Avsnitt

  • AI governance is no longer just a policy conversation. As AI moves into business workflows, sanctioned platforms, employee tools, local models, agents, and third-party services, organizations need to understand where AI is being used, what it can access, who approved it, and who owns the outcome when something goes wrong.

    In this episode of ClearTech Loop, Jo Peterson speaks with Derek Fisher, founder of Securely Built, cybersecurity educator, author, and Director of Temple University’s Cyber Defense and Information Assurance Program.

    Derek brings a practical security lens to AI governance, AI agents, and third-party MCP risk. The conversation covers why governance needs clear ownership, how organizations should think about AI agents as non-human actors with access and authority, and why MCP servers and AI-enabled services should be evaluated through a third-party risk management lens.

    This episode is especially relevant for security leaders, technology leaders, compliance teams, and business executives trying to move AI from experimentation into controlled, accountable use.

    In This Episode:

    Why many organizations still do not know where AI is being used Why AI governance needs executive ownership, cross-functional standards, and business accountability How AI agents create new access control and auditability challenges Why agents should be treated more like privileged non-human actors than simple tools What organizations should ask before adopting third-party MCP servers or AI-enabled services Why AI governance is not about slowing the business down, but making the approved path usable enough that people follow it

    Key Questions:

    How do we operationalize AI governance, and who is legally accountable when an AI agent makes an unauthorized decision? How do we prevent agents from executing actions the user should not be allowed to perform? How do organizations verify the authenticity and security of third-party MCP servers and services?

    Featured Guest:
    Derek Fisher
    Founder, Securely Built
    Director, Cyber Defense and Information Assurance Program, Temple University

    Derek Fisher is a cybersecurity leader, educator, author, and speaker with experience across product security, secure software development, governance, risk management, regulatory compliance, incident response, and cybersecurity education.

    Host:
    Jo Peterson
    CIO, Clarify360
    Chief Analyst, ClearTech Research

    Additional Resources:

    Securely Built
    https://securelybuilt.substack.com/ The Application Security Program Handbook https://www.manning.com/books/application-security-program-handbook Derek Fisher on SecureWorld News
    https://www.secureworld.io/industry-news/author/derek-fisher Your AI Coding Assistant Has Root Access—and That Should Terrify You https://www.secureworld.io/industry-news/your-ai-coding-assistant-has-root-access

    Watch More ClearTech Loop:

    Subscribe to ClearTech Research on YouTube:
    https://www.youtube.com/@ClearTechResearch

    Stay in the Loop

    Follow ClearTech Research for more conversations on cybersecurity, AI governance, cloud, enterprise technology, and emerging risk.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • In this ClearTech Loop Special Edition from AWS Summit New York, Jo Peterson speaks with Himanshu Verma, Worldwide Leader for Security, Identity, and Governance Specialists at AWS, about how agentic AI is changing the identity risk conversation.

    They discuss why AI agents need to be treated as non-human identities, how AWS Security Hub helps centralize identity risk management, and why multi-Region resilience matters for enterprise security leaders.

    Episode Description

    AI agents are moving from assistive chatbots to autonomous, task-executing digital employees. That creates new identity risks around permissions, visibility, accountability, and resilience.

    In this special episode, Jo Peterson and AWS’s Himanshu Verma discuss:

    Why agentic AI changes identity risk The problem of over-permissioned agents How AWS Security Hub centralizes identity and access visibility Why Security Hub helps correlate findings across core AWS security services How multi-Region resilience supports enterprise identity and continuity

    Guest

    Himanshu Verma
    Worldwide Leader for Security, Identity, and Governance Specialists, AWS

    Host

    Jo Peterson
    CIO, Clarify360
    Chief Analyst, ClearTech Research

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • Short Description

    Season 3 of ClearTech Loop kicks off with AI security architect Phil Stafford in a practical conversation about AI governance, agent permissions, fractional identity, and why MCP servers may be the next software supply chain risk hiding in plain sight.

    Episode Description

    AI agents are moving from interesting experiments into real business environments. That means they are not just answering questions anymore. They are calling tools, touching systems, inheriting permissions, and creating a new layer of operational risk that technology and security leaders need to understand.

    In the Season 3 kickoff of ClearTech Loop, Jo Peterson sits down with Phil Stafford, AI security architect, security researcher, and cybersecurity professional, to talk about what happens when agentic AI stops being theoretical and starts acting inside the enterprise.

    This conversation gets into the practical questions leaders should be asking now: How do we govern agents when the legal system is still catching up? How do we limit what agents can actually do? What happens when an agent inherits a user’s full permissions? And are MCP servers becoming the next software supply chain problem?

    Phil puts it plainly: MCP has been described as the USB for AI. That is useful, but also a little terrifying if organizations treat every new connector like it belongs in the enterprise by default. No one would pick up a random USB stick in a parking lot and plug it into a company system. And yet, that is not a bad description of how some AI tooling is being adopted right now.

    This episode is for anyone thinking about AI governance, AI security, agentic AI, MCP servers, identity, permissions, supply chain risk, or what due diligence needs to look like when AI systems are allowed to take action.

    In This Episode

    Jo and Phil discuss:

    Why AI governance has to move beyond policy language and into operational controls Why measurement is the first step in governing AI agents Who may be accountable when an AI agent makes an unauthorized decision How the confused deputy problem shows up in agentic AI Why agents should not automatically inherit full user permissions What fractional identity means and why it matters How sub-agents can create another layer of access risk Why MCP servers need to be treated like part of the enterprise stack How MCP security connects to software supply chain security Why AI SBOM-style thinking may become increasingly important

    Featured Quote

    “MCP was sold to us as the USB for AI… You would not pick up a USB stick in your parking lot and put it into your enterprise environment. That’s what people are doing right now.”

