The most dangerous attacks at Infosecurity Europe 2026 weren't the high-tech ones. Lee Clark of the Retail & Hospitality ISAC sits down with me to explain why the soft target is still a human being — a help desk, a new hire, a phone ringing at dinner — and what stays in our hands as the shopper quietly becomes an algorithm.
PODCAST EPISODE | An Analog Brain In A Digital Age With Marco Ciappelli — On Location at Infosecurity Europe 2026
The most dangerous attacks at Infosecurity Europe 2026 weren't the high-tech ones. Lee Clark of the Retail & Hospitality ISAC sits down with me to explain why the soft target is still a human being — a help desk, a new hire, a phone ringing at dinner — and what stays in our hands as the shopper quietly becomes an algorithm.
📺 Watch | 🎤 Listen | marcociappelli.com
The phone rings while my parents are eating dinner, and before anyone reaches for it, I already know what I'll say. Probably a scammer. Let it ring. I have trained them the way you train a reflex, a small Pavlovian flinch every time the landline interrupts a meal. My grandmother's generation thought letting a phone ring was unforgivably rude. Mine has learned the rudeness is now on the other end of the line.
I was thinking about that flinch when I sat down with Lee Clark at Infosecurity Europe 2026. Lee runs threat intelligence production for the Retail & Hospitality ISAC, the place where the companies holding your loyalty points, your hotel bookings, and your checkout data come together to compare notes on who is coming after them. His job, stripped down, is translation: he takes the hash-value, log-source world of the analysts and turns it into something a board can act on. And the thing he kept returning to was not some exotic piece of malware.
The two threats his member companies report most often need almost no code at all. One is a phone call. A criminal rings the help desk, says he's an employee who needs his multi-factor authentication reset, gets it, and walks in through the front door. Scattered Spider, ShinyHunters, the loose crew they call the Com: names that sound like a heist movie and behave like one. The other is a fake résumé, North Korean operatives tracked as Famous Chollima, taking remote IT jobs at Western firms under invented identities. No hoodie, no broken encryption. People, lying to people, about who they are.
You can stop a lot of fraud by adding multi-factor authentication at the checkout page, and by adding that one step, you measurably reduce sales. So the business sits forever between wanting you safe and wanting you to keep buying, and security tends to arrive last, patching armor onto a machine already built for speed. Lock a light switch inside a box, Lee said, and eventually the person who needs the light just takes a hammer to it. We have been handing each other hammers for years.
Then we went where these conversations now always go. What happens when the shopper is no longer a person but an agent, an AI buying the paper towels so I don't have to? Agent negotiating with agent at the checkout, at machine speed, no human flinch anywhere in the loop. Maybe that is more secure. Or maybe it is a new doorway, where instead of fooling a tired employee you simply ask the agent, politely, to send the payment somewhere else.
What I carry out of that room is this. For thirty years we have been promised that the next layer of technology will finally take security off our hands. Lee doesn't believe it, and after this week, neither do I. The human stays in the loop, as the target, yes, but also as the one still able to feel that something is wrong. My parents' flinch at the dinner table is not a flaw in some outdated analog brain. It is the brain doing precisely what no checkout page can do for them.
We keep trying to automate away the part of us that hesitates. Lee spends his days proving that the hesitation is the defense.
So the question I'm left with is not whether the machines will protect us. It's whether we hold on to the part of ourselves that still knows when to hang up.
Let's keep thinking.
The full conversation is on video, audio, and in the newsletter at marcociappelli.com.
— Marco
Co-Founder ITSPmagazine & Studio C60 | Creative Director | Branding & Marketing Advisor | Personal Branding Coach | Journalist | Writer | Podcast: An Analog Brain In A Digital Age ⚠️ Beware: Pigs May Fly | 🌎 LAX🛸FLR 🌍
More from our Infosecurity Europe 2026 coverage:
Infosecurity Europe 2026 event coverage
Technology and cybersecurity conference coverage
About Marco
Marco Ciappelli is Co-Founder & CMO of ITSPmagazine, Co-Founder & Creative Director of Studio C60, Branding & Marketing Advisor, Personal Branding Coach, Journalist, Writer, and Host of An Analog Brain In A Digital Age podcast. Born in Florence, Italy, and based in Los Angeles, he explores the intersection of technology, society, storytelling, and creativity — with an analog brain, in a digital age.
🌎 marcociappelli.com | itspmagazine.com | studioc60.com
About the Guest
Lee Clark is Cyber Threat Intelligence Production Manager at the Retail & Hospitality ISAC (RH-ISAC), the information sharing and analysis center for consumer-facing industries — retail, hospitality, airlines, quick- and full-service restaurants, loyalty programs, and their supply chains. As the editor-in-chief of the ISAC's intelligence team, he turns the granular, highly technical work of analysts into strategic intelligence that business leaders can act on, and he writes much of the center's published threat research himself.
Before joining RH-ISAC, Lee worked as an intelligence consultant, including cyber threat intelligence work at Booz Allen Hamilton and engagements supporting international banks and the U.S. Air Force. He holds a Master's in security and diplomacy from the Patterson School at the University of Kentucky, and — fittingly for a guest on this show — writes about music on the side. He is based in Lexington, Kentucky.
EPISODE SUMMARY
At Infosecurity Europe 2026, Marco Ciappelli sits down with Lee Clark, Cyber Threat Intelligence Production Manager at the Retail & Hospitality ISAC, for a conversation about why the most dangerous attacks against consumer-facing businesses are also the least technical. Lee's role is translation — turning the granular work of threat analysts into strategic intelligence a board can act on — and the threats his member companies report most often need almost no code: criminals phoning the help desk to reset multi-factor authentication, and North Korean operatives (tracked as Famous Chollima) taking remote IT jobs under fake identities. The two trace the eternal tension between security and convenience, where a single safeguard at checkout can measurably cut sales, and follow it into the near future of agentic commerce, where AI agents shop on our behalf and a new attack surface opens with them. Marco's throughline: technology won't take security off our hands, the human stays in the loop, and the hesitation we feel before we click may be the defense worth protecting.
3 QUOTES — LEE CLARK
On what his job really is:
"Taking those granular technical details and creating a strategic big picture that lets leadership make clear decisions based on risk and reward — that's what I built my career on."
On why the tech stack doesn't save you:
"Your environment might be sophisticated, with a robust, layered security platform. That doesn't matter if someone uses WhatsApp on their personal phone. The criminal just goes around it. It's the humans."
On security versus convenience:
"If convenience is impacted too much, you make the system insecure. Put a locked box over a light switch, and eventually the person who needs the light breaks it with a hammer."
3 QUOTES — MARCO CIAPPELLI
On the trained reflex:
"My parents are having a meal, the phone rings, and I already think: that's probably a scammer. It's Pavlov's bell."
On the human element:
"It's the human element of a technology that could give us so much protection — and we're still leaving the key under the doormat."
On staying in control:
"I think it's good that we stay in control. We can't just trust the digital brain. We still need the analog one."