Join Mike Arrowsmith, Chief Trust Officer at NinjaOne, as he delves into the evolving landscape of cybersecurity at RSAC 2025. In this insightful discussion led by Jackie McGuire, principal analyst at theCUBE Research, Arrowsmith shares expertise and perspectives on current trends and challenges in the industry, emphasizing the importance of trust in building secure and resilient systems.
As an expert in cybersecurity, Arrowsmith provides a nuanced exploration of how artificial intelligence influences security measures and the necessity of maintaining trust in technological solutions. The conversation hosted by McGuire touches upon the challenges posed by sophisticated phishing techniques and the importance of understanding data security. Discover how organizations can bolster their defenses against cyber threats with insights from theCUBE Research.
Key takeaways from the discussion include the need for robust data security measures and understanding the full scope of risks within organizational networks, according to Arrowsmith. Arrowsmith also highlights the financial implications of incident response and the importance of maintaining customer trust through transparency and effective communication strategies during breaches, as noted by analysts from theCUBE.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Mike Arrowsmith, NinjaOne
Join Michael Arrowsmith, chief trust officer at NinjaOne, as he delves into the evolving landscape of cybersecurity at RSAC 2025. In this insightful discussion led by Jackie McGuire, principal analyst at theCUBE Research, Arrowsmith shares expertise and perspectives on current trends and challenges in the industry, emphasizing the importance of trust in building secure and resilient systems.
As an expert in cybersecurity, Arrowsmith provides a nuanced exploration of how artificial intelligence influences security measures and the necessity of maintaining trust in technological solutions. The conversation hosted by McGuire touches upon the challenges posed by sophisticated phishing techniques and the importance of understanding data security. Discover how organizations can bolster their defenses against cyber threats with insights from theCUBE Research.
Key takeaways from the discussion include the need for robust data security measures and understanding the full scope of risks within organizational networks, according to Arrowsmith. Arrowsmith also highlights the financial implications of incident response and the importance of maintaining customer trust through transparency and effective communication strategies during breaches, as noted by analysts from theCUBE.
Mike Arrowsmith, chief trust officer at NinjaOne, talks with theCUBE Research’s Jackie McGuire at the RSAC 2025 Conference about the evolving role of trust in cybersecurity. Their conversation explores how organizations can better prepare for threats while maintaining transparency and resilience.
Arrowsmith discusses how artificial intelligence is shaping the threat landscape, particularly in the emergence of advanced phishing techniques. He emphasizes the need for strong data security practices and trust-driven frameworks that support secure system ...Read more
exploreKeep Exploring
What are you most excited about seeing at RSA in 2025 in terms of AI impacting cybersecurity protection for organizations?add
What are some concerns and efforts being discussed among CISOs, CSOs, and chief trust officers regarding the impacts of AI on phishing emails and how organizations are protecting themselves against them?add
What are the challenges faced when recovering from a data breach and how can trust be restored with customers?add
>> Welcome back CUBE Community. This is Jackie McGuire. I'm the Practice Lead and Principal Analyst for security, and this is day two live from RSAC 2025. I am joined today by one of my previous guests at the Art of Security Summit. I'm very excited to welcome back. Mike Aerosmith. He's Chief Trust Officer at NinjaOne. Mike, thank you for joining us.
Michael Arrowsmith
>> Thank you for having me, Jackie. I'm so excited to be here with you today.
Jackie McGuire
>> Me too. You were fantastic as a guest on our Art of Security Summit. Really, really good insights there. So I guess we'll dive right into it. You're Chief Trust Officer, which I think is a really interesting title, and in security, probably one of the most important things that we have as a currency is trust. So what are the things that you're really interested in learning at RSA this year from a trust perspective?
Michael Arrowsmith
>> Yeah, great question, and I think what gets me the most excited here at RSA in 2025 is just seeing the impact on how AI is shaping the posture around protecting organizations from cybersecurity breaches. There's a lot of buzz in the industry today on the great benefits of GenAI and various learning modules. I think when we think about in general, as an organization that builds products, our main focus is what do those products do to our customer base? What is the risk and from some of those products and how should we be thinking about it from that trust perspective? Are we building the most important solutions that they need? Obviously, that's always our number one goal, but ensuring that those products that we're building and that we're seeing in the marketplace that we integrate within our supply chain and that we're leveraging on our platform are really embodying that trust perspective that we want to be known for, that we want to be able to push with our customer base.