    — Phil Stafford

    Why Listen

    Because AI governance is no longer just a strategy conversation. Once agents begin acting inside workflows, systems, and business processes, the risk becomes operational. This episode helps leaders think more clearly about what needs to be measured, limited, validated, monitored, and documented before agent behavior becomes tomorrow morning’s problem.

    Chapters

    00:00 — Introduction to Season 3 of ClearTech Loop
    00:28 — Meet Phil Stafford
    01:00 — Operationalizing AI governance
    01:14 — Why measurement comes first
    01:58 — Legal accountability and due diligence
    02:43 — The confused deputy problem
    03:39 — Why agent permissions need to be scoped
    04:05 — What fractional identity means
    05:45 — Time-bound permissions and agent behavior
    06:48 — Sub-agents and inherited access
    08:17 — MCP servers and the AI security lifecycle
    08:35 — MCP as the USB for AI
    09:53 — Allow lists, detection, and unapproved servers
    10:35 — MCP as a software supply chain issue
    11:32 — AI SBOMs and applying existing controls
    12:18 — Closing thoughts

    Guest Bio

    Phil Stafford is an AI security architect, security researcher, and cybersecurity professional. He advises organizations on AI security infrastructure, cybersecurity foundations, AI transformation strategy, and secure implementation practices. His work focuses on practical approaches to AI security, MCP risk, agent reliability, and the infrastructure needed to support safer AI adoption.

    Resources

    Singularity Systems
    https://securingthesingularity.com/ The Adversarial Trust Layer: Why the MCP Ecosystem Needs Cryptographic Attestation and Multi-Agent Verification
    https://credence.securingthesingularity.com/papers/adversarial-trust-layer.html Phil Stafford on Medium
    https://medium.com/@pe.stafford Watch ClearTech Loop on YouTube
    https://www.youtube.com/@ClearTechResearch Subscribe to the ClearTech Loop LinkedIn Newsletter
    https://www.linkedin.com/newsletters/7346174860760416256/

    Follow ClearTech Loop

    ClearTech Loop is hosted by Jo Peterson, CIO of Clarify360 and Chief Analyst at ClearTech Research. Subscribe for more Season 3 conversations on AI security, governance, infrastructure, cloud, cybersecurity, and the technology decisions shaping enterprise strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI is moving faster than policy, training, and many traditional controls were designed to handle.

    In this episode of ClearTech Loop, Jo Peterson talks with Gerald Auger, Chief Content Creator of Simply Cyber, about shadow AI, non human identities, over-permissioned agents, and what AI defense means when AI systems can act at machine speed.

    Gerald brings the educator, GRC, and practitioner-community lens to the conversation. His take is practical: organizations probably cannot put AI back in the bottle, so they need to educate users, provide approved tools, bring agents into identity governance, and start treating AI governance like a real security discipline.

    What You’ll Hear in This Episode

    Jo and Gerald discuss:

    Why shadow AI is a problem for IT, security, and the organization How AI is becoming easier to use inside everyday SaaS tools Why sensitive data in public AI tools creates a visibility gap Why user education has to be part of AI security How non human identities and AI agents create new permissioning risks Why Gerald thinks organizations may need a “manager in the loop” What AI defense means when AI systems can act quickly and at scale

    Key Insight

    AI governance is becoming its own discipline.

    Gerald’s point is not that organizations can stop AI adoption. It is that they need to build around it with education, approved tools, segmented environments, identity controls, better detection, and practical guardrails before “just let it run” becomes the strategy. Which, respectfully, is not a strategy. It is a group project with consequences.

    Timestamps

    00:00 Introduction to Gerald Auger
    00:30 Gerald’s background in cybersecurity, education, and Simply Cyber
    01:38 Shadow AI as an IT, security, and organizational issue
    03:00 Why public AI tools create data visibility risk
    04:40 Why organizations have to “ride the lightning”
    06:46 Jo on the missing layer of AI security training
    07:13 AI inside everyday tools and emerging attacker behavior
    08:58 Non human identities and over-permissioned agents
    12:30 AI Wrangler or Manager in the Loop?
    13:12 What AI defense means in practice
    15:46 AI Gone Wild and closing thoughts

    Guest Bio

    Gerald Auger, PhD, is Chief Content Creator of Simply Cyber. He is a cybersecurity educator, GRC practitioner, community builder, and creator of the Simply Cyber Daily Cyber Threat Brief.

    He has a PhD in Cyber Operations from Dakota State University and teaches cybersecurity at The Citadel. Through Simply Cyber, Gerald helps cybersecurity professionals build careers through practical education, daily threat briefings, and practitioner-first community content.

    Resources

    Simply Cyber Academy: The Definitive GRC Analyst Program https://academy.simplycyber.io/p/the-definitive-grc-analyst-program Flashlight in a Dark Room: A Grounded Theory Study on Information Security Management at Small Healthcare Provider Organizations by Gerald Auger
    https://scholar.dsu.edu/theses/329/ Subscribe to ClearTech Loop on YouTube: https://www.youtube.com/@ClearTechResearch/

    Follow

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, GRC, risk, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • Your AI policy does not matter much if no one understands how to follow it.

    In this episode of ClearTech Loop, Jo Peterson talks with Maybelyn Plecic, Manager of Training and Adoption at Network to Code, about shadow AI, non human identities, and what AI defense actually means when people are already using AI to get work done.

