The Cyber Interview: Chester Wisniewski, Sophos

Chester – known as Chet – opens up about putting out the fire of cybercrime with AI and agents that hand today’s defenders a frontier AI advantage
WRITTEN BY
The Cyber Interview: Chester Wisniewski, Sophos

The Cyber Interview: Chester Wisniewski, Sophos

Chester – known as Chet – opens up about putting out the fire of cybercrime with AI and agents that hand today’s defenders a frontier AI advantage
WRITTEN BY
The Cyber Interview: Chester Wisniewski, Sophos
Share this article
Prioritise Us on Google
Share this article
Chester – known as Chet – opens up about putting out the fire of cybercrime with AI and agents that hand today’s defenders a frontier AI advantage

CISOs today are facing a storm and frontier AI is to blame. 

With novel models sniffing out more bugs in our critical software than ever before, security patches are piling up and if the mood of the industry can be summarised in a single word, it would be “stressed”. 

Not Chester Wisniewski. The Global Field CISO at Sophos is excited to steer his ship through the sea of possibilities that AI has to offer. 

“Well trained, it is an incredibly efficient way of looking for malicious things,” Chet says. 

Chet brings more than 30 years of cybersecurity experience, specialising in threat intelligence, cybercrime trends and attacker behaviour.

The greatest benefit to security practitioners from the technology, Chet notes, is when it is paired with humans who are combing through massive datasets. 

In Chet’s words: “Humans are terrible at dealing with terabytes of information and trying to figure out which interesting thing to make decisions about.”  

The solution here is an intelligent division of labour, with AI doing the grunt work to get precise answers to the security questions of human analysts, who are digging through a vast variety of information sources to help the human brain make smarter decisions. 

“The last time I checked there were four million malicious files a day coming into our labs for analysis,” Chet recalls.  

“Obviously humans can’t look at four million files, but 20 of them are probably really interesting – they could be a nation state attack from an adversary or they could be a new strain of ransomware. 

“What we as humans really struggle with is finding that needle in a haystack.”

The malicious files in its millions are just the tip of the iceberg, another major hurdle in security is staffing. The industry is generally short staffed and with the mounting volumes, AI is a real lifesaver.  

One thing that everybody is unsure about however are hallucinations. But Chet is unfazed, he says that as long as AI helps to get the numbers down from a billion to a hundred, and of these, if 80 are interesting, that’s a big win in his books.  

Youtube Placeholder

The criminal surveillance machine

When you mess up in the age of AI, there is little that can help. 

“Everything is being scanned constantly and even a minor slip up will be exploited by someone,” the CISO says, describing the thorny reality developers face. 

“If you accidentally publish your API key on your Github repo, when playing on a weekend project writing some code, something will discover that in five seconds. That key is burnt, it’s gone.

“Everything that isn’t nailed to the floor is being stolen instantly on the internet.”

Chet describes AI as smart automation and it is unfortunately being deployed by cybercriminals to “scan everything, all the time”.    

He recalls an instance when a key published in Github was stolen in three seconds!

“I don’t think people realise that everything is under surveillance on the internet,” Chet puts to words today’s harsh reality.

These stolen credentials and stolen API keys are leading causes of data breaches as criminals are “not hacking into things, they are logging into them”. 

The exploding threat of machine identities 

Data from Sophos State of identity Report highlights the growing problem of non-human identities (NHI), which Chet predicts will be the biggest security challenge in the next couple of years.

Enter agentic AI. Chet says that “some of our customers who use our identity threat detection service have ratios like a 100 machine identities for every one human identity.” 

This means NHI growth has been massive and greatly outnumbers humans in the ecosystem, thereby opening the door to a range of new threats. 

Chet recalls the biggest cybercriminals hits of 2025 and early 2026, many of them he says were the result of NHI based attacks – specifically, Salesforce tokens stolen by organised cybercriminals gangs like Scattered Spider and Shiny Hunters. 

Key facts
  • 100:1 – the ratio of non-human to human identities in certain environments
  • 67% of ransomware incidents were linked to identity compromise or identity-based attacks
  • 3 seconds - Chet says there was an instance when a key published in Github was stolen in 3 seconds!
  • 4 million - the number of malicious files coming into the Sophos lab per day

So what’s the solution? According to Chet, the saving grace is automating the key rotation and doing it every five minutes while monitoring for anomalous behaviour.

When asked about the link between ransomware deployment and identity threat, Chet says that criminals are simply doing the “the easiest possible thing to break in”, which usually is by exploiting identity. However, this equation changes if there is a large scale exploit, in which case, criminals are known to switch tacks.  

Sophos data shows that 67% of ransomware incidents were linked to identity compromise or identity-based attacks, while about 16% of initial access methods involved vulnerability exploitation.

