Channel Partners Conference & Expo is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Get ahead of the game with the #CPExpo & #MSPSummit Insider’s Guide, your key to success at the show! >> Get the Digital Show Planner >>
We recently chatted with Shawnee Delaney, former defense-spy-turned cybersecurity specialist about her upcoming keynote at Channel Partners Vegas, 2025.
Want to catch Shawnee Delaney and other industry leaders at this year’s Channel Partners, in Vegas? Find out more about our event passes and prices or register now to save!
Note: This article has been created using a transcription of the video above.
Bob DeMarzo: Hi everyone. I am Bob DeMarzo, the host of the Channel Partners Conference and MSP Summit which is coming to Las Vegas, March 24th to 27th in Las Vegas. I am here with one of our incredible keynote speakers, Shawnee Delaney who has captured the minds of our audience and fascinated them with her career journey from, Shawnee, I could say from spy to cybersecurity consultant. Is that a fair way to describe your journey and career?
Shawnee Delaney: Yeah, that's pretty good.
Bob DeMarzo: Well, first of all, thanks for being the keynoter. I think everyone's looking forward to your keynote at the event. Why don’t you tell the audience a little bit about yourself?
Career Journey
Shawnee Delaney: Yeah, so I guess I've had an unusual trajectory if you will. I started my career in espionage. I worked for the Defense Intelligence Agency. I conducted clandestine operations all over the world. I loved every second of it. And when I left, I got into private sector and I worked for major Fortune 500 companies and I ended up standing their insider threat programs and I realized there was some epiphany moment where I realized, wait a minute, I used to be the threat actor and everything I used to do to get people to tell me their secrets is what threat actors are doing to these companies and so that's where I started my journey with Vaillance Group about almost six years ago.
Bob DeMarzo: It's amazing. Well, I guess you were truly a spy in your work. That's amazing. I think everybody probably wishes like, hey I'd like to be a spy. You actually did it in your career. So unbelievable. That's phenomenal.
Espionage Experience and Its Relevance Today
Bob DeMarzo: So tell us a little bit about the work that you did. I would love to hear what you can tell us in terms of the experience you had as a spy and then how you apply that to your work today as you're saying in terms of turning that around to help protect organizations, you know, large companies, medium-size companies and small businesses.
Shawnee Delaney: Yeah, so I traveled around the world recruiting various people from different countries to provide sensitive non-public information. I essentially recruited the vulnerable insiders, right? And then I provided that intelligence to US policymakers who hopefully made better decisions with ground truth information. So it was amazing. I did four war zone tours, two to Iraq, two to Afghanistan. Just some really incredible memories.
Want to see Shawnee take the stage this March? Join us for CPExpo 2025.
Bob DeMarzo: That's amazing. Some of us work a lifetime and don't have that experience. So first of all, thanks for your service to our country and government. It's amazing. And we're kind of glad to have you on this side these days. So tell us Shawnee a little bit about the state of cybersecurity and protecting companies and individuals, right? From attacks and vulnerabilities. Tell us a little bit about your work in that regard in sort of the state of cybersecurity today as you see it.
Current Cybersecurity Landscape
Shawnee Delaney: It's challenging, right? The state of protecting businesses today is highly fragmented. The cybersecurity landscape for businesses of all sizes is increasingly complex and challenging which personally I think that's fun. But cyber incidents as a whole, they're the top threat for smaller organizations specifically and nearly half of cyber breaches impact businesses with fewer than a thousand employees. So it touches everyone. Now when you're looking at organizations there are key challenges, right? There's a lack of qualified IT or security staff, cybersecurity experts. You're constantly playing whack-a-mole and trying to keep up with the new threats and you're ensuring that employees actually understand and have an education about all of these evolving threats.
Want to find out more about what the 2025 cybersecurity landscape will look like? Stay ahead of evolving threats and trends with our free, must-read 2025 Cybersecurity Outlook ebook.
What I see is there's a bit of a difference between large and small. With large corporations, they're increasingly investing in robust cybersecurity systems, but they often overlook the human risk element which remains one of the biggest vulnerabilities. It can be one of your biggest strengths too if you do it right. And then for small and medium businesses or SMBs, many of them believe that they're too small to be targeted or their employees are like family and they would never do anything bad, but that false sense of security leaves them really really exposed, especially since attackers know that SMBs often lack the resources for comprehensive defenses. So the challenge across the board is balancing technical defenses with the human element.
The Role of Insider Threats
And then that's insider threats, right? So whether it's malicious or it's accidental, these pose really significant risks and many organizations lack the frameworks to prevent or identify or mitigate them. So cybersecurity as a whole, it's not just about firewalls and endpoints. It's about understanding the behavior and the motivations of the people who operate within those systems.
Bob DeMarzo: Yeah, I wanted. So if you look at our audience of Channel Partners that you know delivers we'll say security solutions to all sorts of businesses, public sector, private sector, right? And tries to help those companies either recover or you know I would say be progressive about protecting themselves. You've got a great view on what they should be doing in terms of delivering certain I would say services or see opportunities in the market. What's your advice to them in terms of the biggest opportunities in working with businesses and even in the public sector?