    Maybelyn brings a security, compliance, training, and adoption lens to the conversation. She is CISSP certified, AWS certified, and has spent her career helping teams strengthen security posture, drive compliance initiatives, and make technical change usable.

    Why This Matters

    AI adoption is already happening inside organizations.

    The challenge is that governance, policy, training, and approved tools are not always keeping pace.

    That creates risk, but not always because people are acting recklessly. In many cases, employees are trying to move faster, automate boring work, and solve problems the official process has not solved yet.

    Maybelyn frames shadow AI as an IT issue, a security issue, and a trust issue. Her point is clear: if leaders want people to use AI safely, they have to make the safe path understandable, practical, and easier than the workaround.

    What You’ll Hear in This Episode

    Why shadow AI starts with trust, not blame How protected proof of concept environments and AI sandboxes can reduce risk Why shared language matters when AI systems, agents, and workflows touch data How prompt injection, AI training defaults, and history tracking create new security concerns Why AI defense is not just a tooling conversation How leaders can create AI guidance that teams will actually follow

    Key Insight

    AI security is not only about tools and controls.

    It is about whether people understand the rules, whether the approved process works, and whether organizations are willing to meet teams where the work actually happens.

    As Maybelyn says in the episode: “how do you expect someone to be compliant if they don't even know the rules, right?”

    Timestamps

    00:00 Introduction to ClearTech Loop
    00:26 Meet Maybelyn Plecic
    01:29 Shadow AI: IT problem, security problem, or both?
    01:54 Why shadow AI starts with trust
    03:00 AI is moving faster than governance
    04:47 AI generated content, visibility, and accountability
    06:35 How language around AI is changing
    08:43 Using AI to automate the boring work
    10:40 How AI changes the CISO conversation
    12:33 Non human identities and the importance of shared language
    13:05 Workflow questions become security questions
    14:26 Prompt injection, AI defaults, and training gaps
    15:47 What AI defense means beyond tools
    17:30 Why AI guidance has to match each team
    18:45 Closing thoughts

    Guest Bio

    Maybelyn Plecic is the Manager of Training and Adoption at Network to Code. She specializes in helping teams make technical change practical, secure, and usable.

    Her work spans security posture, compliance initiatives, technical enablement, training strategy, and customer adoption. She brings a builder’s perspective to AI security, with a focus on making complex technology easier for people to understand and use responsibly.

    Additional Resources

    Maybelyn Plecic website: https://www.maybelynplecic.com/ Network to Code Resource Center: https://networktocode.com/resources/resource-center/ NIST AI Risk Management Framework:
    https://www.nist.gov/itl/ai-risk-management-framework Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, shadow AI, non human identities, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI security is not showing up as one clean problem.

    It is showing up across governance, risk, productivity, identity, API security, and defense.

    In this episode of ClearTech Loop, Jo Peterson talks with seasoned CISO Patricia Titus, about shadow AI, non human identities, AI agents, APIs, and what AI defense means when organizations are trying to move quickly without losing control. Patricia brings more than 25 years of cybersecurity leadership experience across public and private sectors, including financial services, technology, and government.

    Patricia’s take is practical: shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem. If organizations want employees to use AI responsibly, the approved path has to be easier than the workaround.

    What You’ll Hear in This Episode

    Jo and Patricia discuss: Shadow AI as a governance, risk, productivity, and security issue Why visibility has to come before control How CISOs and CIOs can create approval lanes that are easier than going rogue Why AI agents are becoming a new control plane How non human identities, service accounts, bots, and APIs are changing the access conversation Why AI defense is less about novelty and more about applying fundamentals at a new scale and speed

    Key Insight

    AI defense is not just about buying new tools. It is about understanding what AI connects to, what data it consumes, how agents behave, and whether the organization can prove access is controlled. That makes this episode especially relevant for CIOs, CISOs, IT leaders, security leaders, and enterprise teams trying to manage AI adoption inside real environments.

    Timestamps

    00:00 Introduction to Patricia Titus

    01:34 ClearTech Loop hot take format and AI security focus

    02:25 Shadow AI as both an IT and security problem

    03:03 Visibility, safe paths, and enforceable guardrails

    05:17 AI agents as a new control plane

    06:06 Why emerging AI agent behavior creates new concerns

    08:46 Jo on executive awareness and evidence

    10:33 Non human identities and how CISOs and CIOs are enabling them

    12:34 Least privilege, zero trust, and proving agents are turned off

    14:27 APIs as part of the non human identity conversation

    15:25 AI defense as fundamentals at a new scale and velocity

    16:12 Closing thoughts

    Guest Bio

    Patricia Titus is a seasoned Chief Information Security Officer. She is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.

    She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.

    Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations and leadership.

    Resources

    If Every User Needs an Identity, Why Don’t Our APIs? by Patricia Titus
    https://abnormal.ai/blog/user-identity-apis Preparing for AI Regulation: What CISOs Can Do Now by Patricia Titus
    https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now Building a Culture of Proactive Threat Defense by Patricia Titus
    https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense Season 1 ClearTech Loop
    https://www.buzzsprout.com/2248577

    Follow

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, risk, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • Cloud pricing can look simple until the bill arrives.

    In this ClearTech Loop Special Edition, Jo Peterson talks with Cristian Graziano, Principal Product Manager at Amazon Web Services, about AWS CloudFront flat rate plans and why predictable pricing matters for teams delivering internet facing applications.

    Cristian explains how CloudFront helps accelerate and secure applications, why customers often combine CDN, WAF, DDoS protection, DNS, logging, and monitoring, and how flat rate plans are designed to make that model easier to understand, approve, and manage.

