Listen to this episode on:
Spotify
Apple Podcasts
YouTubeScreenly Changelog episode 18: Screenly changelog episode 18 - AI, compliance, and security for small business
Cybersecurity tends to get discussed in one of two registers: the catastrophic and the abstract. Neither one is particularly useful for the thousands of small and mid-sized businesses that need practical security without a dedicated team to manage it.
In this episode of the Screenly Changelog, Viktor Petersson and Daniel Mountcastle sit down with Ido Green, co-founder and CTO of Espresso Labs, an AI-powered cybersecurity platform built specifically for SMBs. With a background spanning Yahoo, Google, and multiple startups, Ido brings both a technical depth and an operator’s pragmatism to a space that sorely needs it.
If your organization has ever struggled to close the gap between wanting better security and actually having it, this conversation is worth your time.
Watch the full conversation above or read the highlights below.
Small businesses are the most exposed targets and the least equipped to respond
The common assumption among small business owners is that attackers are not interested in them. Ido is direct about why that assumption is wrong. Attackers are not targeting specific companies manually. They are running automated scans across the internet looking for unpatched software, outdated operating systems, and weak configurations. If you match those criteria, you get hit. The intent was never personal.
What makes this especially difficult for SMBs is the gap in resources. There is no CISO. There is no CIO. In a 30-person company, the responsibility often falls to the CEO or whoever happens to be technically adjacent. That person is rarely equipped to manage five to ten disconnected security tools, none of which communicate with each other.
The market gap Espresso Labs identified was not a lack of security tools. It was the absence of a single platform that could give SMBs enterprise-grade security coverage without requiring enterprise-grade staffing to operate it.
Compliance is becoming a forcing function whether companies are ready or not
Security awareness often takes a back seat until something forces it forward. For many SMBs today, that forcing function is compliance. Ido points to CMMC (the Cybersecurity Maturity Model Certification) as one of the most significant near-term pressures. Any business working with the U.S. Department of Defense is required to meet this framework, with enforcement now underway and a grace period running through the end of the year. That affects roughly 250,000 to 300,000 small manufacturers and contractors.
SOC 2 and ISO certifications carry similar pressure in other industries. A CPA firm handling financial data, a law firm managing client records, or a healthcare vendor working with regulated information all face compliance requirements that make security non-optional.
Viktor adds an important nuance here: compliance and actual security are not the same thing. Frameworks like SOC 2 and ISO can be treated as a checklist exercise or as genuine operational infrastructure. The difference shows up when auditors start asking for evidence. Passing a test once is not the same as maintaining the practices that make a business genuinely safer over time.
AI changes what is possible for small security teams, but the human is not out of the loop yet
One of the most grounded parts of the conversation is Ido’s take on where AI-driven security actually stands today. Leading endpoint detection platforms now use AI to identify anomalous behavior in real time, distinguishing between a legitimate administrator running a script during business hours and that same process running unexpectedly at 3am. The AI can catch that distinction and contain the threat automatically.
But Ido is careful not to overstate the case. The current model is what he describes as a joint venture between AI and human judgment. AI handles roughly 80 to 90 percent of the volume, reducing the noise that would otherwise overwhelm a small team. The remaining cases still benefit from a person reviewing them.
Viktor raises the other side of that trade-off: handing AI systems full autonomy over your infrastructure introduces its own risks. An overzealous automated response can lock out legitimate users or disable the wrong processes. The goal is not to remove humans from the loop entirely. It is to use AI to make sure humans are only dealing with the things that genuinely need them.
Reducing alert noise is the unsexy work that makes everything else possible
A million alerts a day is not a theoretical number. Viktor mentions speaking with security professionals who face exactly that volume. No team can meaningfully review that, which means important signals get buried under noise.
Espresso Labs approaches this by building industry-specific profiles into their platform. The alert patterns that matter for a law firm are different from those that matter for a manufacturer supplying defense contractors. By tailoring the detection model to the customer segment, the platform can filter out the false positives that would otherwise consume the team’s attention.
Ido notes this is also where price becomes relevant for SMBs. Traditional managed security operations can run into six figures or more for comprehensive coverage. Making that accessible at SMB scale requires not just better tooling but a fundamentally different operating model - one where AI carries the baseline load so that human expertise can be applied precisely where it counts.
IoT devices are part of the network and need to be treated that way
Digital signage players, sensors, and other connected devices rarely appear on anyone’s security checklist. They sit on the same network as everything else, but they are often provisioned once and never revisited. That oversight creates real exposure.
Daniel raises this directly in the conversation, noting that IoT devices are responsible for a significant share of enterprise attacks despite being routinely overlooked. Ido’s response is practical: the same agent-based approach that secures laptops and servers can extend to Linux-based IoT devices, which covers the majority of what is deployed in the field today. The installation is a single command. The monitoring is continuous from that point forward.
What stands out here is how the barrier is not technical. The tools exist. The gap is that most organizations never think to include these devices in their security posture in the first place.
What we are taking forward
What this conversation makes clear is that the security problem for SMBs is not primarily technical. The tools and the frameworks exist. What is missing is the layer that turns those tools from a burden into something manageable for a team without dedicated security expertise.
The broader shift worth watching is how AI changes the economics of that layer. When automated systems handle the volume of alerts and enforcement, professional-grade security stops requiring professional-grade staffing. Compliance becomes something you maintain continuously rather than something you perform once a year for an auditor.
For organizations running digital signage and connected infrastructure, that framing applies directly. Every device on a network is a potential entry point. Managing those endpoints with the same discipline applied to the rest of the business is not a nice-to-have. It is part of operating responsibly.
The full episode is available now. We hope it gives you a clearer picture of where SMB security is heading and what it takes to stay ahead of it.
Interested in secure, enterprise-grade digital signage?
Start your 14-day free trial with Screenly today.
