Brett Talmadge served as Chief Information Officer at Nisqually Red Wind Casino during one of the most critical periods in the organization’s history. Brought in following a ransomware incident that disrupted operations and exposed long standing technology gaps, Brett was tasked with stabilizing systems, rebuilding trust, and creating a sustainable security and IT foundation. His background spans highly regulated and mission critical environments, including financial services in New York City and work tied to federal defense operations. That experience shaped his disciplined approach to cybersecurity, operational resilience, and leadership communication.
Brett walks through the reality of stepping into an organization that had recently paid ransomware and was still recovering from operational and cultural fallout. He explains how legacy systems, siloed ownership, and the absence of a long term IT vision created an environment where a single phishing click could cripple the business. Rather than focusing on surface level fixes, Brett prioritized rebuilding structure, visibility, and accountability across systems and teams.
The conversation highlights a recurring challenge faced by many IT leaders: executive teams often view cybersecurity as a state that can be achieved and checked off. Brett pushes back on that assumption, emphasizing that security is an ongoing process shaped by constant threat evolution, user behavior, and organizational entropy. Tools like Darktrace and Varonis provided meaningful visibility and alert quality, but only when paired with trained staff and leadership engagement.
A key theme throughout the episode is communication. Brett shares a pivotal moment when leadership questioned why IT staff needed desks, revealing a fundamental misunderstanding of modern IT roles. That moment underscored why many organizations struggle with security maturity. Without executive clarity on what IT actually does, even strong technical programs can be undervalued or dismantled prematurely.
Resources mentioned in this episode
Matthew Connor on LinkedIn
CyberLynx Website
Brett Talmadge on LinkedIn
Nisqually Red Wind Casino Website
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
Defending Global Gaming: Mohegan’s Battle Plan for Cybersecurity
The Human Side of Cybersecurity Leadership with Kara Schlageter
Inside a Real World Ransomware Incident and Recovery with Zach Lewis
Matthew: Matthew Connor here, host of the Cyber Business Podcast. Today we're joined by Brett Talmadge, CIO at Nisqually Red Wind Casino. Brett, welcome to the show.
Brett: Good morning, and thanks for having me, Matthew.
Matthew: Thanks for joining us. Before we get too far in, a quick word from our sponsors.
[SPONSOR READ: Do you know if a hacker is in your system? Most people and most companies don't — until it's too late and the hacker has already done damage. Technology and threats are advancing faster today than ever before. At CyberLynx, we help companies leverage industry-leading technology to stay safely ahead of threat actors. Find out more at CyberLynx.com.]
And now back to our show. Brett, for those who aren't familiar, can you tell us about Nisqually Red Wind Casino and your role there as CIO?
Brett: So actually, I'm no longer their full-time CIO — I worked myself out of a position. They eliminated the role entirely. Which, in a strange way, is a compliment. In less than two years, I came into Nisqually to essentially save the day. They had fallen victim to ransomware and paid the ransom — which is the big no-no. Everyone was frantic. People lost positions, full-time employment. There were vacancies, disgruntled staff, legacy systems, silos that had been built up over years and decades of mismanagement, disorganization, unconsolidated software, and no clear IT vision communicated to leadership. There was never a well-defined end game.
And honestly, I'm not sure we ever fully got there — part of what was left on the table was getting leadership to truly understand what IT needed to accomplish. The fundamental question: what do you want your technology to do for your company? How are you going to use AI? Are you going to use AI? You go to conferences and you meet peers from other organizations and they ask, "Are you using AI?" And if you're not, it can feel like you're being kicked out of the club. But the real question is: are we doing this to keep up with appearances, or are we doing this because it's the right, secure move? Most companies are wrestling with exactly that.
Nisqually was one of thousands that had just hummed along. No organization, no NTFS permissioning, unmanaged shares, unpermissioned file systems, Active Directory environments and file shares in disarray — all the things that most of the business world runs on: Windows servers, Office 365, Box.com — just not managed. And then a director-level employee clicked on a virus, and boom. Their system was locked down. Payment was made. Business came back online, but the damage was done and the cost was real.
What got me to where I am and able to succeed in environments like this was my background. I came from New York City, working with hedge funds from a managed services perspective — dozens of private equity firms, venture capital firms, hedge funds, businesses where downtime was simply not an option. Before that, I was doing work with the Pentagon on highly mission-critical operations. That background trains you to think quickly, logically, and to see down the road.
