This is the first installment of Voices in Cloud Security, a series where we talk to cloud security practitioners across the industry about what they see in the field, what’s broken, and what needs to change.
We started with one of our own. Ben McPherson is Head of Solutions Engineering at Tamoon. Before that, he spent over a decade chasing what he calls “the next wave” through security: software-defined networking, incident response, SIEM at IBM, secure coding, privileged access management, and eventually cloud security.
He’s worked at companies of every size, from IBM to early-stage startups, and he has valuable opinions (and insights) about all of them.
Here’s what Ben had to state about the state of the industry right now.
How’d You Get Here
Everyone in security has a winding path. Ben’s started in sales.
How did you end up in this part of the industry?
I started in sales before I was in tech. I was a regional sales manager. I enjoyed it, but I wanted to prove to myself that I could do the technical side too. So I went back to school and dove in.
My first job out of that was as a sales engineer, and I found my thing right away. I already had the sales instinct. I loved presenting. And I realized I could combine both sides in a way that worked for me.
From there, I just chased the wave. Whatever was the new hotness, that’s where I went. I started with software-defined networking, moved into the data space, then back to security. I worked in incident response. I did SIEM work with QRadar at IBM. I did secure coding. I dove into privileged account management. I literally rode the wave all the way to where I am now, but I stayed in security the whole time.
I also learned that I liked smaller companies. After IBM, I started gravitating toward startups. At a smaller company, you get to actually contribute and feel meaningful. You have more to give and more room to give it.
What the Industry Gets Wrong
Ben has seen the industry evolve through multiple hype cycles. His frustrations come from experience, not theory.
What did you expect about the industry that turned out to be wrong?
The industry focused so much on detection that we kind of forgot about the rest. And I think people overweight detection because of analysts like Gartner and Forrester. There’s a lot of bad information out there. Some of that is the social media wave where everybody’s got to have an opinion, but that doesn’t mean the opinion is correct. It leads to many false promises.
Because of this, we put so much weight on detection that we forgot what comes after it. Most MDR providers are only running containment. They’re not actually bringing you through full incident response. Very few platforms help you figure out who to contact, where to go, whether you need to notify state or local governments. There’s so much more than just “we contained it.”
And even in the CNAPP space, they say they do remediation, but they only do a certain portion of it, and it’s very manual. We’ve all gone down this path of “my solution, my solution, my solution.” But we forgot the most basic principle of all: people.
What’s overhyped right now?
I’m going to say it. AI. AI is way overhyped.
That doesn’t mean it isn’t important. It is. But even the term “agentic AI” is loaded. Having agentic AI doesn’t mean you replace people. One of the smartest people I worked with at IBM said we’re just not there yet with AI to fully replace humans. And I think he’s still right. We’re closer. But we’re not there.
AI right now is really process automation. It’s fancy RPA when you strip away the marketing. And I think that’s what gets lost. People create these really cool demo concepts of what AI can do, and it works great in a controlled environment. But the moment you put it into a production setting, it falls apart. Over time, it drifts from what you set it up to do. You don’t have the right guardrails.
Some edge case you never imagined becomes reality, like the Mona Lisa rapping demo from Microsoft’s VASA-1, and suddenly people can picture vishing calls, fake Zoom meetings with lawyers, and trusted systems being undermined before the threat is even common in the wild. We’re not there yet, but we will be sooner than later.
What’s underrated right now?
People. I think we’ve devalued people with the hope of AI, and we haven’t realized that you still need human intervention.
You walk around Gartner, you walk around any of these conferences. What do you see? Agentic AI everywhere. What you don’t see is the number of people it takes behind the scenes to make that happen. And to keep it running.
That should alarm people. You’re buying agentic AI, but you’re actually still buying people. So should you really be trusting all of that in your environment if it’s still that manual? What are you actually buying? You’re buying a solution for scale, but people do not scale.
What You Actually See in the Field
Ben spends his days inside prospect environments. This is what keeps showing up.
When you look inside a new prospect’s environment, what do you almost always find?
Misconfigurations. There’s a big gap in vulnerabilities right now. And I wouldn’t say AI is causing the misconfigurations. I think AI is helping us find them. The real issue is that these cloud landscapes have just grown too much. And they’re going to keep growing.
