AI Governance in an Era of Rapid Change
In this episode of Cyber Sentries, John Richards talks with Walter Haydock, founder of StackAware, about navigating the complex landscape of AI governance and security. Walter brings unique insights from his background as a Marine Corps intelligence officer and his extensive experience in both government and private sectors.
Understanding AI Risk Management
Walter shares his perspective on how organizations can develop practical AI governance frameworks while balancing innovation with security. He outlines a three-step approach starting with policy development, followed by thorough inventory of AI tools, and assessment of cybersecurity implications.
The discussion explores how different industries face varying levels of AI risk, with healthcare emerging as a particularly challenging sector where both opportunities and dangers are amplified. Walter emphasizes the importance of aligning AI governance with business objectives rather than treating it as a standalone initiative.
Questions We Answer in This Episode:
Key Takeaways:
The Regulatory Landscape
The conversation delves into emerging AI regulations, from New York City's local laws to Colorado's comprehensive AI Act. Walter provides valuable insights into how organizations can prepare for upcoming regulatory changes while maintaining operational efficiency.
Links & Notes
Revolutionizing Cloud Security with AI-Powered Distributed Systems
In this episode of Cyber Sentries, John Richards sits down with Mark Fussell, CEO of Diagrid and co-creator of the Distributed Application Runtime (DAPR). Mark shares insights from his extensive experience in distributed systems and discusses how modern architectures are evolving to incorporate AI capabilities.
The Evolution of Distributed Applications
Mark explains how DAPR emerged from observing common challenges teams faced when building distributed systems. The project, which started in 2018 and became open source in 2019, has grown into a graduated Cloud Native Computing Foundation (CNCF) project used by thousands of companies worldwide. He details how DAPR's component model allows teams to swap infrastructure without changing code, providing crucial flexibility for enterprise systems.
Questions We Answer in This Episode
Key Takeaways
The Future of AI in Distributed Systems
Mark discusses Diagrid's Catalyst platform, which helps organizations build enterprise-ready distributed applications with integrated AI capabilities. He emphasizes the importance of security, durability, and workflow management as organizations begin incorporating AI agents into their systems.
Links & Notes
AI-Powered Cloud Security: From Research Lab to Enterprise Reality
In this episode of Cyber Sentries, John Richards talks with Mohit Tiwari, co-founder and CEO of Symmetry Systems and associate professor at UT Austin, about transforming academic research into practical enterprise security solutions. Mohit shares his journey from academic research to founding a company that's revolutionizing how organizations approach data security in the age of AI.
Bridging Academia and Industry
Mohit discusses how his research team at UT Austin developed innovative approaches to data security and privacy, working with organizations like NSA, Lockheed, and General Dynamics. Their work led to founding Symmetry Systems in 2020, focusing on operationalizing data flow security across enterprise environments.
The Evolution of Data Security
The conversation explores how traditional asset-centric security approaches are giving way to data-centric models. Mohit explains how Symmetry Systems helps organizations protect data flows across multiple applications and platforms, making security more efficient and effective than traditional bespoke solutions.
Questions We Answer in This Episode:
Key Takeaways:
Looking Ahead: The Future of AI Security
The episode concludes with insights into emerging challenges in AI security, including the need for better business purpose frameworks and advanced detection capabilities for sophisticated attacks like ransomware.
Resources
AI-Powered Identity Verification: Beyond Passwords and into the Future
In this episode of Cyber Sentries, host John Richards sits down with Michael Engle, co-founder and CSO of 1Kosmos, to explore how AI is revolutionizing identity verification and authentication in cybersecurity. Mike brings decades of experience from Wall Street to modern startups, offering unique insights into the evolution of digital identity protection.
The Identity Crisis in Modern Security
Identity verification has become the new perimeter in cybersecurity, accounting for 80% of security problems. Mike explains how traditional methods like passwords and basic MFA are failing to meet current security challenges, especially as AI agents become more prevalent in our digital lives. 1Kosmos is tackling this through advanced biometric verification, behavioral analysis, and AI-powered authentication systems.