Jackie McGuire
>> So I assume you've been walking around for the last day and a half. So as you're kind of thinking about that and talking to people, what are you hearing from the people you're talking to about those things? What is the feedback you've gotten?
Michael Arrowsmith
>> The feedback has been tremendous on just the impacts that AI has with phishing email. We ourselves are seeing that grow day in and day out. I think amongst my collectives of CISOs, CSOs, chief trust officers, we are all trying to gather enough data points to really understand how big of a threat is this in our organizations, what solutions are available, but most importantly, how are other organizations protecting themselves against these rise in phishing attempts? We see them very, very cleverly done, more so than we probably have seen ever, to put it frank.
Jackie McGuire
>> Yeah, I've noticed that as well. I've noticed that within literally hours of information about me hitting the internet, people I'm connected to, people I've worked with, people I've recorded videos with, I've instantly got phishing and smishing pretending to be those people, pretending to be from those people. So it's something that I've noticed as well, that I don't think the grammar has improved in a lot of this, which is bizarre, right? It's like pay for one Grammarly subscription. The grammar hasn't improved, but the frequency and the level of detail and the specificity and personalization has definitely improved. So gut and great feedback, I guess to be a little critical. What are the things that people aren't talking about that you really wish they would be because you think they're more important than people give them credit for being?
Michael Arrowsmith
>> Yeah. Again, I keep coming back to the idea behind data security and really understanding what type of data do you have in your organization that you have transmitting on your networks or you're in possession. I don't see a lot of solutions focused on what data risk and discovery for types of data. That's an area that I think as an industry, we can continue to partner with organizations to improve functionality. It's all about speed and being able to correctly identify where those risk points actually lie within your networks and making sure that you have the proper set of controls. Everybody, I think focuses on how to protect maybe key critical systems, but then the question about why you're trying to protect them, how you're trying to protect them, and more importantly, pushing to the next step. What happens when we all have experienced this that you were breached? What happens? What do you do? How do you run through that scenario? Who do you have to inform? If it's sensitive data with regulations applied to it, there is a whole notification process. We can go on and on. And having that front and center of everybody's minds, I think is a big... I'm still waiting for that buzz to happen around that space.
Jackie McGuire
>> It almost seems like people aren't aware of how expensive responding to an incident is because I think that there's always an argument when it comes to money that, well, there's a chance this could happen, but it costs so much to put the protections in place. I think people may only be thinking about the actual revenue fallout, not necessarily the fact that incident response for really bad incidents is like seven figures minimum, depending. And then to your point, you have to pay people to come in and file all of those regulatory reports, and it gets extremely expensive.
Michael Arrowsmith
>> I think a lot of our peers on that topic kind of cover themselves. They try to hedge it a little bit with a cyber insurance policy, but oftentimes it's that standard insurance policy jargon, we want just enough, not too much, not too little. And oftentimes, to your point, when you're in that breach situation, you finally are recovering and trying to contain, you're notifying, the cost just is extraordinary right then and there. And then you're also under the gun. You have reporting requirements to various regulatory authorities, but also customers. How do you again, ensure that trust back to those customer base? What brand damage will you have with those customer base? And we at Ninja take that very seriously.
Jackie McGuire
>> Yeah. I think the brand one is really important. Talking about trust, I think Cambridge Analytica comes to mind in terms of one big data breach can really sink your ship. NinjaOne deals a lot with patching and vulnerability management. So I want kind of transition a little bit there while people doing and clicking on stupid things is one of the most common ways people are breached. I don't necessarily know that people always include patching and vulnerability management in what they're budgeting for a tool and that we buy all of these tools, these Band-Aids for all of our problems, but we didn't actually think about the fact that somebody needs to change the Band-Aid every once in a while. So how do you think about that? How do you think about patching and vulnerability management and how do you think effective organizations that you're partnering with are approaching that and how are they being effective in these programs that can be a bit arduous for security teams?
