In this episode of Chasing Entropy, host Dave Lewis welcomes longtime friend and cybersecurity thought leader Matt Johansen. What unfolds is a deeply insightful, often personal discussion that spans the evolution of an entire career—from a student in a literal church pew to a key voice shaping cybersecurity narratives today.

From Dorm Room to Industry Leader

Matt shares the serendipitous moment that ignited his cybersecurity career: a last-semester class taught by a university CISO, a DVD of James Arlen’s “Black Hat to Black Suit,” and the early encouragement to engage on Twitter and LinkedIn. That first year of digital networking proved foundational—every boss Matt's had, he met during that stretch.

Big Banks and Shadow IT

Matt contrasts his experience building security programs at a scrappy fintech startup with the tightly controlled environment at Goldman Sachs post-acquisition. He discusses how rigid controls can reduce risk but stifle innovation, and unpacks how shadow IT thrives even in the most controlled environments. The lesson? Security postures must match organizational realities.

Mental Health, Burnout & the Myth of the Security Superhero

One of the episode's most powerful threads is Matt’s advocacy for mental health awareness in cybersecurity. He critiques "superhero culture," where the same individuals are always relied on in crises. Instead, he calls for real structural changes—proper rotations, mandatory time off, and leadership accountability. As he puts it, you can’t yoga your way out of burnout.

Identity is the New Malware

Matt and Dave explore how the attack surface has shifted. With SaaS proliferation and stolen credentials replacing malware as the primary attack vector, identity management has become paramount. Highlighting attacks like the TeleMessage breach and the phishing incident involving Troy Hunt, they emphasize that security must make “clicking links” safe—not shame users for doing it.

Vulnerable U & Making Security Accessible

Matt now runs Vulnerable U—a cybersecurity media company delivering digestible infosec news via newsletters, YouTube, TikTok, and Instagram. He reflects on how his early work curating news for Liquid Matrix evolved into a full-time passion for communicating security in a human, relatable way.

Advice for Aspiring Professionals

Matt’s number one tip for newcomers? Create content. Even if you’re still learning, share your process. Blog your breakthroughs, record your thought process, and contribute to the dialogue. That transparency and authenticity open doors.

Mentioned in the Episode:

• Vulnerable U: vulnu.com
• TeleMessage Security Breach
• The "Black Hat to Black Suit" talk by James Arlen

“Clicking links should be safe. What do we have to do to make clicking links safe?” — Matt Johansen

Be sure to subscribe, share, and join us as we continue to chase entropy across the loading construct.