Questions We Answer in This Episode:
Key Takeaways:
The Future of Digital Identity
Looking ahead, Mike discusses 1Kosmos's work on digital wallets and universal identity verification systems. These innovations aim to create reusable, trusted identities that can work across multiple platforms while maintaining security through biometric verification and AI-powered fraud detection.
Links & Notes
AI's Evolution in Security Operations: From Support to Collaboration
Doron Davidson, Managing Director of Security Operations at Cyberproof, joins John Richards to explore how AI is transforming security operations and pushing SOC maturity models into new territory. With extensive experience from telecom security to founding SecBI, Doron brings unique insights into the evolution of managed security services.
Rethinking Security Maturity Models
Doron outlines Cyberproof's innovative approach to service maturity, moving beyond traditional frameworks to incorporate AI capabilities. He describes how they've developed a 1-5 scale measuring people, processes, and technology—with quantifiable 20% year-over-year improvement targets.
Questions We Answer:
Key Takeaways:
The Future of Security Operations
The conversation explores how Cyberproof is moving beyond traditional AI integration toward agentic models where multiple AI agents collaborate across security functions. This shift enables enhanced threat intelligence sharing, automated investigations, and improved visualization of security metrics for stakeholders.
Practical Applications and Impact
From automating email attack investigations to improving cross-team collaboration, Doron shares concrete examples of how AI is reducing human error while expanding security capabilities. He emphasizes the importance of maintaining human oversight while leveraging AI's strengths.
Resources
AI, Investment, and Security: A Venture Capitalist's Perspective
Sherman Williams, managing partner at AI and Ventures, joins John Richards to explore the intersection of artificial intelligence, cloud security, and venture capital. As a Naval Academy graduate turned investor, Sherman brings unique insights from both military and commercial technology perspectives. His firm focuses on dual-use technologies - innovations that serve both government and commercial applications - making him particularly well-positioned to discuss AI's evolving role in security.
The conversation delves deep into how organizations should approach AI implementation, viewing it as a powerful tool rather than a solution in itself. Sherman shares valuable perspectives on the distinction between AI DevTools and application layer AI, and how entrepreneurs should focus on solving specific problems rather than getting caught up in AI hype. The discussion explores critical considerations around open-source versus closed-source models, particularly in sensitive sectors like government, healthcare, and insurance.
Questions we answer in this episode:
Key Takeaways:
This episode offers essential insights for anyone interested in the future of AI in security and technology development. Sherman's unique perspective, combining military experience with venture capital expertise, provides valuable context for understanding how AI is reshaping the security landscape while highlighting both opportunities and challenges ahead.
Links & Notes
Transforming Cloud Security Through AI and Data Fabric
Daniel Deeney, CEO and co-founder of Paladin Cloud, joins John Richards to explore how artificial intelligence is revolutionizing cloud security. With extensive experience as an enterprise software CEO and venture capitalist, Deeney brings unique insights from his successful track record of building and scaling cybersecurity companies. After his previous company's acquisition by VMware in 2019, he launched Paladin Cloud to address the growing challenges of managing security across multiple cloud environments.
The episode delves deep into the concept of data fabric and its crucial role in modern cybersecurity. Richards and Deeney discuss how organizations struggle with tool proliferation and data overload in cloud security. They explore how Paladin Cloud's innovative approach uses data fabric to unify risk assessment across various security tools while leveraging generative AI for enhanced threat intelligence. The conversation highlights practical solutions for teams dealing with overwhelming security alerts and the challenge of prioritizing threats effectively.
Questions we answer in this episode:
Key Takeaways:
This episode offers invaluable insights for security professionals, DevOps teams, and technology leaders grappling with cloud security challenges. Whether you're dealing with alert fatigue, struggling to prioritize security risks, or looking to understand how AI can enhance your security operations, this discussion provides practical guidance and strategic perspectives on navigating the complex landscape of modern cloud security.