And one thing you learn fast: if you pay a ransomware demand once, they're coming back. It's a paycheck for them. I saw it with a company in New York — $5,000, system locked, system opened, paid a couple of times. They knew it was easy money. So I knew exactly what I was walking into at Nisqually, and I started day one with an aggressive vision. I've always called it my three-headed beast — like Cerberus, the dog that guards the gates of hell. You want eyes on all your files, your networks, all the activity. It costs money. It's an investment. But technology alone isn't enough. You have to build training, because all the technology in the world is useless if your employees aren't capable, motivated, and engaged — if they're not caring about alerts.
So at Nisqually, I built that quickly. My management style is rooted in positivity. You can't achieve what needs to be achieved if people are heads-down and disengaged. There has to be optimism at all levels, a willingness to get into the shoes of other departments, and a collaborative mindset — we're in this together. I started there with both the IT team and all departments.
When you're going to organize something, you have to start with the end game. It's like organizing a garage — you have to picture how you want it to look before you start, then build toward that. Get rid of the fluff, sift through what matters. We had millions of files and records to analyze. You use software to do that. And that's part of communicating to leadership what IT does: it's sometimes a slow build. You have to learn the environment, understand normal behavior — both on the user side and the network side.
My goal when I start at any company is to get to a place where all departments are communicating effectively, projects are moving, and people have space for company picnics, time off, research and development — growing the business rather than constantly firefighting. That's the end state. How do you get there? Start with the platform everyone's using — Office 365, Teams. Get everyone on Teams and SharePoint. I could see long term all of the accounting, file systems, network maps, and architecture compiling from one source. From a cybersecurity standpoint, my mindset from my Pentagon and financial services background is simple: we are a bank. That's number one. Everything else I can help with, but nobody is accessing our money or our information without proper authorization.
To do that, I used Varonis and Darktrace. Two companies that make great products — the coverage, the logic, the way they operate. They just work. I'm an Apple guy at heart. It just works. Why fight the things that don't? And so I find products that work because I want my team to be happy and productive. Adoption matters. And within less than two years, I had fully launched agentic AI across the company. Every department can now use it. You sit down at your computer and say, "Bring me up to speed — what have I missed?" and it tells you everything you need to respond to. It's live, it's usable, and I worked myself out of a job.
Matthew: I understand how products like Darktrace can give the impression that the job is done — because when it's working well, it almost feels that way. For those who aren't familiar, Darktrace is a phenomenal company doing fantastic work across email, network, OT security, and more. Their security awareness training is also impressive. They do an amazing job of leveraging AI in exactly the right way to properly secure your network, devices, and email. So I get how leadership might think, "We've got AI watching our backs — it's like having RoboCop everywhere. What do we need someone supervising RoboCop for?" But cybersecurity isn't a state you reach. There's no such thing as being cybersecure. You're always in the process of having the best cybersecurity you can have. It's a constant arms race. So what was their thinking — that you'd done such a great job that they were done forever?
Brett: I never quite framed it that way in my mind, Matthew. It makes me laugh hearing it out loud because it is, honestly, a little ludicrous. Where I think the real failure was — and this goes back to what I was saying about communicating the end game to leadership — I gave a presentation about a year ago laying out everything IT was working on. I put it in the most layman's terms I could. I really thought leadership understood what I was talking about. They didn't. And that's on us as IT professionals. We have to get better at communicating what this work actually looks like in clear, summarized, accessible terms.
About a month before they gave me the news, I'd been told six months earlier that it might be coming. I didn't believe it — given the state of what we'd been through, where we'd come from, what we still needed to do. I thought I'd explained it well enough. I'd asked for three additional staff members, and before I could even get that conversation moving, I needed more physical space — we were literally out of room. And in that conversation with the people who needed to make the call, it hit me: they genuinely didn't understand what IT did. Someone who had been in the business for decades asked me, "Why do your techs need desks? Don't they just walk around fixing things?" I was floored. And it actually makes sense — the last time they had to really think about IT was decades ago, when our job was fixing printers and getting Windows to cooperate. The technology works now. The battle isn't fixing the technology anymore — the battle is security. Keeping the vault closed.