Opportunities in Cybersecurity
Shawnee Delaney: Yeah, I think the human risk factor it opens enormous opportunities for technology service firms. Companies of all sizes are recognizing that cybersecurity isn't just about tech. Like I said, it's about people. I can't say it enough. Service providers can really offer value by helping businesses build holistic insider threat programs. Conduct human risk assessments, train employees to recognize and respond to threats like phishing and social engineering and credential theft and people like me, right? And then for SMBs there's this huge market in offering right-sized solutions. So bundling technology tools with tailored security awareness training that fits their budgets and their needs. For larger businesses, service firms can focus on integrating behavioral analytics, insider threat detection and policy frameworks that address that human element that I'm talking about. So by positioning themselves as partners in human risk management, service firms can fill that critical gap that traditional cybersecurity providers very often miss.
Join us for CPExpo 2025 to see Shawnee and other industry leaders in the cybersecurity space discuss threat trends and advice.
Bob DeMarzo: Great. Based on that truly I got to ask you, if you were starting from scratch today, right? And said, hey I want to build a cybersecurity consultancy or a practice with inside my IT company or my technology advisors, what would you do? What would you do and what wouldn't you do as well?
Building a Cybersecurity Consultancy
Shawnee Delaney: If I were starting a cybersecurity practice today, I would build it around human-centric security. So the focus would be on integrating maybe three key pillars. So you've got human risk management. So offerings or services like insider threat programs, behavioral analytics and employee lifecycle management. That's low-hanging fruit right there. Then you've got tailored education and awareness. And this is like the foundation of the house. So creating programs that go really beyond generic cybersecurity training and phishing tests that everybody does. Everyone's phished out by the way, to instead incorporate things like gamification and real world scenarios and behavioral psychology to make the lessons stick. So we are now what I like to say is like a Netflix nation, right? People's attention spans they've dwindled to being shorter than that of a goldfish which is really depressing. So we need to be creative and we need to think outside the box in order to drive engagement. That should be your goal, that engagement.
In fact, there's a statistic I read that I think it was business.com. They found that 31% of business leaders believe that deep fakes have not increased their fraud risk and that's shocking to me. If you know any of those people, please tell them to call me. And then just in general, statistically over 50% of leaders have said that their employees have not had any training on identifying or addressing deep fake attacks. So how are you supposed to defend against these threats that are evolving every single day when your own people don't know what to look for. And then the third pillar if you would would be that technical human integration.
Read more about the Channel Partners 2025 keynote speakers.
Partnering with technology providers to incorporate tools like AI-driven anomaly detection, but framing those tools as enablers, not replacements for human decision-making. So I think really kind of just to summarize is I think the differentiator would be a focus on preventative measures rather than reactive solutions. So it addresses not just the how of cybersecurity but the why behind the human vulnerabilities.
Bob DeMarzo: It's amazing. And listen, I hope our audience doesn't have the attention span of a goldfish because they're gonna have to listen to everything you have to say. Shawnee, you know our audience is split between techies and really business savvy people, right? When it comes to cybersecurity and security services, what's your advice to them in terms of staying ahead of the trends, understanding the customer, upskilling so that they can be the best they can, right? When it comes to protecting their own business or their customers. Is this something you tell people, I don't care if you're a geek or you're a business leader, you need to do the following. What would you say to them?
Bridging Technology and Trust
Shawnee Delaney: Yeah, well I'm a geek so I like those people. We know. My advice I think is probably pretty simple. Don't just sell technology, sell trust and resilience. So if you're looking at the tech savvy audience, focus on integrating technical technologies, things like behavioral analytics and AI-driven monitoring tools. There are some really crazy companies out there with some really incredible tools. So integrate that into your offerings, but really emphasize their role in supporting human decision-making. For example, how can these tools identify unusual employee behaviors or flag insider risks in real time, left of boom as I like to say.
And then focusing on the business savvy audience, make the business case for security investments by framing them around risk management and reputation and ROI. Show how protecting human assets, your employees, your clients, your vendors, your partners directly translates to protecting the bottom line. Ultimately, I think that one of the biggest opportunities in the market today lies in bridging the gap between technology and people and businesses that combine technical defenses with proactive approaches to managing human risk will really lead the way.
Bob DeMarzo: Yeah. What's the one piece of advice you say you give to your customers or prospective customers time and time again that you're almost like, you go I can't believe I've got to say this yet again. Why don't people get it? But what's that advice? And I'm sure I'm sure it touches on some of the things you said. We'd love to hear that.
Final Advice and Reflections
Shawnee Delaney: That's easy. I pretty much say it to everyone. It can happen to you. Everyone, full stop.
Bob DeMarzo: Yeah. And is AI the game changer here? Are companies, your customers and even you concerned about I would say the negative impact that AI is going to have on attacks and our ability of companies to restore and the frequency of it, you know? And I guess on the other side of it is you can use AI to defend, but is AI the game changer here on both sides of that?
Shawnee Delaney: So AI is absolutely a game changer. And there are a ton of pros and a ton of cons as everyone knows. I think organizations need to understand that it is not going away.