    In this episode

    Jo and Cristian discuss:

    What AWS CloudFront does Why CDN pricing can get complicated How CloudFront flat rate plans simplify pricing Why predictable monthly costs matter for developers, business units, SMBs, and enterprise teams How AWS is making security part of the starting point Why WAF, DDoS protection, bot controls, and security visibility matter for internet facing applications

    Featured quote

    “Security is included by default.” Cristian Graziano, Principal Product Manager, AWS

    About the guest

    Cristian Graziano is a Principal Product Manager at Amazon Web Services. His work focuses on the customer experience for AWS CloudFront, including onboarding, console experience, and pricing.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI security is not only about policies, tools, and controls. It is also about education.

    In this episode of ClearTech Loop, Jo Peterson talks with James McQuiggan, founder and CISO of Apparent Security, about shadow AI, non human identities, and what AI defense means as organizations try to keep up with real world AI adoption.

    James brings the lens of an educator to the conversation. His perspective keeps coming back to how people learn, how they adopt new tools, and why security teams need to guide safe AI use instead of relying on blocking or policy alone.

    In this episode

    Jo and James discuss:

    Shadow AI as the next version of shadow IT Why AI adoption is happening faster than governance and training How CISOs and CIOs can create safer paths for employees using AI Why non human identities create new access and data flow risks How AI defense includes defending with AI, defending against AI enabled attacks, and protecting AI systems themselves

    Timestamps

    00:00 Introduction to James McQuiggan and the episode theme
    02:32 Shadow AI as the next version of shadow IT
    06:17 Why education matters in AI policy and rollout
    07:34 Training, micro learning, and helping users work safely
    10:05 Non human identities, access, and data flow
    12:27 What AI defense means in practice
    15:00 Final thoughts and closing

    Guest Bio

    James McQuiggan is founder and CISO of Apparent Security. He is a threat intelligence strategist, cybersecurity educator, and practitioner with more than 25 years of experience across critical infrastructure, human risk management, and security leadership.

    Resources

    AI and the Boardroom: Bridging Innovation and Security by James McQuiggan: https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security National Institute of Standards and Technology Cybersecurity Framework: https://www.nist.gov/cyberframework

    Follow

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI is already inside your environment.
    The problem is most organizations don’t fully see where or how it’s being used.

    In this episode of ClearTech Loop, Jo Peterson sits down with Rock Lambros, CEO of RockCyber, to break down what’s actually happening with shadow AI, non human identities, and AI defense as adoption moves faster than governance.

    Why This Matters

    This isn’t a future problem.

    Teams are already:

    Using AI tools outside of approved environments Creating machine and agent identities at scale Relying on security models that were never designed for this level of automation

    That gap between adoption and control is where risk is showing up.

    What You’ll Hear in This Episode

    Why shadow AI is a governance issue, not just a security problem How non human identities are scaling beyond what most organizations can manage What AI defense actually means beyond vendor messaging Where organizations are most exposed right now

    Key Insight

    AI security isn’t breaking because organizations aren’t trying.
    It’s breaking because the systems meant to manage risk are moving slower than the systems creating it.

    About the Guest

    Rock Lambros is CEO and Founder of RockCyber and a contributor to the OWASP GenAI Security Project. His work focuses on AI governance, agentic security, and helping organizations understand how AI changes the attacksurface.

    Resources

    OWASP GenAI Security Project: https://genai.owasp.org/
    AAGATE Framework: https://www.rockcybermusings.com/p/aagate-governing-the-ungovernable-operationalizing-nist-ai-rmf-agentic-ai
    Governing the Ungovernable: https://aicybermagazine.com/governing-the-ungovernable/

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • What does AI security actually look like inside real organizations?

    In this episode of ClearTech Loop, Jo Peterson talks with Todd Smith, SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank, about shadow AI, non human identities, and what AI defense looks like in environments where identity, fraud, and security are tightly connected.

    They unpack why shadow AI is both an IT and security issue, why blocking AI tools is not a long term strategy, and how organizations are trying to bring more visibility and control to environments where AI adoption is already happening across teams.

    Todd explains how shadow AI creates real risk through data leakage, IP exposure, and regulatory pressure, especially when employees turn to unapproved tools to move faster. The conversation also highlights the role of training, as organizations shift from simply restricting behavior to helping employees understand how to use AI safely.

    The discussion then moves to non human identities, where Todd describes the operational challenge of managing identities that do not follow a clean lifecycle. These identities can accumulate over time, often without clear ownership, creating a growing need for discovery, cleanup, and better control moving forward.

    From there, Jo and Todd explore AI defense from a practical standpoint. Instead of starting with external threats, the conversation focuses on understanding what is happening inside the environment first, including how AI interacts with data, identity, and access. That internal visibility becomes the foundation for any broader defense strategy.

    This episode is especially relevant for CIOs, CISOs, security leaders, and identity leaders working through the realities of AI adoption, governance, and risk in enterprise environments.

    Timestamps

    00:00 Introduction to Todd Smith and episode context
    01:40 Shadow AI: IT problem, security problem, or both?
    04:50 Discovery, visibility, and managing shadow AI
    07:55 Security as the “Department of Education”
    10:45 Non human identities and lifecycle challenges
    13:20 AI defense: starting inside the environment

    Guest Bio

    Todd Smith is SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank. His work spans identity, fraud, threat intelligence, and AI security in financial services environments. He has held leadership roles across Ameris Bank, SoFi, Barclays, Citi, and the FBI, focusing on identity, cyber fraud, and intelligence driven security operations.

