13 Expert Takeaways From Sagetap's Virtual Panel of Security Executives

On August 21, Sagetap hosted a private virtual cybersecurity panel featuring three accomplished security executives from our community:

• Matthew Mudry, CISO at Alera Group, Inc.
• Ian Schneller, Cybersecurity Advisor and Former CISO at Health Care Service Corporation (HCSC)
• Rick Doten, Cybersecurity VC & Startup Advisor and Former Healthplan CISO at Centene Corporation

Over the course of an hour, the panelists dug into the most urgent challenges facing enterprise security leaders today, from budget pressure and evolving threats, to the realities of adopting AI, to how leaders are navigating a noisy vendor ecosystem. Moderated by Evan Tarver, Sagetap’s Head of Growth, the discussion was candid, peer-led, and practical, designed to highlight what security executives should be focused on in 2025.

Want to keep learning? Watch the full replay below — available exclusively through Sagetap — and join our community to evaluate technology with peer insights from executives like Mudry, Schneller, and Doten.

What’s Most Pressing for Security Leaders in 2025

The conversation began with the biggest questions on every leader’s mind: where to focus in the year ahead, and how to make progress in a challenging environment. The panelists shared practical lessons from their own roles and what they’re seeing across the industry.

• First 100 days shape long-term influence: Building relationships, assessing talent, and securing quick wins early on set the foundation for credibility. The panelists stressed that without early trust, it’s far harder to gain buy-in for long-term initiatives later.‍
• Macroeconomic pressure is hitting security: With budgets shrinking, leaders are being forced to justify expensive flagship tools and explore leaner alternatives. The challenge is balancing cost savings with maintaining resilience against increasingly sophisticated threats.‍
• Threat actors are evolving: Identity exploitation, zero-day weaponization, and attacks on edge devices are all on the rise. The leaders agreed that traditional defenses can’t keep up, and that faster detection and containment strategies are becoming essential.‍
• Business alignment is non-negotiable: Security leaders must tie every dollar of spend to strategic objectives. Speaking in business terms, showing measurable impact, and maintaining governance forums are now prerequisites for executive support.

How AI Is Transforming Security Programs

The three panelists acknowledged both the promise and the pitfalls of weaving AI into security programs, and agreed that its impact will depend heavily on governance and practical application.

• AI maturity isn’t uniform: Some companies are just rolling out basic usage policies, while others are embedding AI into security workflows and development pipelines. The spectrum is wide, but maturity depends heavily on business context and resources.
• Without governance, AI creates risk overnight: Shadow AI adoption can lead to compliance failures and data exposure fast. The panelists said steering committees (blending security, legal, HR, and data teams) are proving to be one of the most effective safeguards.
• Vendors need scrutiny: The leaders urged panel attendees to dig deeper into how models are trained, secured, and audited. Black-box systems may work for a while, but regulators and auditors are already demanding more transparency from security vendors.
• Real value lies in remediation: AI is most impactful when it reduces analyst workload by prioritizing risks and automating containment. Detection is table stakes — what matters is how AI helps teams act faster without adding headcount.
• Data loss prevention could finally advance: DLP has been stagnant for years, but AI-driven monitoring of user behavior may finally make it dynamic. Instead of endless rule maintenance, leaders see the potential for adaptive policies that actually prevent risky behavior.

How Top Security Leaders Evaluate Vendors in 2025

The final segment focused on vendor discovery, a shared frustration for most CISOs and security executives. Panelists discussed why the traditional approach to vendor outreach is broken and how they’re rethinking the evaluation process.

• Cold outreach is unmanageable: The panelists' inboxes are flooded daily with sales pitches. If cybersecurity executives accepted every request, they’d spend all day on calls, making traditional outreach unscalable and often counterproductive.
• CISOs don’t have time for vague pitches: Vendors must explain in plain language what problem they solve and why it matters. As one panelist put it: “Don’t make me dig for it.” Leaders want specifics tied to real challenges, not vague promises or jargon.
• Hands-on experience builds trust: The leaders emphasized the importance of testing tools in real environments. Demos and sandbox access give them the confidence that a product works as advertised before they invest further time or resources.
• Sagetap simplifies discovery: Instead of endless pitches, Sagetap enables cybersecurity leaders to explore vendors anonymously, engage only when they're ready, and share structured feedback. This peer-driven process saves time and filters out noise.

Meet the Panelists

Our discussion was shaped by three executives who’ve each led security at scale and know what CISOs are up against. A big thanks to Matthew Mudry, Ian Schneller, and Rick Doten for offering candid insights that reflect the real-world challenges and opportunities facing security leaders right now.

Matthew Mudry recently became CISO of Alera Group, one of the fastest-growing insurance and financial services firms in the country. In his role, Mudry oversees security for 200+ firms and 5,000+ employees. In his first few months, he’s introduced a more strategic, risk-based model aligned to business growth. He’s now driving efforts toward SOC 2 Type II compliance, scaling security ops, enhancing third-party risk management, and building a more mature, resilient security posture across the enterprise.

He’s been a CISO across multiple industries, from healthcare and energy trading to consumer services, and brings a grounded, operator-level view on what it really takes to lead a security program through complexity and growth.

Ian Schneller has led security at scale across healthcare, finance, and national defense. Schneller most recently served as CISO at Health Care Service Corporation (HCSC), one of the largest health insurers in the U.S., where he oversaw cybersecurity for more than 20 million members and led enterprise-wide transformation efforts.

He previously served as CISO at RealPage and held senior cyber leadership roles in the U.S. Air Force, where he commanded global operations and advised on national defense strategy. His three-decade security career spans cyber operations, executive risk alignment, and large-scale organizational change.

Rick Doten has spent his career at the intersection of cybersecurity strategy, risk, and innovation. Doten has more than 25 years of experience in cyber risk leadership — including roles as CISO, consultant, startup advisor, ethical hacker, curriculum designer, and frequent speaker. He’s helped shape security programs at global enterprises, advised dozens of security startups and VC firms, and played a key role in enhancing frameworks like the Critical Security Controls (v8).

Today, he’s a trusted advisor to early-stage cybersecurity companies and a frequent voice in the industry on topics ranging from AI safety to neurodiversity in security leadership.

Bottom Line

Security leaders are navigating 2025 with a tough mandate: align programs tightly with business strategy, implement AI responsibly, and cut through the noise of a crowded vendor ecosystem. The panelists agreed these are the realities security executives are wrestling with today, and the organizations that act on them early will be positioned to lead.

For the full conversation — including candid insights you won’t find in public forums — get the one-hour panel replay here:

‍

Want constant access to peer-driven insights? Join Sagetap and discover how top security teams are navigating the vendor landscape with speed, clarity, and confidence.