Bryan brings a grounded perspective on IT service management, opening with a clear case for why change management is not bureaucratic friction but a proven mechanism for limiting downtime. He points to real-world data showing that 80 percent of outages trace back to a bad change and draws a direct line between disciplined change processes and financial protection, illustrating how stopping even a handful of avoidable outages each year can translate into millions of dollars saved for an organization. The CrowdStrike incident serves as a vivid reference point for what happens when QA and change control break down at scale.
The conversation moves into AI governance with notable specificity. Bryan explains how Liberty approaches AI adoption through a formal AI governing board that evaluates every new tool for compliance risk, data handling, and architectural integrity. He draws a sharp distinction between products that bolt an LLM onto existing services for market appeal and those that apply machine learning in a contained, purposeful way, citing Darktrace as an example of AI done right in the security context. He is direct about the risk of employees using tools like ChatGPT with sensitive data, noting that once information enters those platforms, ownership and use become unclear, a serious concern in a HiTrust, HIPAA-governed environment.
Bryan and host Matthew Connor explore the tension between convenience and security, arriving at a framing that will resonate with anyone managing enterprise IT. Security will always prioritize protection while the rest of the business defaults to ease of use. The job of IT leadership is to find the balance that enables the business rather than obstructs it, offering governance as a feature rather than a gate. That philosophy runs through Bryan's broader view of IT: a non-revenue-producing department that no one in the organization can operate without, and one that earns its seat by co-creating value rather than holding the line on hardware.
For those considering a career in IT, Bryan offers advice that is both practical and forward-looking. He encourages early-career professionals to look past the help desk and identify their target specialty before choosing certifications, comparing the IT landscape to medicine, where a general practitioner and a specialist require fundamentally different training paths. He acknowledges the anxiety around AI displacing IT jobs but reframes it as an argument for staying curious, specializing deliberately, and understanding that the people who will thrive are the ones who know how to direct and govern the tools, not just use them.
Resources mentioned in this episode
Matthew Connor on LinkedIn
CyberLynx Website
Bryan Younger on LinkedIn
Liberty Dental Plan Website
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
Measuring and Managing Technical Debt with Dr. Ken Knapton
AI, Lead Automation, and the Future of Automotive Tech with Yuriy Demidko
How Window World Scales Technology and AI Adoption with Glenn Rumfellow
Matthew: Welcome to the Cyber Business Podcast. I'm your host, Matthew Connor. Today we're joined by Bryan Younger, CIO at Liberty Dental Plan of Oklahoma. Bryan, welcome to the show.
Bryan: Hey, thank you, Matt. I appreciate you having me on.
Matthew: We appreciate you coming on. Before we get too far in, a quick word from our sponsors.
[SPONSOR READ: Hackers are getting smarter. Is your security keeping up? Cyberlynx sells industry-leading, AI-powered cybersecurity solutions that detect threats in real time — so you know about an attack before the damage is done, not after. Learn more at cyberlynx.com.]
And now back to our show. Bryan, for those who aren't familiar, can you tell us about Liberty Dental Plan of Oklahoma and your role there as CIO?
Bryan: Absolutely. Liberty Dental Plan is a dental benefits administrator. We work a lot in the Medicare and Medicaid space, as well as commercial and exchange. Liberty serves around 8 million members nationwide. We're the largest privately held dental benefits administrator in the country. We have a lot of people out there in a lot of different places, and we're very excited to continue to serve them.
Matthew: That's fantastic. When it comes to the CIO role — even on the insurance side of things — service management is a really big and important aspect of that. I'd love to get your perspective. What's your take on it?
Bryan: Couldn't say it better, Matthew. Service management — not just in the insurance space, but in all corporate spaces these days — drives efficiency, drives automation, and provides clear direction. It helps keep us accountable, and it's a very necessary part of IT. It originally came from Europe, from the UK, via ITIL. Most people in IT have heard of ITIL — the UK government came up with it, and it's now the most widely accepted IT framework on the globe.