    Additional Resources

    National Institute of Standards and Technology AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework National Institute of Standards and Technology Cybersecurity Framework (CSF): https://www.nist.gov/cyberframework MITRE ATT&CK Framework: https://attack.mitre.org/ Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577

    Follow ClearTech Loop

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • What does AI security actually look like inside real organizations?

    In this episode of ClearTech Loop, Jo Peterson talks with Thomas Bryant, Director of Technical Marketing at Pure Storage and independent analyst and consultant at THB3, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense.

    They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense is increasingly becoming a resilience question rather than just a detection one.

    In this conversation, Thomas explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to help employees move faster without exposing enterprise data through non approved tools. He also shares how leaders are using discovery, inventory, and training to bring more structure to environments where AI adoption is already ahead of visibility.

    The discussion then shifts to non human identities, where Thomas argues that organizations need to think differently about bots, scripts, and AI agents that can outnumber humans at massive scale. From there, Jo and Thomas dig into AI defense as a broader operational challenge centered on adversarial AI, faster response, resilience, and recovery when humans cannot keep up on their own. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, accountability, and resilience.

    Timestamps

    00:00 Introduction to Thomas Bryant and the episode theme
    01:39 Shadow AI: IT problem, security problem, or both?
    03:04 Discovery, standardization, and training around shadow AI
    05:07 NHIs, onboarding, and machine identity management
    07:18 Super agents, governance, and traceability
    11:09 AI defense, adversarial AI, and resilient security

    Guest Bio

    Thomas Bryant is Director of Technical Marketing at Pure Storage and an independent analyst and consultant at THB3. He has held leadership roles across Pure Storage, Commvault, VMware, and Dell, with a focus on technical marketing, infrastructure, cloud, AI, and cybersecurity. His work centers on helping technical teams make complex technology easier to understand and act on.

    Additional Resources

    Thomas Bryant on LinkedIn: https://www.linkedin.com/in/thomashbryant/ Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 Thomas Bryant Podcast (2024): https://podcasts.apple.com/us/podcast/the-resilience-rundown/id1730107130

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • When ransomware strikes, even the most prepared organizations can find themselves scrambling—security hunting for indicators while IT races to spin up restores. It’s a recipe for confusion and downtime.

    Chris Bevel, Practice Lead for Cybersecurity and AI at Commvault, joined Clear Tech Loop to break down how ResOps—the fusion of security and operations—creates a new model for smarter cyber resilience and faster, more coordinated recovery.


    Breaking Down the Silos

    Security and IT operations share the same goal: keep the business running. But during a cyber incident, they often work from separate playbooks. Security investigates threats; operations restores systems. The result is fragmented workstreams, miscommunication, and delayed recovery.

    ResOps bridges that divide. By aligning both teams under a unified, pre-tested recovery framework, organizations can respond to ransomware and other cyberattacks with speed and precision. The goal isn’t just to get systems back up—it’s to restore them safely and confidently.


    AI That Drives Real Decisions

    Not all artificial intelligence earns its keep. As Bevel explains, “AI doesn’t replace people—it helps them see more clearly and decide faster.”

    Commvault’s AI-powered analytics connect signals across identity behavior, configuration drift, and privilege escalation. Individually, these alerts seem routine. When correlated, they reveal hidden attack patterns—insights that help teams detect and respond before damage spreads.

    This AI-driven cybersecurity approach turns scattered data into actionable intelligence, helping organizations reduce risk and make confident recovery decisions under pressure.


    Recovery as Code: From Chaos to Confidence

    Traditional disaster recovery plans often live in outdated documentation or inside a single engineer’s mind. Recovery as code modernizes that approach, defining every restoration step as structured, repeatable, and testable code.

    By treating recovery like infrastructure, teams can ensure cyber recovery that’s not just fast but reliable and verifiable. Clean data, validated systems, and resilient configurations—these are the new success metrics for post-ransomware recovery.


    Securing Active Directory: The Core of Cyber Resilience

    In nearly every ransomware event, Active Directory (AD) is the prime target. Once compromised, attackers can move freely across the network. Bevel recounts a cautionary tale from HIMSS: a company restored all systems, only to discover the attacker still had persistence through AD.

    True identity resilience means validating every object, setting, and credential before declaring victory. Commvault extends this rigor beyond on-prem environments with protection for hybrid identity platforms like Okta, ensuring secure recovery across both cloud and data center ecosystems.


    The Future of Cyber Recovery: Practiced, Unified, Intelligent

    ResOps isn’t a tool—it’s a mindset shift. It’s about rehearsing before the crisis hits, connecting teams around shared playbooks, and letting AI surface what humans might miss.

    As organizations face increasingly complex ransomware threats, this convergence of security and operations represents the next evolution of cyber resilience.

    Commvault will showcase these ResOps and cyber recovery innovations at RSA. For anyone who’s experienced the chaos of an uncoordinated incident response, it’s a demonstration worth attending.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • What does AI security actually look like inside real organizations?

    In this episode of ClearTech Loop, Jo Peterson talks with Matt Sharp, Chief Information Security Officer at Xactly, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense. They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense now spans productivity tools, SaaS platforms, internal environments, and third party risk.

    In this episode of ClearTech Loop, Jo Peterson sits down with Matt Sharp for a grounded conversation on three issues reshaping enterprise AI governance: shadow AI, NHIs, and AI defense. Matt brings a practical view from inside a real operating environment, where AI adoption is moving fast and governance, identity, and risk have to keep up. In the conversation, he explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to steer employees toward approved AI tools while protecting enterprise data.

    The conversation then shifts to non human identities, where Matt argues that AI agents are being layered into authorization models that organizations never fully solved in the first place. From there, Jo and Matt dig into AI defense as a broader enterprise challenge that now touches browser extensions, IDEs, local models, SaaS platforms, and third party risk. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, visibility, and accountability.

