Dr. Chase Cunningham didn’t come to Zero Threat World in Orlando to sugarcoat anything. In his signature no-BS style, he launched straight in:
“If I hear one more person say, ‘Just do the basics,’ I’m going to jump out of a window. We’ve spent 30 years proving that all the AI-powered, VC-funded cyber-shenanigans don’t make a lick of difference. And yet, here we are again, asking, ‘How do we solve this problem?’ Newsflash: people still use shitty passwords. People still click phishing links. And the industry? It’s making a fortune pretending to fix it.”
He’s not wrong. Cybersecurity is a multi-billion-dollar industry, yet breaches are more rampant than ever. Worse, hacking has become completely democratized.
“Anyone, anywhere, with nothing but an internet connection and time to kill can be a hacker,” he said. “Thanks to leaked nation-state tools, you don’t need a PhD in computer science. You just need to Google the right things—or better yet, ask ChatGPT to write you some ‘theoretical’ malware.”
We’re at War—And No One’s Noticing
It’s not just stolen data and corporate breaches. People are dying because of cyberattacks.
“Last year, at least 50 Americans that we know of died because hospitals were taken offline,” Cunningham said. “Cancer patients missed treatment. Emergency rooms were shut down. If a Russian plane flew over Kansas, dropped paratroopers, and they killed 50 Americans, we’d be at war overnight. But if a ransomware gang does it? Congress is still debating whether that counts as ‘critical infrastructure.’”
This, he argued, is the real way we should be thinking about cyber. Not as an IT issue. Not as an inconvenience. But as warfare.
And yet, as terrifying as this reality is, our priorities are completely out of balance.
“We’ve invested more money into trying to stop people from clicking phishing links than we have into curing cancer. Read that again.”
It’s a staggering statistic. The world pours billions into cybersecurity, much of it wasted on ineffective solutions. Meanwhile, diseases that will kill millions every year receive comparatively little.
The Cybersecurity Industry Is a Giant Grift
For all the money poured into cybersecurity, why does the problem keep getting worse? Simple: because it’s profitable.
“This is a market, and markets exist to make money,” Cunningham said. “The Patagonia-vest-wearing VCs in Silicon Valley aren’t investing in security because they care about your data. They care about 35% year-over-year growth. That’s why we have thousands of cybersecurity vendors—most of them peddling the same recycled garbage with a fresh acronym slapped on it.”
And speaking of buzzwords?
“SASE is the dumbest shit I’ve ever heard,” he said. “It’s the Honey Boo Boo of cybersecurity strategies. But thanks, Gartner, for coming up with that one.”
He didn’t stop there.
Compliance? “A seatbelt on a 737 crashing into the ground at 400 miles per hour.”
Cyber analysts? “They’ll put the same companies in the top right of every report because, oh wow, those companies are also their biggest clients. What a coincidence.”
And if you think breaches are bad for business, think again.
Cybersecurity Is the New Cigarettes
The cybersecurity industry operates just like Big Tobacco, Big Sugar, and Big Vaping before it. Sell people on the problem, profit from the solution, and keep shifting the narrative when the truth gets too inconvenient.
“We knew cigarettes were killing people back in the 1930s, but it took 30 years before the government finally admitted it,” Cunningham pointed out. “So what did the tobacco companies do? They pivoted to vaping. The same companies that gave people cancer are now selling the ‘solution’ to smoking. And guess what? That’s exactly what’s happening in cyber.”
The cybersecurity industry thrives on fear, uncertainty, and doubt. The more people are scared, the more money gets funneled into flashy new solutions—most of which don’t actually fix the root problems.
“We’ve reached the root beer-flavored cyber phase. If you can slap an acronym on it and make it sound sexy, you can sell it. Never mind whether it actually works.”
Want to Make Money? Buy the Breach
“I’m gonna make you all some money,” he said. “Breaches? They’re great for stock prices. Microsoft, CrowdStrike, Equifax, Marriott—every time they get hacked, there’s a dip, and then a bounce. Buy the breach. Ride the wave. Get paid.”
He’s not joking. He actively invests in companies after they’ve been hacked because he knows they’ll recover.
“It’s better than any hedge fund strategy out there. Put in $10K, let it ride, and in three years, you’re sitting on $42,000. Easy.”
Stop Being Delusional
If nothing else, Cunningham’s message was clear: cybersecurity isn’t about security. It’s about money.
“The industry doesn’t want to solve cyber,” he said. “Because if it did, the money train would stop. So, stop being delusional. Question the experts. Push back. And for the love of God, don’t just blindly trust whatever shiny new security product gets thrown at you. Because chances are, it’s just root beer-flavored cyber bullshit.”
Then he dropped the mic. Literally.
I attended Zero Threat World, Florida, as a guest of Threat Locker