It's no wonder there was a breach before I arrived. And if the thinking doesn't change, there will be another one. Because what I put in place will only last so long if it isn't actively managed. Entropy is how the universe works. Things decay, bad guys adapt, and if something isn't updated or managed, they'll find their way back in. An army does not run itself. You can have the best soldiers in the world, but without leadership they'll only be good at whatever's right in front of them. I left them in good hands — I hired a dedicated cybersecurity analyst, and my right-hand man is a cyber expert as well. But there's a difference between being a great analyst and providing strategic leadership. Those are entirely different jobs. Hopefully they figure that out, and maybe they'll bring in some guidance periodically.
Matthew: I think other people will see that. It's an old understanding of IT, and it's shocking that after an incident like that ransomware attack, it wasn't the wake-up call it should have been. Let's shift gears a bit — we've touched on Darktrace, but let's dive into AI and cybersecurity more broadly. You've said you're a fan of Darktrace — what is it that you like about it over other AI security products?
Brett: When I was evaluating options, I was genuinely torn between Darktrace and some of Rapid7's offerings. Rapid7 is excellent — probably a close second. But Darktrace just worked. Like Apple. Simple, effective, does its job. And the biggest selling point for me was how dramatically it reduced false positives. If you've spent any time on a service desk working through security alerts, you know what it's like to come in Monday morning to 5,000 alerts. How do you get through that? And you find that 99% of them are something like an out-of-date print driver — not an active infiltration attempt. That noise is exhausting and dangerous, because the real threats get buried in it. Darktrace cut through that and gave us actual, actionable alerts. Real issues, clearly surfaced — not hidden on page three of a report. Their engineering team, their incident response support, their onboarding process — all of it helped us get to that state. That was my biggest endorsement of Darktrace.
Matthew: That's exactly what companies should be doing now when it comes to AI in security. Everyone gets the ChatGPT use case — it helps with email, presentations, research. And that's been great for getting people comfortable with AI. But in security, when you start talking about agentic AI, what I love about products like Darktrace is that you see the future of it. Take email — you hit on it with the false positives, but the bigger shift is that the end user no longer has to go digging through a quarantine or junk folder wondering if Sally's email got caught somewhere. That era is over. Now if Jane is great at accounting, she just gets to do accounting. She doesn't have to learn how to spot a phishing email — the AI is doing that. That's where AI in security makes the user experience genuinely better for everyone. And on the IT side, the analyst who used to spend Monday and Tuesday clearing 5,000 alerts — now that's handled, and they can focus on the things that actually need a human. That's what gets me excited. Where do you think this takes us next?
Brett: I think AI in security is going to fundamentally change how we communicate and interact with these systems. The direction I see it going — and I was just having this conversation the other day — is toward video and visual interfaces. Think about how computing has evolved. In the late 90s and early 2000s, YouTube changed everything because video made it easy to communicate something complex in a way that people could absorb instantly. Making a video used to be hard — now it's trivial. I think cybersecurity software is heading in that same direction. Imagine being able to see a file transfer attack or an unusual network behavior explained and visualized in a short, automatically generated video sent to your mobile device. Not a wall of text in a log — a visual, digestible summary.
I think we're going to see a lot more video-based interfaces for how security software communicates with operators and executives. And Darktrace is actually already pointing in that direction — if you look at their visualizer, you can see your endpoints and network activity rendered visually in a way that lets you absorb a lot of information quickly. Long term, I could see that going further — holograms, immersive interfaces. Beyond that, biometrics are going to be increasingly central. There's just too much susceptibility to fraud with anything else. If you're a bank, you want the tightest controls possible, and biometrics get you closer to that than anything we've had before.
Matthew: And the visualization piece is huge. There's just so much data now. The way Darktrace surfaces that information visually — you absorb it fast, you catch what matters, and the noise of thousands of false positives disappears. That's a massive advantage for security teams. And most products are already doing solid work on executive-level reporting. But for the day-to-day operational side, the visualization is becoming game-changing. Brett, this has been so much fun — we could go on forever when it comes to AI and the future of security. Before we go, can you tell everyone where they can find and get in touch with you?
Brett: Sure. I'm on LinkedIn — Brett Talmadge. You can find me there. I'm out here in the Pacific Northwest, working to make the best footprint I can and help people achieve solid AI usage and good cyber posture.
Matthew: Fantastic. Brett, until next time!
Brett: Thanks a lot for having me on.