How Houston Security Leaders Are Tackling AI & Identity: 15 Key Takeaways

At last week's CISO & Cybersecurity Leadership Dinner in Houston, security leaders unpacked some of the most urgent and complex challenges they’re navigating today — from defending against AI-powered social engineering attacks to separating hype from substance in the flood of “agentic” AI tooling. They also discussed the top vendors to know in 2025 and why.

Jerich Beason, CISO at WM (formerly Waste Management), kicked off the discussion and shared how his team uses Sagetap to stay in the know on emerging trends and vendors. The night surfaced hard-won lessons and actionable insights from leaders navigating cybersecurity’s most pressing shifts.

Want more insights like these? Sagetap helps you cut through the noise to discover and evaluate innovative security vendors based on verified peer insights. Sign up now for access to our network of vetted enterprise buyers and get a clearer picture of what they’re currently focused on and what’s worth exploring.

How to Boost Social Engineering Defenses Against AI Threats

With AI making phishing, spoofing, and deepfakes harder to detect, security leaders are moving beyond basic user training and embracing layered, identity-aware defenses.

• Defend against AI-delivered phishing at the browser layer: CISOs discussed how attackers are increasingly using web-based delivery methods, making browser security tools important for preventing phishing and data loss without forcing users onto new browsers.
• Adapt phishing training to counter AI-generated threats: As attackers use LLMs to craft more convincing lures, leaders are moving beyond generic simulations to platforms like Jericho Security, which deliver dynamic, AI-driven training tailored to role-specific risks and advanced social engineering tactics.
• Monitor identity signals to detect AI-powered compromise: Attendees emphasized the value of tracking authentication activity (especially impossible logins) to flag credential misuse and stop social engineering attacks before they escalate.
• Lay the groundwork for AI policy, even before consensus forms: One CISO shared how they used a recent compliance upgrade as a forcing function to block shadow AI use and push for enterprise agreements, helping build buy-in incrementally instead of waiting for top-down alignment.

How to Evaluate AI-Powered Tools With Greater Precision

As vendors rush to embed LLMs into security platforms, CISOs are raising the bar for accuracy, reliability, and cost control before greenlighting adoption.

• Factor in token usage to avoid unexpected costs: Several CISOs shared that early AI co-pilot tests ran up significant bills as token consumption scaled, especially with tools that lacked clear cost controls.
• Pressure vendors to prove their models are security-tuned: CISOs emphasized that most general-purpose LLMs still hallucinate or miss important context, making them risky for triage and customer-facing outputs unless they’re specifically trained on security-relevant data.
• Balance board pressure with realistic evaluations of maturity: While AI adoption is a board-level priority at many companies, CISOs warned that not all tools are ready for enterprise deployment — especially those without transparency or proven value in real environments.
• Prioritize vendors that deliver real differentiation, not just an API wrapper: Some teams shared that they’re skipping surface-level AI features and opting to build internal tools when vendors don’t offer enough value beyond what’s available directly from OpenAI, Claude, or Gemini.

Top Emerging Vendors Houston CISOs Are Talking About

Security leaders brought up several vendors that they’d recently adopted or were actively exploring. Each solution ties directly to a real problem discussed in the room, whether it’s enforcing identity controls, securing developer pipelines, or reducing tool sprawl. The common thread: these platforms are solving practical challenges without increasing operational complexity.

• Uncover asset gaps and blind spots in real time: Sevco consolidates asset discovery, risk visibility, and under-deployed security controls across enterprise environments. One attendee said Sevco offered a more agile and cost-effective alternative and praised its responsiveness to roadmap input.
• Detect authentication anomalies across environments: AuthMind helps security teams uncover authentication anomalies across SaaS, cloud, and hybrid environments. For one guest, it was the first tool they’d seen that accurately flagged “impossible travel” scenarios — a long-standing challenge in detecting credential misuse across distributed systems.
• Secure existing browsers without disruption: Seraphic adds a security layer to Chrome, Edge, and other mainstream browsers via lightweight agents. An attendee noted Seraphic’s ease of deployment and user transparency as major advantages for hybrid workforces.
• Use hardened images to prevent container risk: Chainguard provides secure, minimal container images and supports modern CI/CD pipelines with vulnerability-free artifacts. One person said their deployment of Chainguard has reduced DevOps time.
• Enforce MFA across server-level infrastructure: Evo Security enables granular access controls and credential tracking across high-volume, server-heavy environments. An MSP attendee described how they’re using Evo to replace service account logins with user-specific credentials and enforce consistent MFA on remote access.

How WM’s CISO Uses Sagetap to Vet & Adopt Vendors Faster

CISO Jerich Beason shared how he uses Sagetap as part of his workflow for discovering new vendors, giving structured feedback, and staying in control of next steps, all without the usual sales pressure.

Beason gives honest, structured input that vendors actually use: After every meeting, he records short answers to help vendors understand how they’re landing and whether they’re solving real problems.

“After a call, I answer six questions about the vendor. Product relevance, budget, urgency, things like that. Thoughts on the presenter, was it good or bad?”

He controls what happens after the conversation ends: Instead of being dropped into a follow-up sequence, Beason decides exactly when — or if — a vendor can reach back out.

“Then at the end I say, do I want to meet with this vendor again in the future: now, or in six months, three months, whatever. And then I decide whether I want it to be a call or an email. And that’s how they get ahold of me.”

This process has helped Beason efficiently identify vendors that now play a meaningful role in his team’s security stack.

Bottom Line

Houston’s top security leaders are responding to the latest AI and identity threats, and they’re looking for tools that fit their environment, cut through vendor fluff, and reduce operational friction. Across the board, peer insight and firsthand experience carried more weight than logos or buzzwords.

If you want to be part of a smarter, more efficient way to discover emerging cybersecurity solutions, sign up for Sagetap and see how top security teams are making better decisions with clarity and peer-backed confidence.