Mapping the Future: Why Cybersecurity Visibility is the Greatest Advantage

When I sat down at Black Hat 2025 with Bennett Moe, VP of strategic partnerships at CyberWire, I didn’t expect to start our conversation talking about maps.

Not network maps or topology diagrams but actual maps.

Before entering cybersecurity, Bennett was a cartographer. “Maps are an abstraction of reality,” he told me. “You have to take a lot of data and pick out the things that are important for people who may need to make decisions in high-pressure environments.”

And that's exactly what good security visibility is. You want to know which pieces of the terrain matter most in the moment — and be able to navigate them under pressure.

That idea became the throughline for this Black Hat episode of The Segment, which also featured Jim Reavis, CEO of the Cloud Security Alliance.  

From Bennett’s lessons in layered mapping to Jim’s warnings about systemic cloud risk and AI’s disruptive force, one theme emerged: teams who can master the art of mapping will lead the next decade of cybersecurity.

Security is cartography for the digital age

Maps layer different perspectives, like political, topographical, and climate, so the user can see exactly what matters for their purpose.

In security, we face the same challenge. Tools flood us with telemetry, logs, and alerts, but more data doesn’t equal better security.  

“You’re looking at many layers of data and picking out the ones that are most critical for how you’re making decisions,” Bennett said.

Think of it this way:

• Your network relationship map shows how workloads and systems connect.  
• Your identity relationship map reveals who has access to what.  
• Your application dependency map highlights which services rely on others.  

Viewed in isolation, each tells part of the story. But overlaid with each other, they reveal attack paths that would otherwise stay hidden.

Attackers already think this way. They move laterally between layers to reach their objective.  

A stolen credential might open a path through your identity map, which they then use to traverse your network map. Ultimately, they target the application map where your most critical assets live.  

If you can’t visualize these relationships, you can’t predict or block that movement.

AI is changing the speed of navigation

AI is fundamentally altering how fast attackers and defenders can navigate the terrain.  

“Things that would take humans much longer amounts of time are now processed almost instantly,” Bennett said.

For defenders, this can be a massive advantage: faster threat detection, automated response, and real-time risk scoring.  

But speed cuts both ways. AI-powered attackers can exploit misconfigurations, unpatched vulnerabilities, and poor hygiene in minutes instead of days.

“We can power people with AI,” warned Bennett, “but we’re not going to be able to fulfill the mission if we don’t have the right people in the right seats doing the right jobs.”  

The implication is clear: AI is an amplifier. It makes your strong points stronger and your weak points riskier.

This means security visibility and hygiene are now inseparable. If your map is incomplete or outdated, AI will make that gap matter more — not less.

We can power people with AI, but we’re not going to be able to fulfill the mission if we don’t have the right people in the right seats doing the right jobs.

Cloud security is the new geographic reality

Jim Reavis has been mapping the cloud security landscape for over 15 years through the CSA.  

He sees cloud and AI as inseparable forces: “Cloud and AI got together and had a baby, and it’s ChatGPT.”

The cloud democratized compute, and AI has democratized intelligence.  

That democratization is powerful, but it also introduces unprecedented systemic risk.  

Jim referenced a recent open letter from JP Morgan Chase CISO Patrick Opet to the company’s suppliers: if a major cloud provider goes down, it’s not a single-company outage but a global economic disruption.

For security leaders, this is a call to treat cloud dependency mapping as seriously as asset inventory.  

• Do you know which workloads are in which provider’s regions?  
• Which services rely on third-party APIs?  
• Which functions have no viable failover plan?

This is about understanding the map so you can re-route when parts of it fail.

Securing AI vs. securing against AI

Jim is clear-eyed about AI’s risks.

“We have to be the smartest people about AI in our organizations,” he said. “Even more than the people who are building AI applications.”

He breaks AI risk into two categories:

1. Securing AI systems themselves, such as protecting models from prompt injection, ensuring training data integrity, and preventing model theft or manipulation. ‍
2. Defending against AI-powered attackers who can automate reconnaissance, generate convincing deepfakes, and discover vulnerabilities at scale.

We have to be the smartest people about AI in our organizations, even more than the people who are building AI applications.

Both require more than policy updates. They demand new testing methods, like simulation-based assessments instead of static test cases, and continuous learning about evolving model behavior.

It’s not enough to treat AI like another tool in the stack. AI is both a mapmaker (revealing patterns and paths we couldn’t see before) and a navigator (moving across them faster than any human).  

That dual role means it can help you defend — or help attackers bypass you — depending on who’s in control.

The leadership mandate: mapmakers at the helm

From both Bennett and Jim, the message to security leaders is clear:

• Layer your visibility. Maintain connected maps for network, identity, application, and cloud relationships. ‍
• Prioritize what matters. Filter for the insights that drive immediate, meaningful action. ‍
• Plan for systemic risk. Know your dependencies and your dependencies’ dependencies. ‍
• Make AI literacy a leadership skill. Understand models, use cases, and risks at a technical level. ‍
• Invest in people. Technology only works when skilled operators understand the mission and the map.

This is about mindset. The best cyber leaders are navigators charting a safe course through constantly shifting terrain.

Charting a cyber resilient future

Cybersecurity visibility isn’t a static asset — it’s a living, evolving map. The attackers’ map changes with every exploit, misconfiguration, and credential theft. Your map should update just as quickly.

As Jim put it, “Solutions don’t come top down. They come from the community… anybody in the world could have a great idea about a certain way to navigate cybersecurity or make some course correction that’s going to help all of us.”

In an era where cloud and AI define the terrain, the CISOs who think like mapmakers — continuously surveying, updating, and sharing their visibility — will be the ones best equipped to navigate what’s next.

Listen to our full conversation on The Segment: A Zero Trust Leadership Podcast via Apple, Spotify, or our website.