Michael Arrowsmith
>> Great question. No, I agree. I've been on both sides of that conversation. I think when you step back and look at it, most of us in the technology space will consider patching general hygiene, low hanging fruit-type items that just need to get done. There's a bunch that goes on top of that though. When you have large dispersed environments, different types of systems, you need to have the confidence that as I apply these patches, I am not going to introduce more areas of failure. And we've seen that a lot of different cases where vendors will release patches. Maybe those patches weren't fully tested for maybe your specific environment or your hardware type. There's a lot of factors and variables that go into how is this patch going to impact my environment? And that's where, here at RSA, I'm really excited to announce our vulnerability product includes patch sentiment. So we do the hard work for our customers. We scrape all social media, all forums to just try to get a sense and kind of an idea, is this a ticking time bomb? Is this something that's going to be benign that you can apply and not think about? So when we think about how organizations do patching well, it really starts at the fundamentals. Do you understand what these patches are effectively doing? Have you properly tested them on the environments and devices that you have? And I think that's an area where I think at Ninja we can help a lot of our existing customers, but also future customers.
Jackie McGuire
>> So I don't have to go explore Reddit and Stack Overflow on my own and try to figure out which engineers in there know what they're talking about and which ones don't.
Michael Arrowsmith
>> You talk about so much bad advice at times out there, and people, again, genuinely try. It's human nature, they want to help. But sometimes, again, we think about our world being a little myopic, and I've got these 10 devices and I applied dispatch. No problem's. Great. Everybody takes that verbatim and then all of a sudden hell breaks loose.
Jackie McGuire
>> Yeah. I was telling you before this, I ran a music festival in Minecraft, and when you have 2,000 servers running and all of a sudden they have to be patched and all of them have to be rebooted after they're patched, I could definitely have used a NinjaOne. I would really, really, really have liked to have a NinjaOne. All right. Let's talk about RSA stuff because we're at RSA. What do you guys have going on? You have this awesome new vulnerability announcement, which I might've gotten a sneak preview of, but what else? What do you have fun stuff going on?
Michael Arrowsmith
>> We do. Again, we are all about our customers. Here at NinjaOne, we have a tremendous 97% customer satisfaction score. It is part of our DNA. So as part of that, it's not just come see our expo, take a look at some products and be sold, kind of what you should be buying or you should be thinking about. We want to be able to connect with our customers. So we've set up this amazing event called Bourbon and Blazers. Folks can come and take a sip of your favorite bourbon. There'll be a great selection and also potentially be fitted for a custom blazer.
Jackie McGuire
>> Nice.
Michael Arrowsmith
>> So just little things to be able to show our appreciation for our customers and try to continue to outreach. Again, we learn so much from our customers. All of our product features come directly from our customer base. We advertise to all of our customers what those product features and to all non-customers. We're very transparent, and that relationship just means the world to us.
Jackie McGuire
>> Yeah. One of the conversations we were just having is that authenticity and transparency. People in security don't necessarily always need to like you, but they absolutely need to trust you, and transparency and authenticity are the straightest line to trust.
Michael Arrowsmith
>> Absolutely.
Jackie McGuire
>> So, I love that. You also have a very nice blazer on, so I assume that you know what you're talking about with tailoring blazers. So I think everybody should check the event out because if you're wearing off-the-rack suits, it's a life hack that you need to go get them tailored. Awesome. Well, I want to thank you so much for being here, Mike. I really appreciate it. I really appreciate getting to know you and NinjaOne better over the last couple of weeks. Really excited about your vulnerability announcement because again, it's something that I could definitely have used in more technical parts of my career. Anything you want to add?
Michael Arrowsmith
>> I really appreciate the opportunity to be here with you today. This is just phenomenal for us to be able to connect with you and others and on your platform. So just really excited. Again, encourage everybody to stop by our booth. We're in the 3,200 section here at the expo. Really excited to be here at RSA and see where it all goes.
Jackie McGuire
>> Awesome. Thank you so much for being here.
Michael Arrowsmith
>> Absolutely.
Jackie McGuire
>> For theCUBE, I'm Jackie McGuire. We'll be back with more high-frequency insights live from RSAC 2025. Thank you.
Jackie McGuire