I really enjoy driving those automations here at Liberty. One of the places where that's most visible is in change management. A lot of people have heard of change management but may not realize it's part of service management. We manage changes by having a Change Advisory Board, a change process, and a workflow — and that gives us the opportunity to review changes before they go into production. That really helps limit downtime, which is critically important. It also helps your MTTR — your Mean Time to Resolution — because when something goes wrong, you can look at what changed the day before and have a good place to start.
Matthew: That's a really good point. I think for a lot of people, especially on the IT and development side, change management feels like, "Oh, you're just slowing me down. It's cumbersome." But you hit the nail on the head — the ability to go back and see what changed, and the troubleshooting benefits that come from that, far outweigh rushing to get something done. There's a lot at stake here.
Bryan: Exactly. In the service management space, we look to be a partner, not a hindrance. We understand it asks a little extra work from time to time. But the statistics are clear — around 80% of all outages are the result of a bad change. If you can stop ten of those a year, and a company loses a million dollars for every hour they're down, you've just saved them ten million dollars.
And I think CrowdStrike is a stellar example of why good QA and change management are of paramount importance.
Matthew: It's kind of funny to me — in a way — that it wasn't more detrimental to the company. You'd think something like that would be a death blow. But it was really just a bad news cycle that lasted maybe a month, and then people moved on. I expected it to hit CrowdStrike a lot harder than it did.
Bryan: I'll say this — it may be forgotten by people outside of CrowdStrike, but I'd bet my house that the C-suite at CrowdStrike has not forgotten. It hit their net operating profit hard. That shows up to stakeholders, shareholders, and executive leadership.
Matthew: And I think it's also telling of how much CIOs and CISOs genuinely value CrowdStrike — that they were willing to overlook it. The narrative I kept hearing was, "They've learned from that mistake, and we won't see it again." To err is human, right?
Bryan: Absolutely. I'm still shocked it wasn't fatal. And then there's SolarWinds — that one actually shocks me more. That was so egregious. How does a company survive that? With CrowdStrike, it was one isolated incident they fixed. But SolarWinds — that ran so deep. It infiltrated the government at all levels, major corporations. How do you overcome that?
Matthew: That's a tough one. And my question has always been — how long was it in there before anyone knew? How much information did they already have by the time it was detected? We've seen it time and time again — ransomware attacks like the one on MGM, where they end up paying not just in downtime, but actual ransom money. And beyond the financial hit, it impacts how you're perceived in the market. MGM can absorb that — they're a casino. But a company like ours can't afford it. We need the trust of our members. The moment they lose trust, you lose membership.
Bryan: That's so spot on. It reminds me of something important — the good guys have to be on their game every single day. We have to bat 1,000. The bad guys only have to get lucky once. So we need multiple layers — if we missed a firewall update, if a patch didn't get applied fast enough, those other layers are there to catch it.
And I think we're in an arms race now, not just a game of cat and mouse. We have to continue pushing on the AI-in-security front. If you don't, it's like bringing a knife to a gunfight. You can have the best sword and stand guard with it for 20 or 30 years — but the moment a bad guy walks up with a gun from 30 yards away, it's over.
I'm curious, what's your take? In industries like insurance and financial services, where there's a lot of money and sensitive data at stake — are these high targets? And where's the balance?
Matthew: I think there is a balance to an extent, but I think it has to be driven in the future from something beyond just people. To use your analogy — if you have eight people with knives and one person with seven rounds, seven people are getting shot. And people can't work 24 hours a day, seven days a week, 365 days a year. You'd have to employ so many people that you'd no longer be fiscally responsible.
But on the AI side, with so many different models out there, you have to govern AI from the start. You need to know where information is going, where it's coming back from, whether it's being used in an LLM or not. And you have to control that architecture — and honestly, keep employees from misusing it, which has to be addressed at both the policy and training level.