Links & Notes
Diving into the Rise of On-Prem AI and Cloud Security
In this episode of Cyber Sentries, host John Richards is joined by Doron Caspin, a Senior Manager of Product Management at Red Hat, and Christopher Nuland, a Technical Marketing Manager at Red Hat. They explore the growing trend of on-premise open source models for running AI and the unique benefits and challenges that come with it. The conversation also touches on how DeepSeek has challenged the big players and validated the value of smaller agentic models.
John, Doron, and Christopher dive into the shifting landscape of AI and cloud security. They discuss the trends Red Hat is seeing in the industry, such as the move towards smaller, domain-specific language models and the importance of securing AI workloads in hybrid cloud environments. The guests share insights on the key considerations organizations face when deciding to run AI models on-premises, including compliance requirements and the need to treat AI models with the same level of security as databases.
Questions we answer in this episode:
Key Takeaways:
This episode is a must-listen for anyone interested in the intersection of AI and cloud security. John, Doron, and Christopher provide valuable insights and practical advice for organizations navigating this rapidly evolving landscape. Whether you're a security professional, data engineer, or business leader, you'll come away with a deeper understanding of the trends shaping the future of AI and the steps you can take to secure your AI workloads.
Links & Notes
Navigating AI Adoption: From Exploration to Implementation
In this illuminating episode of Cyber Sentries, John Richards sits down with Jim Wilt, distinguished chief architect at Weave and veteran security practitioner. With decades of experience in emerging technologies since the mainframe era, Jim brings unique insights into how organizations can successfully integrate AI while maintaining robust security practices.
The conversation delves deep into a three-phase approach for AI adoption: learning, growing, and landing. Jim emphasizes the importance of experimentation before commitment, challenging the common rush to define use cases before understanding the technology's capabilities. He shares practical examples of how organizations can progress from internal testing to external deployment, while maintaining security at each stage. The discussion explores how AI isn't about replacement but enhancement - whether for individual roles or organizational processes - and why adaptability in implementation is crucial for success.
Questions we answer in this episode:
Key Takeaways:
This episode provides invaluable guidance for any organization navigating AI adoption. Jim's practical, experience-based insights cut through the hype, offering a clear roadmap for sustainable AI integration while maintaining security integrity. Whether you're just starting your AI journey or looking to refine your existing approach, this discussion offers actionable strategies for success.
Links & Notes
Bel Lepe Reveals How AI Reduces Security Risks By Removing the Human Element
In this episode of Cyber Sentries, host John Richards is joined by Bel Lepe, Co-founder and CEO of Cerby, to explore how removing the human factor through automation can dramatically decrease an organization's attack surface. John and Bel dive into the transformative potential of AI in identity and access management, especially for applications that don't support modern security protocols.
Bel shares his insights on the current state of identity security and how Cerby is tackling the challenge of securing disconnected apps at scale. He explains how generative AI enables Cerby to build and maintain integrations for thousands of apps without relying on standards. The discussion also touches on emerging trends in identity, including the fragmentation of identity across multiple platforms and the growing threat of AI-powered impersonation attacks.
Questions we answer in this episode:
Key Takeaways:
Whether you're a security professional looking to stay ahead of the curve or a business leader seeking to understand the impact of AI on your organization's security posture, this episode is packed with valuable insights. Tune in to learn how AI is revolutionizing identity and access management and what you can do to safeguard your organization in the face of evolving threats.
Links & Notes
Securing the Digital Future with Former Fortune 500 CISO Tim Youngblood
John Richards welcomes Timothy Youngblood, a four-time Fortune 500 CISO and current CISO in Residence at Astrix Security, to discuss the evolving landscape of cybersecurity leadership. With experience at Dell, Kimberly Clark, McDonald's, and T-Mobile, Tim brings unique insights into how security leadership must adapt to emerging threats while maintaining operational effectiveness.