What’s really burning us is that we keep asking more and more of people. Here’s a good example. A big company has a security team, an IT team, a DevOps team. Three separate groups. Now take a smaller company where one person is doing two of those three roles. And then leadership gets frustrated when something is misconfigured. That person isn’t bad at their job. They’re just stretched across too many jobs.
What’s a common thing teams get wrong about their own security posture?
I don’t think people evaluate risk enough. And I’m not talking about the annual risk assessment. I mean on a day-to-day basis. Risk is what we actually see every day, and I don’t think we do a good enough job evaluating it continuously.
Look at the Marriott breach. There was a ton of dwell time. SolarWinds. These were things that could have been prevented but weren’t. People forget that risk is a probability. A low-probability event still has a probability. And it can cost you a lot of money.
Actually, try this. Use the FAIR model and plug in your risk analysis. Look at the dollars you’re risking within reason. Understand that the output is somewhat theoretical. But it’ll open your eyes fast. Most teams never do this. They never look at what it would actually cost if everything went wrong on the worst day imaginable. Add your estimated fines and liabilities to that number. It gets uncomfortable.
Any moments where you looked at an environment and couldn’t believe what you found?
I found a backdoor to China once that was open to all of the W2s in the company. And I worked there.
The Remediation Gap
Remediation is where Tamnoon lives. We asked Ben what he sees on the other side of detection.
What’s the hardest part of remediation that has nothing to do with the technology?
Getting it through to the actual fix. That’s the hardest part. The investigation matters, but the real struggle is moving from “we know what’s wrong” to “it’s actually fixed.”
And the reality is that even the platforms that have automated parts of it have mostly only automated containment. Containment is not remediation. That’s a huge point to make. Everyone talks about prevention, detection, and response. But there is a fourth pillar, and it’s remediation. People forget it all the time.
What’s the biggest gap between what cloud security tools promise and what teams are actually getting?
I hate this word now because it’s become a buzzword, but orchestration. Specifically, orchestration of people. That’s the gap.
I’m going to make a bold statement. I think the industry has it wrong. I think we’re buying solutions as a band-aid, but the real problem is that we actually need to scale people.
But here’s the thing. People don’t scale. You can’t just add more humans to the problem. There aren’t enough skilled security professionals, and they’re not coming online fast enough. And now with AI displacing some of the entry-level roles, we’re not even building the talent pipeline anymore.
So you end up in this loop. You need people to do the work. You can’t hire enough of them. The tools promise to replace them but can’t fully deliver. And the gap between “somebody should fix this” and “this is actually fixed” just keeps getting wider.
Advice from the Field
We closed by asking Ben what he’d tell someone earlier in their career, or anyone evaluating their next move.
What’s some advice that vendors often give that you tell people to ignore?
Stop trusting big vendors by default. “Nobody ever got fired for buying IBM” is outdated thinking. I’d actually trust the smaller vendors more.
Here’s why. A big vendor gets built by a hundred really smart people. Then the vendor gets acquired. And most of those smart people leave. They go to smaller companies where they can actually be innovative and make an impact.
So the smaller vendors, the channel teams, the startups. That’s where a lot of the real expertise ends up. They have more to prove and more to earn. That matters.
What do the best teams you’ve worked for do differently?
They set important goals, and they stick to them. That sounds simple, but most teams don’t actually do it.
The best teams I’ve been on also had real camaraderie. If you’re not having fun, what’s the point? They were friends. But when it came down to work, they were laser-focused. Instead of a two-hour meeting full of filler, they could do the same call in 15 to 30 minutes and get a better result.
The pattern is clear. Clear goals. Real relationships. No wasted time. That’s it.
Where This Leaves Us
Thanks to Ben for the conversation. This is the first in our Voices in Cloud Security series. More conversations with practitioners across the industry are coming.
Ben’s observation keeps coming back: the industry forgot about people. Tamnoon was built on the opposite bet, that AI works best when human expertise stays in the loop. If that resonates, check out the State of Cloud Remediation 2026 report for the data behind the remediation gap Ben is describing.
