Cybersecurity used to be about building walls around your network. Those days are over. Paul McCombs has watched the security landscape change completely during his 20-plus years as a Global CIO and Chief Digital Officer. Now he’s helping companies understand that the old playbook doesn’t work anymore, especially in manufacturing where one attack can shut down entire production lines.
Shaping Security Through Decades of Change
McCombs has seen it all during his years leading IT strategy across Fortune 500 companies and private equity firms. The technology keeps changing, but his mission has stayed the same. “I’ve spent more than 20 years leading IT and digital strategy across Fortune 500s and private equity firms,” he says. Despite constant shifts in AI, ERP systems, and cybersecurity tools, his focus remains clear: “Make technology serve the business, securely and at scale.” The biggest transformation he has witnessed is the disappearance of traditional network boundaries. “The old perimeter is gone,” he states flatly. What was once simple has become extraordinarily complex, with remote work, cloud systems, and connected devices reshaping the landscape.
When it comes to cybersecurity, McCombs distills everything into three guiding principles. “Cybersecurity today comes down to three concepts: assume breach, trust no one, build resilience,” he explains. It may sound harsh, but he sees it as pragmatic. Assuming an attacker will get in forces teams to design smarter defenses. The second principle, trust, has grown more complicated over time. Zero Trust once meant verifying credentials at the door. Now, it is much more dynamic. “Zero Trust taught us to verify everything and never assume safety. But in 2025, it’s not just one checkpoint, it’s continuous,” McCombs points out. Every person, device, and system must be validated constantly, not just once.
Enabling Real Time Security Adaptation
At Klockner, McCombs put these principles into practice with systems that adapt in real time. “Users, devices, and workloads are always revalidated based on behavior, location, and risk,” he explains. When something looks suspicious, the system reacts immediately. “If something looks off, access changes instantly. Trust isn’t static anymore. It’s dynamic.” This kind of adaptive security reflects the reality of today’s threat landscape. Attackers are not only using better tools, they are using artificial intelligence to make those tools smarter. “Attackers are now using generative AI to craft phishing, deep fakes, even automated exploits,” McCombs notes.
The only viable response, he argues, is to meet AI with AI. “That means defenders have to fight AI with AI: real-time anomaly detection, predictive threat modeling, autonomous response,” he explains. It has become an arms race, with both sides advancing rapidly. McCombs sums it up bluntly: “The new perimeter is AI versus AI. The question isn’t if you’ll be targeted. It’s whether your AI is smarter than their AI.” For business leaders, it is a sobering reminder of what it takes to keep their companies safe.
Managing Cybersecurity Risks in Manufacturing
Manufacturing companies face cybersecurity challenges that most businesses never have to consider. “For manufacturers, cyber risk isn’t just IT risk. It’s production risk,” McCombs explains. When hackers target a manufacturer, they are not only after data. “One ransomware attack can stop a line, even disrupt a whole supply chain.” This reality pushes Zero Trust principles beyond traditional IT systems. “That’s why Zero Trust is moving into operational technology,” McCombs says. Protecting a factory floor is not the same as protecting office computers, but the need for security is just as critical.
Legacy equipment adds another layer of complexity. “Legacy systems that can’t be modernized, we isolate and segment,” he explains. You work around what you cannot fix, but you never ignore it. His philosophy accepts that perfect security is impossible. “No system is breach proof. The real measure isn’t prevention, it’s recovery,” McCombs states. That shift in mindset changes the goal from stopping every attack to limiting the damage and recovering quickly. “Consolidate, simplify, contain the blast radius and bounce back fast.” For companies beginning to strengthen their defenses, his advice stays practical. “Start practical, stay aligned to the business. Scale step by step.” And his closing reminder leaves little room for illusion: “The question isn’t if someone will try to get in. It’s how ready you are when they do.”
Connect with Paul McCombs on LinkedIn to explore practical approaches to modern cybersecurity.