    Timestamps

    00:00 Introduction to Matt Sharp and the episode theme
    02:29 Shadow AI: IT problem, security problem, or both?
    05:54 Why collaboration between security and IT matters
    07:21 NHIs, authorization, and the limits of role based access control
    12:11 What AI defense means in practice
    15:33 Platform strategy, budget pressure, and what comes next in AI security

    Guest Bio

    Matt Sharp is the Chief Information Security Officer at Xactly. He focuses on security, trust, and AI governance in environments where AI is becoming core to the business and product. He is also a venture advisor at YL Ventures and the author of The CISO Evolution.

    Additional Resources

    Matt Sharp: A CISO’s approach to creating AI governance framework: https://www.securitypalhq.com/blog/matt-sharp-a-cisos-approach-to-creating-ai-governance-framework The CISO Evolution by Matt Sharp: http://amazon.com/CISO-Evolution-Knowledge-Cybersecurity-Executives/dp/1119782481 Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577

    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Gerry Gadoury to talk about what AI security leadership actually requires as the threat landscape changes faster and the business pressure around AI keeps rising.

    This is not a conversation about one more security tool. Gerry brings the discussion back to risk judgment, executive alignment, and the human side of security leadership. As AI lowers the barrier for attackers and accelerates the pace of change, security leaders need to focus on real risk, not theoretical panic, while helping the business make better decisions under pressure.

    Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes

    “Do real risk assessments. Don't look so much for the Boogeyman. Look for the person actually knocking on your door.” “When you mandatorily push it downhill, I think people are going to resist.” “The AI landscape changes fundamentally by quarter.”

    Three Big Ideas from This Episode

    Real risk matters more than theoretical panic
    AI security starts with identifying what is likely, material, and relevant to the business instead of getting lost in every hypothetical scenario. Security cannot just be pushed downhill
    Runbooks and playbooks matter, but they do not replace executive alignment. Security works better when leaders understand the concerns, reduce resistance, and align around outcomes before a crisis hits. The CISO role is becoming more business critical
    As AI changes the risk environment, CISOs need to think more like risk officers by balancing technical controls, business priorities, and leadership judgment.

    Additional resources

    Destination Employer: Attract, Recruit, and Retain the Top Talent in Your Market by Gerry Gadoury: https://www.amazon.com/dp/B0CR352P8M/ref=cm_sw_r_cp_ud_dp_MCV88SEER4A2FGQQ6H73 NIST AI Risk Management Framework and AI Resource Center: https://airc.nist.gov/ ClearTech Loop Season 1: https://www.buzzsprout.com/2248577

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Fernando Montenegro to talk about what the CISO role actually looks like right now as generative AI spreads across the enterprise.

    This is not a conversation about one more security tool. Fernando frames AI as a forcing function that exposes the social structure of an organization, including incentives, accountability, influence, and how decisions get made. The CISO role has become a bridge role, and the job is more political, more collaborative, and more consultative than it used to be.

    Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/

    Zach Lewis Buzzsprout https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes

    “They are the translator of security issues to non security decision makers.” “One of the ways to bring these silos down is to have empathy for the other side, if you will.” “You solve all of this at the design stage, at the initiation stage, not down the line when people want to release the production.”

    Three Big Ideas from This Episode

    AI forces cross functional alignment
    AI makes silos expensive. When teams have to work together to make AI work, security cannot stay isolated and expect trust to show up later. Embed security by showing up early
    There is no perfect universal checklist. The workable move is being there at the beginning, removing friction early, and helping the initiative flourish before deadlines turn everything into a showdown. The CISO is a translator role now
    CISOs are playing multiple games at once across the board, the CIO, legal, customers, regulators, and internal teams. Translation is a core operating requirement, not a soft skill.

    Episode Notes and Links

    Listen: In the Player
    Watch on YouTube: https://youtu.be/0H4x1-Hu-44
    Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    Additional resources

    The Futurum Group, Fernando Montenegro profile
    https://futurumgroup.com/fernando-montenegro/ AI and organizational risk management resources, NIST AI Risk Management Framework
    https://www.nist.gov/itl/ai-risk-management-framework 2017 Transformers paper: “Attention Is All You Need” (2017) by Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, Illia Polosukhin. https://proceedings.neurips.cc/paper_files/paper/2017/file/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf ClearTech Research and ClearTech Loop https://cleartechresearch.com/

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • What CISOs miss when security only lives in features

    AI security is still getting framed like a technology problem: new tools, new controls, new dashboards, and new rules. In this episode of ClearTech Loop, Jo Peterson talks with Miri Rodriguez, Cofounder and CEO of Empressa.ai, about why that framing keeps breaking in the real world.

    Miri brings a people first lens to AI adoption and security. She argues that security is not just something you install. It is an environment people are willing to enter. When the environment does not feel secure, adoption either slows or goes underground, and then security teams are left trying to govern what they cannot see.

    This conversation connects three practical leadership threads: using GenAI upstream to understand real adoption patterns, embedding security and privacy without slowing innovation by designing for humans, and building governance that becomes habit instead of paperwork.

    Subscribe to ClearTech Loop on LinkedIn
    https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes
    “The opportunity is massive when you think about security as an environment, not just a technology or a feature.”
    “The features don’t matter. If you can’t tell me why the features are important in my space.”

