Greg Surber

From Configs to Cognitive Risk.

The Strategic View

I am a seasoned cybersecurity executive with over 20 years of leadership in large, complex organizations. Throughout my career, I have acted as a strategic partner, driving business objectives through the development of robust security measures. My expertise spans the full spectrum of the domain: offense and defense, compliance and audit, and high-level policy governance.

However, the landscape is shifting. We are moving from an era of static “Configuration” to an era of “Cognitive Risk.”

Currently, I am pivoting my focus toward AI Governance and Kinetic Risk. My goal is to bridge the dangerous gap between abstract AI “safety” guidelines and the tangible reality of Operational Technology (OT) and Critical Infrastructure.

The Scholar-Practitioner

In addition to my architectural work, I serve as an Adjunct Professor of Cybersecurity at City University of Seattle.

Teaching is not just a side role for me; it is a discipline that forces me to stay on the bleeding edge. Whether I am developing curriculum for a Master’s level Cybersecurity Auditing course or teaching Ethical Hacking, I am constantly challenged to translate complex, theoretical concepts into practical, actionable knowledge. This feedback loop—between the classroom and the enterprise—ensures my architectural advice is always grounded in fundamental principles yet adapted for modern threats.

Current Research

My current research interest lies in Agentic AI and its implications for the physical world.

  • Past: My work on the “Intelligent Interaction Framework” explored using Machine Learning to create dynamic honeypots for IoT defense.
  • Present: I am actively researching “Kinetic Risk Mapping”—specifically identifying the attack surfaces where LLM-driven agents interact with Programmable Logic Controllers (PLCs) in industrial environments.

Beyond the Keyboard

When I am not architecting security frameworks or grading papers, I am usually building something. I am an avid hobbyist in miniature modeling and wargaming. The patience required to paint a model to competition standards is the same patience required to untangle a complex legacy GRC framework: you have to respect the process, layer by layer.