This is Techie and the Biz, a podcast to explain and simplify how business technology is changing and why it can benefit your organization.
Over the past year, we have seen the industry completely transform in preparation for the AI revolution. More data is coming from more edge devices, improving the cost and experience of delivering goods and services to consumers. Cyber criminals also see the potential for the AI revolution, specifically by attacking the increased number of devices at the edge, which include the smartphones we love and use every day. Over 47% of companies report major impacts on their organizations from mobile device-related breach incidents, costing an average of almost $5 million per incident.
Today, we’re excited to welcome to the podcast a guest that can help us unpack the current state of cybercrime and help us navigate to hopefully safer waters. Peter Nicoletti is currently the global CISO for Checkpoint Software, a leading cybersecurity provider specializing in highest efficacy firewalls, endpoints, cloud, and email risk reduction tools and strategies. Pete is a member of the FBI InfraGard and Secret Service Electronic Crimes Task Force. Pete has been in IT and security for over 30 years with the last 20 years as a CISO in two Fortune 100 organizations. He has been working with artificial intelligence for over 10 years now, starting with a DARPA-funded project and has been interviewed over 200 times on TV as an AI expert for Good Morning America, Fox Business, BBC, and other major networks. Welcome, Pete.
Luck, and I’m here now. This is the pinnacle of my career.
You just keep moving up. Yeah. This is great. Great to be here with you guys this morning. And yeah, I’d love to help demystify some of what’s going on and especially focus on what you guys are doing about it with us. So that’s—we’ve got some exciting news to talk about today.
And we’re definitely excited to start talking about it. But before we dive into this really important topic, I wanna talk about the elephant in the room.
Uh-oh.
Specifically, has anyone ever told you that you could be the doppelganger for none other than Star Trek’s Captain Kirk, Mr. William Shatner?
Uh, yes. Yes. So, my wife and I like to attend Star Wars openings dressed as Star Trek, just to see what people tell. That’s so funny.
When I do a reverse image search, you know, one of the things that you have to do with AI risk is know where your image is being used, both in an unauthorized and authorized way. So if you look up in a reverse image search, like FaceCheck—Do AI is the one I use most frequently to see where people’s pictures are being used—my picture does come up as the William Shatner doppelganger. So, and walking through airports once in a while, I get a fun—Can I get your autograph? Hasn’t gone that far. I guess I need to put on a little bit more weight to get as the picture now.
The role of CISO, Chief Information Security Officer, has really expanded over the last 10 years. Today, the role wears many hats and is evolving from a more technical role to a highly strategic, engaging, and holistic role. As a highly coveted CISO and expert in your field, what would you say is an important change to the CISO role, and how do you see enterprises utilizing this change?
You know, Eric, it’s true. The role has changed. It used to be the biggest nerd, the smartest person that knew how to do networking, knew how to do security—and they were behind the scenes. Now, with threats that can take down a company and having the CISO and staff be some of the only people that understand the threats, the CISO role has taken on a couple of really interesting aspects.
Number one is a translator. You have to be able to discuss threats and have executives and the board of directors understand those threats to where your security program can be expanded to deal with those, or the threats can be ignored, or the threats can be addressed in some other way. But the bottom line is that translation ability. Because, you know, us nerds, we talk in some crazy language.
You know, if I told my past CEO that my website was going to be hit with SQL injection, with cross-site scripting and cookie injection, they’d look at you like you have two heads. But the minute you say, “Look, our website has vulnerabilities that if we take it offline and it causes $19,000 of outage per minute,” you’re translating to a business imperative and you’re translating to something that the executives can understand.
Because the other thing that’s changed—and I kind of hinted at it—is not just a translator, but you have to sell your program. You’re constantly involved in justifying your security program because security programs are expensive, let’s face it, for large companies. And certain people think that they’re not really worth the money. So you have to sell your program and make sure that you describe the risks that you’re dealing with.
And third, security people used to be the last to know when there was a new business project going up. And that’s no longer possible because security needs to be involved in these mergers or new business launches or conversions or whatnot, so that security can be layered in without impacting the business.
You know, the security people used to be the no people, but what they really need to be is the “know” people—where they know about the issues, understand the risks. And it’s really important now with artificial intelligence, because here we have something that can be used as a weapon against us but also to accelerate our business.
So, you know, there’s no better person, typically, than a CISO that knows all of the new artificial intelligence tools, how they can help the business, what are going to be the highest return on investment projects—versus, on the other side, the dark side.
You know, we live in a post-real society and having to deal with deepfakes and crazy things that are going on—for example, this week we saw the very first no-click exploit hitting mobile devices. So being able to understand those risks and making sure that your countermeasures are in place, and translating that crazy nerd talk to executives so that they stroke the checks—it has been a very big evolution to the role. Long answer for a short question. How about that?
That I think kept us exactly where we wanna go next, especially when I’m looking at the live threat map behind you and watching this silent war taking place. And it, for us, it’s incredibly important to learn and know more about not only the fact that you have to partner with the business to know what’s going to be the next thing you have to solve for, but also obviously selling it as a complete program.
(continued…)
The shift toward mobile threats is something many companies still underestimate. While many organizations invest heavily in traditional perimeter security, they often overlook mobile endpoints, which are now key targets due to their access to sensitive corporate data. What’s concerning is that the average organization doesn’t have full visibility or control over their mobile fleet, especially with remote and hybrid workforces now standard practice. That’s why it’s critical to have layered defense strategies in place—not only across laptops and desktops but also on smartphones and tablets.
And this is where our collaboration really comes into play. MetTel recently announced the addition of Check Point Harmony Mobile Threat Defense to its portfolio of enterprise mobility products. It’s a solution that fits seamlessly into enterprise environments, helping protect against phishing, malicious apps, network attacks, and OS exploits in real time. The power of this solution lies in its ability to detect and respond to threats proactively—before they cause damage.
That’s exactly right. Harmony Mobile works by embedding deep threat intelligence capabilities onto the device itself. It’s not just about antivirus or sandboxing—it’s AI-powered, behavioral-based detection that can identify zero-day threats without needing user input. What’s more, it’s privacy-focused. It doesn’t snoop on personal content, so employees are more likely to accept the app on their personal phones in BYOD environments.
And Max, I think that’s a key point. We’ve hit a moment in time where cybersecurity and user experience must align. If security tools are invasive or slow down devices, users find ways around them. Harmony Mobile is lightweight and invisible unless it detects an issue—and when it does, it alerts IT and remediates it before it spreads. That kind of approach is critical for enterprise resilience.
Pete, can you also touch on what organizations should be doing right now to prepare for the next wave of cyberattacks targeting mobile? What’s your advice for companies who still see mobile as a secondary concern?
First, treat mobile like any other endpoint. That means requiring the same level of risk posture, visibility, and control. Second, invest in solutions that don’t just react, but predict. With AI and machine learning, you can now prevent breaches before they happen. Finally, educate your workforce. Human error is still the leading cause of breaches. If people know what to look for and have tools backing them up, the organization becomes much harder to compromise.
That’s a powerful note to end on. Pete, thank you so much for joining us today and helping break this all down. It’s clear the mobile security landscape is changing, and organizations need to evolve with it.
My pleasure. Thanks again for having me.
