In the second episode of Chasing Entropy, host Dave Lewis, Global Advisory CISO at 1Password, welcomes a true luminary in the cybersecurity world—Rich Mogull, SVP of Cloud Security at Firemon and CEO of Securosis. What follows is a lively, insightful, and often humorous conversation that ranges from paramedics to Black Swan events, revealing how physical disaster response frameworks can revolutionize cybersecurity.

From Paramedic to Cybersecurity Visionary

Rich shares his unconventional journey into cybersecurity, starting with physical security at university events, then pivoting to paramedicine, software development, and ultimately to security analysis and consulting. His transition into cybersecurity was never part of the plan—it was shaped by curiosity, opportunity, and a whole lot of caffeine.

The Power of Early Opportunities

We reminisce about early career moments, including Dave’s first-ever speaking engagement alongside Rich. These experiences underscore the value of mentorship, peer support, and stepping into discomfort to grow.

Black Swan Events & Incident Response

The heart of the episode centers on a shared talk from IRISSCON in Dublin titled “Digital Doomsday: Building Resilience for Cyber Black Swans.” Rich explains the concept of a Black Swan—unpredictable yet highly impactful events—and how learnings from physical disaster response (like hurricanes or mass casualty events) can be applied directly to incident response in IT.

Bridging Physical and Cyber Crisis Management

Drawing from his extensive background in emergency services and disaster response, Rich advocates for adopting the Incident Command System (ICS) and all-hazards preparedness within cybersecurity. He emphasizes that while the domain (cyber vs. physical) may differ, the principles of coordination, communication, and scalability remain the same.

“The nature of putting out a fire vs. handling a hurricane vs. dealing with ransomware—they're all just different domains of the same challenge.”

Why Cyber Keeps Burning Itself

We also explore recurring issues in the industry, like password mismanagement and shadow IT. Rich critiques the idea that security teams should try to control everything, arguing instead for building resilient systems that can adapt to business needs, attacker behavior, and legacy tech constraints.

Final Insights

Rich closes by reflecting on the forces that shape cybersecurity:

• Business decisions and priorities
• Adversary tactics
• Legacy system vulnerabilities
• Human error
• Compliance pressures

He cautions against over-indexing on hot trends while neglecting the fundamentals that could reduce real-world risks—especially in critical infrastructure.