Most people don't realize that when you type something into ChatGPT, that information may not be yours anymore — it may belong to OpenAI and be used to train their language model. You don't want that happening with personal health information or anything HIPAA-related. Liberty is a HiTrust organization — we hold HiTrust, SOC 2 Type 2, SOC 1 Type 2 — lots of certifications we have to abide by. So we have an AI governing board that evaluates every piece of AI that comes in. We see the potential, but we also see the risk.
Bryan: I totally agree. And there are some really important distinctions emerging with AI. A lot of legacy service products are just slapping an LLM onto their platform. Take an email gateway as an example — tack on an LLM and suddenly VC investors love it. It's got all the hype words. But the reality is that adding an LLM opens up far more vulnerabilities — prompt injection, data loss, you name it.
You have to use AI intelligently. Products like Darktrace, for instance, use machine learning rather than an LLM. That's the right application. They can look at an email, understand it, understand what the bad guys are trying to do, and stop it — instead of relying on filters that threat actors find their way around. The bad guys are good at that, and there are billions of dollars at play.
I look forward to the day when AI in security gets to the point where — like self-driving cars — it's so much better than humans that you'd be crazy not to use it. We're not there yet, but we're getting close. And right now, these AI-driven products give us a real strategic and tactical advantage. The governance and understanding still have to be there, but that's where we stand in early 2026. It'll be interesting to see where things are by the end of 2026 and into 2027.
Matthew: My take is very similar — whether in security or just general business operations. The governance has to be there. You can go into Copilot right now and ask it to write Python code to build an LLM, and it'll give you 80% of it. But is it accurate? Are you verifying it? Do you know where that code came from? Going back to SolarWinds — do we want injected code creating a backdoor into every agency in the world? We have to trust but verify. Whether it's AI versus AI in the security space, or just using AI in daily operations — you have to understand what it's really doing, where it's really going, and how it's really working.
Bryan: And going back to your MGM example — security was obviously a priority for them. They spent the money. And yet social engineering was the way in. That's where AI can add another layer. When it detects a brand new account, a new machine, suddenly moving quickly across the network — it can flag and stop that, because that's not normal behavior. We can't take humans out of the equation because we are the weak link. It will always be easier to social engineer your way in than to find a novel vulnerability. As long as humans are working, social engineering will be a thing. And that's where AI can serve as that additional layer of backup.
Matthew: I think we're living in the most exciting time in IT and security right now. Seeing how it all plays out — implementing new technologies while balancing governance and oversight, staying ahead of the bad guys — it's a fascinating time. None of us have anything else to do, right? But now we've got to keep up with all of this while keeping the lights on and everything moving.
Bryan: I've always said that securing the person is far harder than securing the system. AI doesn't have feelings. AI can't be tricked the way a human can. If someone has a baby screaming in the background, you're probably more likely to help them — AI doesn't do that. AI has no feelings. It can run 24 hours a day without getting tired. But there is a fine line between convenience and security. Security will always err on the side of security. Everyone else will always err on the side of convenience. So it's finding that balance — enabling the business to do what it needs to do.
IT doesn't have to be the department that says no to everything. It can say, "We've got something in place — yes, it adds a little friction, but here's what it does for you." And you have to look beyond the price to the cost. A product might be $100, but if you replace it every two years, that's $300. Spend $150 on the right solution now and the total cost is lower. You have to take the time to govern properly, look beyond the immediate dollars, and ensure you're protecting the company's future.
Matthew: That's so true. It wasn't long ago that IT was the department that said no to everything. Can I do this? No. But the technology has advanced to the point where we can say yes a lot more. IT can now focus on how to drive the business forward and achieve business goals — rather than just being scared of everything. Yes, it's a bit like drinking from a fire hose right now. But while there's a flood of new things — vibe-coded AI products, new startups — there are also tools like Gartner's Magic Quadrant that help leaders filter it down. You're not choosing from 10,000 products. You're choosing from a handful, and it really comes down to one or two that actually fit. It seems overwhelming on the surface, but it narrows down quickly — which I think is exciting.
