From a tank driver in the Gulf War to the founder of one of the U.S.’s largest regional cybersecurity conferences, Michael Farnum’s journey is a study in discipline, community, and curiosity. He shares how early exposure to cryptography, BASIC programming pranks, and first encounters with firewalls led him into security.

We dive into how Farnum built the Houston Security Conference (HOU.SEC.CON) from 120 attendees in 2010 into a 3,000-person international event

He also discusses the rapid rise of agentic AI, what excites him, and the risks of unauthenticated MCP servers, shaky credential governance, and invisible AI triggers. Despite looming challenges, Farnum is optimistic that security conversations are starting earlier this time around.

He closes with timeless advice: don’t be overly cautious, advocate for your value and take the smart risks you might otherwise pass up.

Key Takeaways

• Military lessons: Encryption mishaps in the Gulf War taught discipline, planning, and after-action reviews that later informed his cybersecurity mindset
• The hook into security: First exposure to a Unix firewall showing live traffic convinced him this was the path to follow
• Community builder: Founded HOU.SEC.CON to unite a fragmented Houston infosec scene; it has since grown into a national/international draw with thousands of attendees
• AI & agentic AI: Rising volume of submissions at security conferences; risks include unauthenticated MCP endpoints, hidden triggers, and weak credential governance
• CISO struggles:
  • Data security remains the #1 challenge—knowing what you have, where it is, and who can access it.
  • Application security continues to lag despite new tools.
  • Modern infrastructure & APIs can help if applied well.
  • AI-driven SOCs are already shifting MDR/MSSP models, often without customers realizing
• Career advice: Be less cautious and ask for what you’re worth, take smart risks, and don’t undersell yourself