The conversation explores Tim's journey from Dell's first CISO to handling security across diverse industries. John and Tim delve into fascinating security incidents, including a notable McFlurry API DDoS attack at McDonald's, demonstrating how modern security challenges can emerge from unexpected places. The discussion shifts to the critical topic of non-human identity attacks and the growing importance of managing machine identities in cloud environments. Tim shares his perspective on how AI is reshaping security practices and why education remains fundamental to effective security programs.
Questions we answer in this episode:
Key Takeaways:
This episode offers invaluable insights for security professionals navigating complex organizational challenges while adapting to emerging threats. Whether you're a seasoned CISO or aspiring security leader, Tim's practical experiences and strategic approaches provide actionable wisdom for building robust security programs in any environment.
Links & Notes
Open Source AI: Transparency, Sovereignty, and Who Controls the Data
In this episode of Cyber Sentries, host John Richards is joined by JJ Asghar, an Open Source Champion and Developer Advocate at IBM. They explore the importance of open source in the AI world, how transparency can allow for AI sovereignty, and why we should care about who controls the data.
JJ shares his journey into the AI space at IBM and his strong opinions formed from working on open source AI projects. The discussion delves into the differences between mainstream closed-source AI models and the emerging open-source alternatives, highlighting the privacy and trust aspects that are becoming increasingly important, especially outside the United States.
Questions we answer in this episode:
The conversation covers the challenges of building and running AI models, the compute resources required, and how open-source approaches can provide more transparency and control. JJ explains the concept of AI sovereignty, where countries and organizations want to run AI within their borders and under their own rules and restrictions. This brings up issues of hardware accessibility and the lifecycle of AI models.
Key Takeaways:
While open source offers many benefits, the discussion also touches on the challenges, such as the potential for model poisoning and the current lack of genealogy in AI models. Despite these hurdles, open source remains a powerful force in the AI world, with the potential to provide more eyes on the code and faster problem resolution.
This episode offers valuable insights into the complex world of AI, the role of open source, and the importance of data control and transparency. Whether you're a developer, a security professional, or simply interested in the future of AI, this conversation provides a thought-provoking look at the challenges and opportunities ahead.
Links & Notes
Decoding Zero Trust Security for Cloud Native Environments
In this episode of Cyber Sentries, John Richards welcomes Zack Butcher, Founding Engineer at Tetrate, to explore the critical components of zero trust security for cloud native and microservice environments. Zack, with deep expertise from his time at Google and work with NIST, shares practical insights on achieving a zero trust posture.
John and Zack dive into the fundamental mindset shift required for zero trust - moving from implicit to explicit trust. They break down the five key policy checks that define runtime zero trust, and how these controls can enable identity-based segmentation. Zack illuminates how this approach allows organizations to boost assurance while strategically relaxing painful network-level constraints.
Questions we answer in this episode:
• What does Zero Trust really mean in practice?
• How can organizations adopt a Zero Trust mindset?
• What role does a service mesh play in Zero Trust?
Key Takeaways:
• Zero Trust requires making all trust explicit
• 5 key runtime policy checks define a Zero Trust posture
• Identity-based policies boost assurance and agility
Whether you're wrestling with Zero Trust definitions, microservice security, or cloud native challenges, this episode delivers a wealth of battle-tested wisdom. Zack's clear explanations and examples, combined with John's knack for extracting practical takeaways, make this a must-listen for anyone navigating the complex world of cloud native security.
Links & Notes
Decoding the Language of Machines: AI's Potential to Revolutionize Cloud Security
In this episode of Cyber Sentries, host John Richards is joined by Murali Balcha, founder and CTO at Trilio, to explore how AI could transform cloud security by understanding the unique language of machines. Balcha brings over 20 years of experience in IT, particularly in storage systems, to the conversation.
