SCYTHE’s UniCon 2025 Recap: Insights, Innovation, and Industry Shifts
AI in Security: Promise, Hype, and the Path Forward
AI Is Not the Silver Bullet (Yet)
Despite the buzz, AI hasn’t revolutionized security operations. Most integrations today are superficial—productivity boosters, not game-changers. They help junior analysts level up, advanced analysts more efficient, but decisioning still needs human involvement
AI Governance Is Now a Security Function
Security leaders are on the hook for understanding what AI tools do, what data they use, and whether they align with IP and compliance requirements. Governance of AI is the new superset of IT governance—and it starts now.
Agentic AI = High Risk, Not High ROI
Letting AI decide and act is still too risky. The takeaway? Keep humans in the loop. Use AI for summarization, correlation, and analysis—but ensure it has a “proceed button.”
Continuous Validation: The New Standard
CTEM Is No Longer Optional
Continuous Threat Exposure Management (CTEM) is the future. It’s about testing real systems, validating controls, and adapting as threats evolve—not relying on static scanning.
From Emulation to Execution
Automated Adversarial Emulation and Validation (AEV) programs are becoming daily routines—not quarterly events. Emulations run safely in production, correlate SOC alerts, helping teams create and optimize detections with zero disruption.
The New Stack: Emulation → Purple Teaming → Tabletop
Mature teams now integrate AEV, operational purple team exercises, and strategic tabletop drills to build resilience across all levels of the org.
Mindset Shifts in Security Leadership
From Checklist to Context
Security isn’t about CVEs and compliance boxes—it’s about understanding business priorities and aligning defenses with what matters. Translate security investments into business outcomes. Frame every risk in terms of customer trust, uptime, or cost.
Culture Beats Compliance
Security awareness doesn’t come from phishing tests. It comes from leadership, storytelling, and everyday interactions. The most respected CISOs are the ones people listen to—not just once a year.
Security Is Everyone’s Job—but CISO Is Everyone’s Translator
The best security leaders don’t just reduce risk. They enable business growth, global expansion, and customer retention. And they train their teams to do the same.
Securing Operational Technology (OT): Lessons from the Field
Real Environments, Real Buy-In
Researchers at Oak Ridge National Lab are working with utilities to build realistic OT environments—not just labs in racks. When end users see their world reflected, they engage, test, and improve.
Industry Collaboration Is a Game Changer
Just getting Utilities to talk to each other sparked problem-solving. Workshops revealed a key insight: sometimes the solution already exists—people just didn’t know it.
Top OT Security R&D Priorities
- Bridging the IT–OT language gap
- Improving noisy and misconfigured alerting
- Validating controls through adversary emulation
- Preparing now for inevitable cloud adoption
Risk, Compliance & Realism
“Are We Secure?” Is the Wrong Question
The right answer? “We are secure in the areas we’ve prioritized—here’s what that means.” CISOs must reframe the question around acceptable risk and business impact.
Security Doesn’t Own Risk—It Translates It
The business owns the decision. Security advises, contextualizes, and shows what’s at stake. Always link back to revenue, operations, or growth—not just risk.
Beware the Checklist Mentality
Focusing on CVSS scores or generic controls isn’t enough. Risk = intent + capability + opportunity. And most damage happens after attackers get in—detection and response time is key.
What’s Next: The Strategic Horizon
Third-Party Risk Is Exploding
Supply chain complexity is reaching 4th and 5th-party depth. Expect more investment in automation, visibility, and contractual clarity.
Secure Architecture Is Table Stakes
Startups are getting better—more secure defaults, cleaner cloud setups, and fewer misconfigurations. But maturity is still uneven.
AI in Security Needs Guardrails
Opportunities lie in building rule-based frameworks that teach AI to code securely, remember violations, and adapt. Think of building codes, not just autocomplete.
Investors Want Prevention, Not Just Detection
The next wave of funding is going toward tools that stop attacks—not just identify them. Think secure enclaves, LLM auditing, and breach prevention—not just dashboards.
Final Word
At UniCon 2025, one thing was clear: the future of security isn’t just about technology—it’s about mindset. We need more collaboration, more realism, and more leadership.
UniCon 2025 wouldn’t have been possible without the brilliant minds who took the stage and shared their insights with our community.
Thank you to:
- Ron Gula, President and Co-Founder, Gula Tech Adventures
- Sounil Yu, CTO, Knostic and IANS Faculty
- Jackson Wells, Breach and Attack Simulation Lead, Toyota
- Ian Anderson, Director of Enterprise Security, OG&E
- Bryson Bort, Founder & CEO, SCYTHE
- Tricia Schulz, Section Head, Resilient Cyber Physical Systems, Oak Ridge National Laboratory
- Jim Webster, CISO, SCYTHE
- Phil Gardner, Founder & CEO, IANS
- Olivia Rose, CISO and Founder, Rose CISO Group
- Danny Akacki, Client Security Strategy Director, Coalfire
We’re grateful for your contributions and for helping us make UniCon a space for bold ideas, honest conversations, and meaningful progress in cybersecurity.
If you missed this year’s event, now’s the time to catch up—and start preparing for what’s next.
📩 Want to join us for UniCon 2026?
Subscribe to the SCYTHE newsletter or follow us on LinkedIn to get early access to speaker announcements, workshops, and exclusive content. Contact us here.
