Distinguishing between movement and progress, in AI, security, and more

Are tech industries selling us a problems they invented? Ryan Clarque, CSO at Black Rifle Coffee Company [https://www.blackriflecoffee.com/], doesn't flinch at the big provocations. When Claude's Mythos model showed up in every LinkedIn feed promising a software apocalypse, Ryan's take was blunt: the basics were broken before Mythos, and they'll still be broken after it. The real question about a powerful AI model, it's whether you've built a program capable of doing anything about them when it does. But the conversation doesn't stop at hype-busting. Ryan has quietly done something the industry insists can't be done: built a lean, two-person security operation that ditched the big-ticket SIEM vendors, took control of its own telemetry, and outperformed programs with ten times the headcount and budget. When one of those vendors found out, they sent their "heavy hitter" to prove Ryan wrong, who left agreeing Ryan didn't need them. What emerges is a portrait of a practitioner who learned to distinguish progress from movement — and who thinks most of the industry is confusing the two. The procurement cycle, the Gartner roadmap, the sequence of investments you're told you must make: Ryan's argument is that inertia dressed up as strategy has left small security teams demoralized and over-leveraged, and that the fix is less about budget and more about the willingness to build your own way out. And then, at the end of a week of planes and conferences, Ryan says something that reframes all of it. The reason he doesn't chase the car or the watch or the title isn't asceticism — it's that working in security means observing the worst of what people do to each other, and the only way to stay functional is to invest hard in what actually holds. Time. Trust. People who remember how you made them feel. Mentioned: * Cal Newport on Mythos vs other LLMs in finding software vulnerabilities [https://www.youtube.com/watch?v=k-8stQCeQiE]