Harnessing AI for Proactive Security
John and Murali dive into the potential of AI to enhance cloud security by analyzing the vast amounts of data generated by IT systems. By treating system logs as a language that AI can learn, models could be trained to identify threats and anomalies in real-time, even detecting zero-day attacks that traditional rule-based systems might miss. This shift towards proactive, AI-driven security could significantly reduce the time between a threat emerging and its detection.
Questions we answer in this episode:
Key Takeaways:
This episode offers valuable insights into the cutting-edge applications of AI in cloud security. Listeners will gain a deeper understanding of how machine learning can be harnessed to protect their systems and data, as well as a glimpse into the future of proactive, intelligent security solutions.
Links & Notes
Ori Bendet Shares Insights on AppSec and Managing AI Risks
In this episode of Cyber Sentries, John Richards is joined by Ori Bendet, VP of Product Management at Checkmarx, a leader in application security. They explore the critical role of application security in today's digital landscape and discuss strategies for managing the risks and opportunities presented by the rapid adoption of AI in software development.
Ori shares his journey into the cybersecurity industry and offers advice for those transitioning into the field. He emphasizes the importance of focusing on areas that are business-critical, such as application security, as more companies become software-driven. Ori also discusses the shift in application security from finding every vulnerability to prioritizing the most critical risks, given the accelerated pace of development and deployment.
Questions we answer in this episode:
• How can organizations effectively prioritize application security risks?
• What are the key challenges and opportunities presented by AI in software development?
• How should security teams adapt their practices to manage AI-generated code?
The conversation delves into the disruptive impact of AI on software development and the new types of risks it introduces, such as AI hallucination, data poisoning, and prompt injection. Ori stresses the importance of a layered approach to securing AI-generated code and the need for organizations to assess their specific use cases and risks before defining policies and tools.
Key Takeaways:
• Application security is critical as companies become increasingly software-driven.
• Focus on prioritizing the most critical risks rather than trying to find every vulnerability.
• Adopt a layered approach to securing AI-generated code and keep the human in the loop.
This episode offers valuable insights for anyone looking to understand the evolving landscape of application security and the impact of AI on software development. Ori's expertise and practical advice make this a must-listen for security professionals, developers, and business leaders alike.
Links & Notes
Kubernetes, AI, and Edge Computing: A Powerful Combination
In this episode of Cyber Sentries, John Richards is joined by Saad Malik, CTO and co-founder of SpectroCloud, to explore the intersection of Kubernetes, AI, and edge computing. Saad shares his insights on how these technologies are transforming various industries and the challenges organizations face when implementing them at scale.
Unlocking the Potential of Kubernetes and AI
Throughout the episode, John and Saad discuss the growing adoption of Kubernetes and AI across different environments, from public and private clouds to data centers and edge locations. Saad explains how SpectroCloud's platform simplifies the management of Kubernetes clusters, enabling organizations to leverage the unique capabilities of each environment while maintaining consistency and security.
Questions we answer in this episode:
Key Takeaways:
The conversation also touches on the cultural shift required to embrace AI-driven automation in Kubernetes management. Saad suggests that organizations will gradually adopt these technologies as they gain confidence in the recommendations and actions taken by AI systems.
This episode offers valuable insights for anyone interested in the future of Kubernetes, AI, and edge computing. Whether you're a developer, platform engineer, or IT decision-maker, you'll come away with a better understanding of how these technologies can be leveraged to drive innovation and efficiency in your organization.
Links & Notes
Unlocking the Power of AI in DevSecOps
In this episode of Cyber Sentries, host John Richards sits down with John Bush, solutions architect at GitLab, to explore how artificial intelligence is transforming the day-to-day lives of developers. Bush, who has been coding since childhood, shares his insights on how AI is becoming embedded into every aspect of the DevSecOps pipeline, from writing code to identifying and remediating security vulnerabilities.
John and Bush dive deep into GitLab's AI-powered features, collectively known as Duo, which are sprinkled throughout the software development process. They discuss how these features enhance productivity, automate monotonous tasks, and provide valuable insights to both developers and business users alike. Bush also sheds light on the importance of human oversight in the AI-assisted development process, emphasizing the need for thorough code reviews and security scans.