    Three Big Ideas from This Episode

    GenAI beyond the tool stack
    Generative AI can help security leaders widen the lens on adoption. Before policies and controls, leaders need to understand where people hesitate, where they take shortcuts, and why the secure path gets avoided. Inclusion is a security control
    Speed without inclusion creates blind spots, and blind spots become risk. Security and privacy do not have to slow innovation, but they do have to be designed in a way people can understand and follow. Governance is behavior
    If governance does not translate into day to day habits, it is just documentation. Training format matters as much as content, and security sticks when people see it as personal responsibility, not corporate paperwork.

    Additional Resources

    AI Foundations for Women (Empressa AI)
    https://empressa.ai/ai-foundations-for-women/ Most Tools Weren’t Built with Women in Mind, AI Is Just the Latest
    https://empressa.ai/2025/04/03/most-tools-werent-built-with-women-in-mind-ai-is-just-the-latest/ IABC Catalyst, Building Your Brand With Microsoft Senior Storyteller Miri Rodriguez
    https://www.iabc.com/Catalyst/Article/building-your-brand-with-microsoft-senior-storyteller-miri-rodriguez

    About the Guest
    Miri Rodriguez is Cofounder and CEO at Empressa.ai, an AI and storytelling strategist, bestselling author, and Microsoft alum. She focuses on ethical innovation, inclusion, and building trustworthy AI environments where women can connect, learn, and thrive. She is also the author of Brand Storytelling: Put Customers at the Heart of Your Brand Story.

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI is getting embedded into everything, security workflows, engineering workflows, and customer facing products, often faster than organizations can govern it. The upside is real. The risk is in the assumptions leaders are making while they chase speed.

    In this episode of ClearTech Loop, Jo Peterson sits down with Margaret Dawson, Chief Marketing Officer at SUSE, for a slightly different conversation than our usual guest mix. Same three questions, but through a CMO lens shaped by decades of enterprise buying cycles.

    Margaret breaks down how security leaders can use generative AI to move beyond tools and tech, what it actually takes to embed security and privacy without slowing innovation, and how CMOs should talk about AI without getting trapped in AI washing. The throughline is practical: productivity gains are real, but cost, control, and credibility are not automatic.

    Subscribe to ClearTech Loop on LinkedIn:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes
    “The mistake that we’re making as leaders is we are assuming that the integration of AI is an automatic reduction in cost.” — Margaret Dawson

    “Until all of a sudden, the CFO got a million dollar cloud bill.” — Margaret Dawson
    “Consumers get smarter, very, very fast, especially BtoB Tech customers, and they start to know what’s real and what’s not.” — Margaret Dawson

    “Being very specific on what it is doing for your product, for that customer, tying it back to the business outcome.” — Margaret Dawson
    “People trust their peers more than any vendor or anyone else.” — Margaret Dawson

    Three Big Ideas from This Episode

    AI adoption fails when leaders treat it like automatic margin
    The board level narrative is tempting, but dangerous. AI can improve productivity, but assuming it instantly reduces cost is how organizations create governance debt and business continuity risk. Speed is possible, but only with guardrails
    Embedding security and privacy is not what slows innovation. Confusion, rework, and incidents slow innovation. The answer is clear boundaries, clear accountability, and controls that keep pace with adoption. In marketing, relevance and proof beat hype
    Buyers calibrate fast. AI messaging has to be specific, tied to outcomes, and backed by customer evidence. Credibility is built peer to peer, not through louder claims.

    Resources Mentioned

    The Secret to Digital Transformation is Human Connection by Margaret Dawson: https://devops.com/the-secret-to-digital-transformation-is-human-connection/ INTERVIEW: SUSE CMO Margaret Dawson on AI, Kubernetes & Open Source | KubeCon + CloudNativeCon NA 2025: https://www.youtube.com/watch?v=kUcEl3hfvG8 ClearTech Loop: AI Security Needs Better Execution with Zach Lewis: https://www.buzzsprout.com/2248577

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI security is getting marketed like it requires a brand-new playbook—new frameworks, new job titles, new spend.

    In this episode of ClearTech Loop, Jo Peterson sits down with Zach Lewis (CIO/CISO and author of Locked Up) for a practical reset: AI doesn’t erase the fundamentals—it punishes you faster when you ignore them. Zach breaks down where GenAI is already helping security programs today (especially tabletop exercises and prioritization), what it actually takes to embed security and privacy into AI models without slowing innovation (data classification, access controls, segmentation, documentation, least privilege), and why adoption fails when leaders treat AI like a tool rollout instead of a behavior change.

    The takeaway is simple and actionable: get the foundations right, use AI to reduce friction where it matters, and build a culture where AI augments people rather than creating fear.

    Subscribe to ClearTech Loop on LinkedIn:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes

    “Strong AI security… starts with doing the basics well.” — Zach Lewis

    “One of the best use cases I found for it was tabletop exercises.” — Zach Lewis

    “You had a billion alerts… and you’re like, which one’s important?” — Jo Peterson

    Three Big Ideas from This Episode

    1) AI security is data discipline + access discipline

    Before you talk tools, talk foundations: classify data before it touches a model, segment critical workloads, gate access by role and sensitivity, document prompts/sources/model versions, and enforce least privilege with ongoing testing and validation.

    2) GenAI can make readiness more real (tabletop exercises)

    Instead of running the same scripted scenario every year, GenAI can generate realistic incidents, inject curveballs, and help teams identify missed actions—turning tabletops into a real maturity-building loop.

    3) Adoption is a leadership problem, not a platform problem

    AI initiatives stall when people are afraid or unsupported. Training, shared use cases, and visible wins (time saved, friction removed) create a safe environment where AI augments work rather than threatening it.