Bryan: I agree. I've always thought that knowledge doesn't cause people to do things wrong — knowledge is important for a reason. And to quote GI Joe from the 80s: knowing is half the battle.
Matthew: I love that quote, and it doesn't get used nearly enough. Thank you for that blast from the past. Speaking of stories — I'd love to hear your origin story. How did you get into IT, and how did you get from where you started to where you are today? We've had probably 200 guests on this show, and no two have had the same path.
Bryan: So a wealthy scoundrel seduced me into IT. My story goes way back. My first job — just to age myself — I was running RG6 with BNC connectors on a token ring network because I was small enough to fit in the ceiling. My job was to tie the wire to a wrench, throw it, retrieve it, throw it, retrieve it, drop it down, terminate it with BNC connectors, and pop it in the back. The great thing about it was you always knew where the break was — if you had six computers and three of them didn't work, number three was your problem.
I've been in IT for almost 30 years, starting in the early 90s. I actually had my own business for a while — Geek Incorporated. It was a good business for quite some time, until the bubble burst in 2008. Contracts are the first thing to go, so I took a hit and went back to private industry. I spent 10 years working in Medicaid for the state of Oklahoma, and learned a tremendous amount there.
Then I moved back into private industry in the same space. When the state of Oklahoma released an RFP to outsource managed care, Liberty was one of the companies that won that bid, and I went to work for them. Now I get to serve the same people I served for 10 years — just in a different capacity.
I've been all over IT. It's kind of a running joke here — in my first 12 months at Liberty, I had 11 different titles and 10 different bosses. Everything from data quality management, to information security officer, to Director of IT, to Director of ITSM and Operational Excellence.
For anyone coming up and looking to get into the field — build your foundation. Pay your dues on the desktop support team, in a service desk role. Learn how that end of it works. The most important thing I can say about IT today is this: we are a non-revenue-producing department, but no one can produce revenue without us. So we have to co-create value with the business by offering IT as a service — not just a bunch of hardware sitting in a closet somewhere.
Matthew: That's beautiful. Let me ask — what advice would you give to someone looking to get into IT today? There are a lot of people second-guessing whether to pursue programming or IT in general, wondering if AI is going to eliminate a lot of these jobs. Agree or disagree?
Bryan: I agree and disagree. AI is going to change things dramatically — but without it, you'd need to hire a thousand people to do the work of three. My advice: look beyond the help desk years. What are you really passionate about in the long run? The paths are very different. If you want security, there's a big difference between coming in with a Security+ versus a CISSP. Talk to someone who's been there. Talk to a CISO. Understand what you really need to learn and what path to take.
It all may start at the service desk, but from there the paths branch out significantly. You can get Cisco's CCNA or CCNP — great certifications — but they won't necessarily get you where you want to be if your goal is development. If you want to develop, you need to understand SDLC and ISTQB. Very specific fields require very specific things.
I often equate it to being a doctor. You've got your general family medicine doctor, and then you've got all the specialties. IT is the same way. Help desk is your general position — you see a little bit of everything. But if it's something complex, you get referred to a specialist. And that's okay. A developer and an infrastructure engineer think about problems in completely different ways. Security has to look at all of it from every angle — and service management is similar in that regard. You need that 1,000-yard view to not miss anything.
Matthew: Fantastic advice, Bryan. I appreciate you coming on today. You've really laid it out for anyone looking to get into IT. Thank you for sharing. Before we go, can you tell everyone where they can find out more about Liberty and about you?
Bryan: Absolutely. You can visit www.libertydentalplan.com. And you can find me on LinkedIn — Bryan Younger. I don't do social media for the reasons we talked about earlier, but I'm always on LinkedIn and happy to help. If any of you have IT questions, feel free to email me at byounger@libertydentalplan.com. I will take the time to answer.
Matthew: Fantastic. Thanks again, Bryan, and until next time!