This podcast episode features Tom and Scotti discussing the often-unspoken truths of cybersecurity and IT modernisation. They emphasise that security is a mindset, not just a set of tools, and advocate for a holistic approach where everyone in an organisation is involved. They also stress the importance of getting the fundamentals right before diving into complex technologies like microservices and cloud migrations, warning against the pitfalls of "lift and shift" approaches. The hosts discuss the challenges of change management, the inevitability of security incidents, and the need for better communication and understanding of cybersecurity risks at the executive level. They also touch on the shortage of skilled cybersecurity professionals and the complexities of outsourcing IT services, advocating for a balanced approach that includes internal expertise and careful vendor selection.