Bryan Tomczyk serves as a Cybersecurity Engineer at GP Strategies Corporation, where he works closely with senior IT and infrastructure teams to secure systems across a large, global organization. GP Strategies operates primarily as a training and professional services company, supporting clients across multiple countries and industries. Bryan’s role places him at the intersection of security engineering, vendor risk management, and user education, with a strong emphasis on enabling the business rather than obstructing it. His background reflects a long term evolution into cybersecurity, shaped by decades of security focused thinking before formally entering a cyber role.
Here’s a glimpse of what you’ll learn:
- Why cybersecurity must be embedded into every role, not isolated to IT teams
- How security advocacy grows organically through education and experience
- The real risks of AI adoption without proper guardrails
- Why large language models are not a complete solution for security
- How supply chain risk has become one of the biggest threats to organizations
- What secure by design actually looks like in modern environments
- Practical considerations for evaluating AI tools and SaaS vendors
In this episode…
Bryan Tomczyk explains why the idea that security is everyone’s job only works when organizations invest in education and context. He describes how working directly with users, especially after incidents, creates awareness that policies alone cannot achieve. Security, in his view, must enable productivity while quietly reducing risk in the background.
The conversation dives deep into AI and cybersecurity, with Bryan outlining why machine learning excels at correlating massive volumes of data but struggles when used without constraints. He cautions against treating large language models as universal solutions, noting their susceptibility to hallucination, prompt injection, and misuse. Instead, he advocates for narrowly scoped, self learning systems that are heavily restricted in access.
Bryan also addresses the growing complexity of modern environments, from email security and MFA fatigue to operational technology and supply chain risk. He highlights why vendor reviews, SOC 2 reports, and infrastructure transparency are no longer optional. Throughout the discussion, he reinforces a consistent theme that security must evolve thoughtfully, balancing innovation with responsibility to protect users, data, and operations.
Resources mentioned in this episode
Matthew Connor on LinkedIn
CyberLynx Website
Bryan Tomczyk on LinkedIn
GP Strategies Corporation Website
Sponsor for this episode...
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.