Former F-16 pilot turned ForgePoint Managing Director Ernie Bio shares insights on identifying innovative cybersecurity startups, the evolving role of CISOs, and why the combination of AI with human expertise represents security's most promising frontier.

Session Summary

In this insightful conversation from RSA Conference with Bishop Fox's Tom Eston and Allan Cecil, ForgePoint Managing Director Ernie Bio shares how his military background shapes his approach to cybersecurity investment and leadership. Bio begins by recounting his unexpected journey from F-16 fighter pilot to cybersecurity investor, describing how reading Kathryn Zetter's "Countdown to Zero Day" sparked his interest before a return to active duty under Admiral Rogers at US Cyber Command fully immersed him in the security world. This experience with the Pentagon's Defense Innovation Unit provided him with unique perspective on the intersection of national security and emerging technologies.

Throughout the interview, Bio emphasizes the mission-oriented mindset that connects military service with effective cybersecurity leadership. Quoting General Nakasone's assertion that "cybersecurity is national security," he explains that the sense of purpose that drives military operations translates directly to defending organizations in the digital realm. This mission-focused perspective informs Bio's investment approach at ForgePoint, where he led the Series A investment in Huntress—a company founded by former NSA hackers who redirected their nation-state expertise toward protecting the "99% of organizations that aren't a JPMorgan" with limited security budgets and expertise.

The conversation shifts to the evolving challenges facing today's security leaders, with Bio highlighting how CISOs must navigate increased board visibility, tighter budgets, security stack consolidation pressures, and evolving regulatory requirements. He notes the emergence of software provider liability in the latest US cybersecurity strategy as a significant development that will further complicate security leadership roles. Bio also discusses the evolution of public-private partnerships from rhetorical devices to essential components of critical infrastructure defense, citing CISA's growing role in bridging gaps between government and industry.

Looking toward the future, Bio provides thoughtful perspective on AI's potential in cybersecurity, distinguishing today's developments from previous marketing hype. Drawing an analogy to Bishop Fox's Cosmos platform as an "Iron Man suit for pen testers," he envisions effective human-machine teaming as the path forward, with AI tools like Microsoft's Copilot providing security practitioners with better context and reducing false positives. He concludes with the pragmatic assessment that the cybersecurity talent gap "is never going to be fixed" through traditional means—making the combination of automation and AI essential for addressing the industry's fundamental challenges.

Key Takeaways

1. Military experience instills mission-focused security leadership - The purpose-driven approach from military service translates effectively to cybersecurity, where defending organizations requires similar commitment and strategic thinking.
2. Security startups founded by practitioners address critical gaps - Companies like Huntress, founded by former NSA hackers, demonstrate how practitioner expertise can be redirected toward solving security challenges for underserved market segments.
3. CISO roles continue to gain strategic importance - Despite competition for attention from trends like AI, security leadership positions are increasingly elevated within organizations as boards recognize their critical importance.
4. Public-private partnerships are evolving beyond rhetoric - What was once primarily discussion about collaboration has developed into essential operational relationships, particularly for protecting the 16-18 critical infrastructure sectors.
5. AI represents a fundamentally different opportunity this time - Unlike previous marketing hype cycles, today's AI developments offer genuine potential for human-machine teaming that enhances security practitioners' capabilities.
6. The cybersecurity talent gap requires technological solutions - The persistent shortage of qualified security professionals cannot be solved through traditional means alone, making automation and AI essential components of a sustainable security strategy.
7. National security and enterprise security have become inseparable - The distinction between protecting government interests and private organizations has eroded, creating shared challenges and opportunities across sectors.