    📘 Zach’s book: Locked Up: Cybersecurity Threat Mitigation Lessons from a Real-World LockBit Ransomware Response https://www.amazon.com/Locked-Cybersecurity-Mitigation-Real-World-Ransomware/dp/1394357044

    Resources Mentioned

    ClearTech Loop with Michael Machado AI Risk is Mostly Not New:https://www.buzzsprout.com/2248577/episodes/18535354-ai-risk-is-mostly-not-new-with-michael-machado Locked Up by Zach Lewis is available: https://www.amazon.com/Locked-Cybersecurity-Mitigation-Real-World-Ransomware/dp/1394357044 NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework MITRE ATT&CK Framework: https://attack.mitre.org/

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • AI is speeding up both attackers and defenders. The goal is not speed alone. The goal is speed with trust.

    In this episode of ClearTech Loop, Jo Peterson sits down with Stefano Righi, Chief Security Architect at AMI, for a hot take conversation on what AI is changing inside security programs. Stefano breaks down how GenAI can move teams beyond reactive, tool centric security into anticipatory defense through predictive threat modeling, dynamic risk assessment, and orchestration. He also explains what secure by design means for AI systems, including privacy, adversarial resiliency, prompt injection, and data poisoning, plus why human oversight still matters. The conversation closes on firmware security below the operating system and why governance aligned to standards becomes an accelerator, not paperwork.

    Subscribe to ClearTech Loop on LinkedIn:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes

    “Governance may act as a catalyst, not as a brake to innovation, enabling innovation while ensuring trust.” — Stefano Righi “From the very start, we need to pursue secure by design for AI model… build privacy and adversarial resiliency into AI life cycles… mitigate risk like prompt injection and data poisoning without slowing innovation.” — Stefano Righi “Firmware runs under the operating system, and any attack that could happen at such layer could go undetected by any antivirus solution running in the operating system.” — Stefano Righi

    Three Big Ideas from This Episode

    Governance accelerates trusted AI adoption
    Governance is not paperwork. Done right, it enables innovation while ensuring trust, and it must be cross functional rather than owned by security alone. Secure by design has to include AI systems
    Privacy and adversarial resiliency belong in the AI lifecycle from the start, with attention to risks like prompt injection and data poisoning, plus human oversight to ensure compliance and prevent misuse. Firmware is a visibility blind spot below the OS
    Platform layers from microcode to BIOS to BMC to Root of Trust create real complexity, and attacks below the OS can bypass controls that security leaders rely on for visibility.

    Episode Notes / Links

    🎧 Listen: In player above
    ▶ Watch on YouTube: https://youtu.be/wXOf6erkQ6k
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Resources Mentioned

    ClearTech Loop: The CSA AI Safety Initiative with George Finney https://cleartechresearch.com/the-csa-ai-safety-initiative-with-george-finney/ NIST AI Standards: https://www.nist.gov/artificial-intelligence/ai-standards OWASP guidance for AI: https://owasp.org/www-project-ai-security-and-privacy-guide/ CSA: How Generative AI is Reshaping Zero Trust Security https://cloudsecurityalliance.org/blog/2026/01/09/how-generative-ai-is-reshaping-zero-trust-security

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

  • Cybersecurity has become a tool driven industry. Organizations buy platforms, stack controls, generate alerts, and ask humans to stitch it all together under pressure.

    In this episode of ClearTech Loop, Jo Peterson sits down with Ryan Lutz to explore what changes when AI becomes part of the security workflow. Not as another console, but as an adaptive capability that helps teams interpret signals faster, prioritize more intelligently, and respond with more consistency when the volume is too high for humans to manage alone.

    The conversation focuses on three real-world themes:
    Why the SOC is the best initial use case for AI augmentation, how leaders should think about the inherent exposure that comes with more AI and more code, and why Ryan’s research on AI malware matters for building adaptive defensive responses.

    Subscribe to ClearTech Loop on LinkedIn:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Key Quotes

    “Cyber is a very tool driven industry… with the implementation of AI being generative, I think that we’re going to see AI being used more in a way that’s adaptive.” — Ryan Lutz

    “In a setting like a SOC analyst… you have a ton of information coming in… millions of possible attack vectors… it’s very applicable to use AI… to generate a response very quickly and more efficiently.” — Ryan Lutz

    “How should the CISO be thinking about AI adoption… from an organizational governance perspective, because you don’t want to be the Department of no.” — Jo Peterson

    Three Big Ideas from This Episode

    1) Adaptive beats tool-driven
    AI helps security teams move beyond tool sprawl by accelerating interpretation, prioritization, and decision-making in high-volume environments.

    2) The SOC is the natural first use case
    SOC work is overwhelmed by inputs and possible attack paths. Ryan explains why AI can rank what matters, accelerate analysis, and suggest response paths quickly and efficiently.

    3) Governance must guide adoption without killing innovation
    More AI and more code creates more exposure. The leadership job is balance: govern the use and guide adoption without becoming the “Department of No.”

    Episode Notes / Links

    🎧 Listen: In player
    ▶ Watch on YouTube: https://youtu.be/-2mxfnCexjQ
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/

    Resources Mentioned

    MITRE ATT&CK Framework https://attack.mitre.org/ NIST Cybersecurity Framework (CSF) https://www.nist.gov/cyberframework ClearTech Loop AI Only Works If Your Foundations Do: A Conversation with Dr. Anton Chuvakin https://www.buzzsprout.com/2248577/episodes/18211623-ai-only-works-if-your-foundations-do-a-conversation-with-dr-anton-chuvakin

    🎧 Listen: In Buzzsprout Player
    ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
    📰 Subscribe to the Newsletter:
    https://www.linkedin.com/newsletters/7346174860760416256/