cybersecurity from multiple lenses.
In terms of trends, I see two drivers: the threat landscape and technological capability. Major incidents shape what vendors build. And new capabilities—like AI—drive new solutions.
For the process, I use an AI-driven feed that aggregates articles based on keywords. Then I manually curate, synthesize, and add my perspective. I don’t overthink it—perfection is the enemy of done. I create for myself, and the audience follows.
Are we, as an industry, actually solving the problems CISOs care about?
It’s complicated. CISOs face pressure from boards, regulators, and threats. Boards want metrics and ROI. Regulators want compliance. The threat landscape demands resilience.
I think we’re moving in the right direction, especially with AI-related security areas like agent identity and secure code generation. But no single solution solves everything—it’s always people, process, and technology.
On budgets—do you think cybersecurity spend will increase?
Absolutely. Not just in 2026, but beyond. The cost of breaches is massive—hundreds of millions or more. Compared to that, a few million in security investment is a no-brainer.
Insurance requirements, regulations, and expanding attack surfaces all push budgets higher. CISOs have strong justification.
Let’s go back to AI and security. What’s your take?
I think it’s overhyped. AI is making attacks faster, not fundamentally new. Attackers are lazy—they go after low-hanging fruit.
Security leaders should focus on fundamentals: zero trust, limiting blast radius, defense in depth. AI helps attackers scale things like phishing, but it’s not introducing novel techniques yet.
So it’s evolution, not revolution.
Exactly.
Where do you land on zero trust?
100% still relevant—more than ever. With non-human identities and AI agents, identity and access control are critical. Zero trust isn’t just a buzzword—it’s a concise way to describe what good security programs should already be doing.
What advice would you give engineers who want to move into product or business roles?
More practitioners should do it. You bring valuable perspective.
Also, follow your curiosity. You can always go back to engineering if you don’t like it. The bigger regret is not trying.
Do you still hack or tinker?
Not as much as I’d like. I signed up for a CTF recently and want to spend more time exploring AI tools. But mostly I’m building demos and working on product-related things.
What advice would you give your younger self?
Slow down. I was always focused on the next step. But being present and doing well in front of you is what actually leads to opportunities.
Also—go travel, go experience life. It reduces pressure and makes everything better.
Tell us about your involvement with Diversity in Cybersecurity.
I found the conference as a student and drove with friends to attend. We were the only students there—surrounded by CISOs. That one event changed my life: mentorships, internships, and opportunities came from it.
Since then, I’ve stayed involved. They provide scholarships, training, and access to networks. I wouldn’t be where I am without them.
What accomplishment are you most proud of?
Helping someone else get a full-ride scholarship after I received one. That impact means more than any personal achievement.
Any recommendations—books, podcasts, etc.?
The Cuckoo’s Egg is my favorite security book. For movies: Sneakers and Hackers. I also recommend Cybersecurity’s Dirty Secret for understanding budget inefficiencies.
Darwin, this has been an amazing conversation. Any final thoughts?
Check out Monad if you’re in security operations. And most importantly—take care of your health. Without that, nothing else works.
Thanks again for having me.
