Responsible AI or Responsible Marketing? A CISO’s Take

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/f1/9b/29/f19b2933-5499-f644-fc86-f183dfb1ba50/mza_213283215122529406.jpg/600x600bb.jpg

The Professional CISO

David Malicoat

90 episodes

5 days ago

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

All content for The Professional CISO is the property of David Malicoat and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Shaping Cybersecurity Leadership: Today, Tomorrow, Together.

Technology

Business,

Management

Responsible AI or Responsible Marketing? A CISO’s Take

The Professional CISO

47 minutes

1 month ago

Responsible AI or Responsible Marketing? A CISO’s Take

"I get it. I need to stop banging on the table. This will be fixed in future episodes. Sorry for the poor sound experience." - David

Get your Responsible AI Vendor Due Diligence Checklist here: https://webforms.pipedrive.com/f/ccV6a7kFIWKZpodmLcDbBhKhYnVU5N81A2tM20DGC8gepc0UtzfcqYaHXfzBi8gzuz

Episode Summary:

In this episode of The Professional CISO Show, David Malicoat explores whether “Responsible AI” pledges from vendors are genuine safeguards or simply marketing buzz. Using Zscaler’s recent claims as a case study, David walks through vendor promises, compliance implications, audit gaps, and blind spots around explainability, bias, and portability.

The episode introduces a practical CISO Vendor AI Evaluation Sheet across six domains — data handling, AI governance, auditability, liability, transparency, and exit strategy — to help CISOs push beyond assurances and demand evidence.

Key Takeaways:

Why “Responsible AI” is often indistinguishable from “Responsible Marketing”
The compliance challenges with GDPR, HIPAA, CCPA, SR 11-7, and the EU AI Act
How metadata, audit evidence gaps, and third-party dependencies introduce hidden risk
Why boards must be educated on AI risk vs. AI marketing hype
Why CISOs must own the Responsible AI conversation before regulators step in

Notable Quotes:

“Responsible AI should be more than a press release. It must be auditable, enforceable, and defensible in front of a regulator.”
“When regulators knock, they won’t call the vendor first. They’ll call you.”
“Don’t just take a vendor’s word for it — ask hard questions, demand evidence, and get it in writing.”

Listener Benefits:

By listening, you’ll gain a sharper lens for evaluating AI vendor claims, practical tools to strengthen your vendor management process, and strategies to get ahead of inevitable regulation.

Call to Action:

👉 Download the free CISO Vendor AI Evaluation Sheet from the show notes.

👉 Share this episode with your peers and comment your perspective on LinkedIn.

👉 Subscribe on Spotify, Apple Podcasts, and YouTube.

🔖 Hashtags

#ResponsibleAI #CISO #CybersecurityLeadership #TheProfessionalCISO #AICompliance #VendorRisk #AIGovernance