Questions we answer in this episode:
Key Takeaways:
Bush provides a fascinating look at the evolution of DevSecOps, stressing the importance of considering security throughout the development process rather than as an afterthought. He explains how GitLab's AI-powered features, such as vulnerability scanning and automated remediation, help developers efficiently identify and fix security issues early on, saving time and resources in the long run.
This episode is a must-listen for anyone interested in the cutting-edge intersection of AI and DevSecOps. Whether you're a seasoned developer, a security professional, or simply curious about the future of software development, you'll come away with valuable insights and a clearer understanding of how AI is revolutionizing the industry.Episode Notes
Links & Notes
On this episode, Paladin Cloud’s CEO and co-founder Dan Deeney steps into John Richards’ shoes to play host! He welcomes cybersecurity veteran Mike Crowe to the show. With over 30 years of experience as CIO of Colgate-Palmolive, Mike provides unique insight into the evolution of threats, strategies for defense, and trends that keep CISO’s up at night.
Dan and Mike explore the increasingly complex threat landscape companies face today. From expanding digital footprints and geopolitical instability empowering nation-state attacks, the challenge grows for security teams. However, new tools also emerge to help lighten the load, such as automation that prioritizes risks and enables efficient remediation across global organizations.
The conversation dives into specific trends like AI and how guardrails must develop alongside new capabilities. Open source models offer both risks and opportunities when thoughtfully incorporated into private LLMs. Throughout, Mike stresses finding what you don't know through proactive testing as the best way to stay ahead of attackers.
Questions we answer in this episode:
Key Takeaways:
With Mike's wealth of practical experience, this episode provides valuable strategic perspective on cybersecurity that both new and seasoned professionals can apply to strengthening their own organizations' posture. Listeners will gain insights on current realities and where the industry is heading to stay ahead of evolving dangers.
Links & Notes
Exploring the AI-Powered Future of Cloud Security with Thomas Johnson
On this episode of Cyber Sentries, host John Richards interviews Thomas Johnson, CTO and co-founder of Multiplayer, about how AI is transforming cloud security. As AI capabilities rapidly advance, Thomas provides insights into how engineering teams can leverage AI to enhance workflows, generate code, and convert basic sketches into functional systems.
John and Thomas dive into key questions surrounding AI ethics, choosing open source vs proprietary models, and best practices for handling sensitive data. Listen in to hear Thomas' advice for developers looking to integrate AI into their tech stacks.
Questions we answer in this episode:
Key Takeaways
This fascinating discussion explores how AI is transforming cloud security and development workflows. Thomas provides practical insights into leveraging AI's immense potential while avoiding pitfalls. Whether you're an engineering leader or a developer new to AI, this episode offers an enlightening look at the AI-powered future of tech.
Links & Notes
John sits down with Shreyans Mehta, CTO and co-founder of Cequence Security, to discuss how AI and machine learning can be applied to improve cloud security. They provide valuable insights for security teams looking to leverage AI to protect their cloud environments and applications.
The conversation focuses on using AI for security use cases like detecting anomalies and suspicious behavior, identifying misconfigurations, and automating response. Shreyans shares real-world examples of how Cequence Security has developed AI models to analyze network traffic, APIs, logs, and other data sources to detect threats targeting cloud applications and infrastructure.
Questions we answer in this episode:
Key Takeaways:
This insightful discussion highlights the transformative potential of AI to improve threat detection, investigation, and response. Security teams looking to apply AI can come away with a better understanding of where to start and how to build an effective AI strategy. John and Shreyans explore key considerations around data quality, model accuracy, and responsible AI practices.
Overall, this episode delivers practical guidance to help security leaders successfully navigate the AI landscape. Listen in to learn how to harness the power of AI to advance your cloud security program.
Links & Notes
Got a question about cybersecurity, AI, or something else related? Ask us here, and we'll get to it in a future episode!