“Criminals are lazy, and if you have money they will come for you,” Chet says. “The easiest way to get in is the thing that they are going to do.”

Does Mythos prove Linus’ Law? 

Unlike many in the industry, Chet doesn’t seem all that impressed with Anthropic’s world class model. 

His initial reaction to hearing the news of Mythos and its prowess being summed up in two words – “So what?”.

Mythos is "not doing anything that humans weren’t doing before, it’s just doing it faster and more thoroughly,” Chet says

While he notes that his stance on the topic has since evolved, Chet says: “It’s not doing anything that humans weren’t doing before, it’s just doing it faster and more thoroughly.” 

Referring to Linus’ Law – named in honour of the founder of the Linux OS – he states that “given enough eyeballs, all bugs are shallow”. 

The argument here is that open source projects should be more secure than proprietary systems, simply by virtue of the number of expert eyes looking at it. 

Chet notes that this was never true, because there weren’t enough eyes and those that were present, were not all that effective at looking

But what Mythos is doing today, in Chet’s eyes, is making Linus’ law from 30 odd years ago, actually come true.

“Humans can only look at a hundred thousand permutations of memory misuse before they get bored,” he says.

“The machine doesn’t get bored. Mythos doesn’t get bored. It will keep looking to make sure there aren’t any vulnerabilities and I’m kind of excited about that.” 

The tech debts we owe 

According to Chet, what Mythos is finding are “tech debts”, which he describes as “those little mistakes we made along the way that nobody could be bothered to go back and find or fix”.

With Mythos in the loop, these debts are being paid back as infrastructure is being broken and rebuilt, more hardened than ever, making it even more difficult to exploit.

In the short term, however, things are less than ideal. 

“It’s going to be painful for a while,” he exclaims, weighing the huge amount of effort it takes for humans who have to fix and validate these flaws. 

IT teams are already behind on patching as is, and with new patches rolling in faster, the situation puts a lot of stress on engineering teams. 

These frontier models may also make the internet a more dangerous place, leading to internet-facing devices becoming more vulnerable. 

“As an industry we need to evolve in quite a few different ways to make this less painful,” Chet says. 

An example of this evolution would be to make internet-facing equipment self patching, so humans need not worry about disruptions or piling loads of patches. 

Ultimate defender advantage  

AI and agents bring a great capability to the defender table. 

“It’s going to help us make smart decisions faster,” the CISO says.

Chet works closely with security researchers worldwide to help organisations strengthen enterprise-scale defence strategies.

The world of security forever has been a cat and mouse game, with defenders reluctantly staying on the backfoot while attackers invent novel malwares and exploits. 

The asymmetry has been severe. With AI, however, those tables have perfectly turned. Chet believes that “this is the first time defenders have an advantage”. 

“We are ahead of the game on the defence side,” he says. “There is very little evidence of criminal adoption at scale outside of attacking humans.”

Chet is referring here to deepfakes, grammatically correct phishing emails and similar threats.

“What they don’t have is all the GPUs to train their own models,” he says. 

“They don’t have access to data. We’ve got smart scientists, people building cool tools and we’ve got money to pay for Mythos.” 

A much overdue advantage for sure. 

Looking ahead, Chet is very optimistic and excited about the possibilities, noting that: “As fast as this is moving, there are a lot of opportunities for human creativity to find solutions to problems.”

In a landscape historically defined by defensive fatigue, this shift marks a turning point. AI may be the engine driving this new era but human creativity remains the compass. The asymmetry of cyber warfare has finally shifted, and the defenders are ready.

Chester Wisniewski

Chester Wisniewski

Permanent Full-time

Chester Wisniewski is Director, Global Field CISO at security leader Sophos. With more than 30 years of security experience, his interest in security and privacy first peaked while learning to hack from bulletin board text files in the 1980s, and has since been a lifelong pursuit.

Chester works with Sophos X-Ops researchers around the world to understand the latest trends, research and criminal behaviors. This perspective helps advance the industry's understanding of evolving threats, attacker behaviors and effective security defenses. Having worked in product management and sales engineering roles earlier in his career, this knowledge enables him to help organizations design enterprise-scale defense strategies and consult on security planning with some of the largest global brands.

Based in Vancouver, Chester regularly speaks at industry events, including RSA Conference, Virus Bulletin, Security BSides (Vancouver, London, Wales, Perth, Austin, Detroit, Los Angeles, Boston, and Calgary) and others. He’s widely recognized as one of the industry’s top security researchers and is regularly consulted by press, appearing on BBC News, ABC, NBC, Bloomberg, Washington Post, CBC, NPR, and more.

When not busy fighting cybercrime, Chester spends his free time cooking, cycling, and mentoring new entrants to the security field through his volunteer work with InfoSec BC. Chester is also available on Mastodon (@[email protected]).

Company portals

Executives