Unveiling AI, Data Security, and Innovation

Howard Holton, the Chief Technology Officer of GigaOm, explores some of the most pressing topics in technology today. With over two decades of experience spanning roles as CTO, CISO, CIO, and consultant, Howard brings a wealth of knowledge to the conversation. His background includes leadership positions at Rheem Manufacturing, Hitachi Vantara, and Precision Discovery, where he honed his expertise in digital transformation, data science, and operational strategy. At GigaOm, Howard combines his technical acumen with a passion for helping organizations navigate the complexities of modern technology landscapes.

Generative AI: Hype vs. Reality

The conversation delves into the rapid rise of generative AI (GenAI) and the realities beyond the hype. Howard explains how businesses are grappling with this transformative technology, which, while promising, is rife with complexities. Many organizations rushed into adopting AI without fully understanding its implications, leading to inefficiencies and unexpected risks. He points out that generative AI is a powerful tool but cautions against treating it as a catch-all solution. The conversation highlights how improper use can lead to issues like misinformation, inaccurate outputs, and even legal challenges, underscoring the need for deliberate strategy in deploying AI tools.

Tackling AI Governance and Risks

Howard also provides an unvarnished look at AI governance and its associated risks. With generative AI being a relatively young technology, governance frameworks are still in their infancy. Organizations often lack cohesive tools to manage the risks associated with AI deployments. This leads to challenges in ensuring compliance with data privacy regulations and safeguarding sensitive information.

Shadow AI: The Hidden Risk

Shadow AI emerged as another critical topic in the discussion. Howard describes Shadow AI as the unauthorized use of AI tools by employees, often without the knowledge or approval of management. While employees leverage these tools to improve productivity or efficiency, this practice introduces significant risks to data security and compliance. Sensitive company data may unknowingly be exposed to public large language models (LLMs), creating vulnerabilities and potential regulatory breaches.

Advice for the Tech Community

Closing the episode, Howard offers invaluable advice for professionals navigating the ever-changing tech landscape. He underscores the importance of mentorship, curiosity, and collaboration in driving innovation. “It’s our job to help people,” he says, emphasizing the need for tech leaders to share their knowledge and foster growth within their communities. Howard also encourages organizations to adopt a mindset of continuous learning, particularly as emerging technologies like AI continue to evolve.

LinkedIn: https://www.linkedin.com/in/howardholton/

GigaOm: https://gigaom.com/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Luigi Lenguito, a pioneering figure in predictive cybersecurity, brings an extraordinary background to his role as founder and CEO of BforeAI. Before revolutionizing cyber threat prevention in 2018, Lenguito's 18-year tenure at Dell and Quest Software encompassed 26 diverse executive positions. His unconventional journey from Formula Three racing champion in Italy to tech industry innovator showcases his adaptability and vision. At Dell, Lenguito's entrepreneurial spirit shone through his creation of a groundbreaking program that bridged the gap between corporate employees and startups, demonstrating his talent for fostering innovation and maximizing human potential.

Building a Bridge Between Corporates and Startups

One of Lenguito’s most impactful achievements at Dell was creating an innovative entrepreneurship program that connected Dell employees with early-stage startups. The program grew to involve over 400 Dell employees mentoring 10 to 20 startups at any given time. Rather than following traditional corporate-startup engagement models, Lenguito’s program focused on unleashing the untapped potential of Dell employees, allowing them to utilize skills from their past experiences that weren’t being used in their current roles. This unique approach not only benefited the startups but also significantly improved employee satisfaction and retention.

From Intrapreneur to Entrepreneur

Lenguito’s exposure to entrepreneurs through the Dell program eventually inspired his own entrepreneurial journey. In 2018, he founded BforeAI after discovering research that aligned with his long-held vision of predictive cybersecurity. Inspired by the concept of “pre-crime” from the movie Minority Report, Lenguito saw the potential to transform cybersecurity from reactive to proactive that relies on continuous monitoring. His company now prevents an average of 20 million potential cyberattack victims daily, with the ability to predict threats up to nine months in advance.

Insights on Building Corporate Innovation Programs

Drawing from his experience, Lenguito shares three key principles for organizations looking to build successful corporate entrepreneurship programs. First, clearly define your purpose--understanding why you’re creating the program is crucial. Second, set clear boundaries and expectations upfront about what the program will and won't do to avoid frustration on both sides. Third, secure appropriate funding by identifying who benefits from the program’s secondary outcomes, as they should be the ones sponsoring it.

Future of Cybersecurity

Lenguito’s vision for the future of cybersecurity challenges the industry’s current “assume breach” mentality and zero trust security principles. His experience with cyber insurance providers has led to innovative hybrid models that combine traditional insurance with predictive security measures. This forward-thinking approach has earned recognition from industry leaders, with BforeAI recently being named a Gartner Cool Vendor in AI and GenAI for banking and financial services.

LinkedIn Profile: https://www.linkedin.com/in/llenguito/

BforeAI: https://bfore.ai/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

The Kiteworks 2025 Forecast for Managing Private Content Exposure Risk Report offers a comprehensive analysis of emerging cybersecurity and compliance trends shaping the year ahead. The report identifies 12 pivotal trends affecting how organizations manage private content exposure risk, highlighting critical areas like data privacy regulations, software supply chain security, AI governance, and quantum computing threats. With 75% of the world's population expected to have their personal data protected under privacy laws by 2025, organizations must implement robust strategies to mitigate risks and ensure compliance.

During the Kitecast episode, cybersecurity experts Alexandre Blanc and Evgeniy Kharam discussed the alarming rise in software supply chain attacks. These attacks are projected to spiral and the associated cost. The experts emphasized that while compliance frameworks like SOC 2 and ISO 27000 standards provide baseline guidance, organizations must move beyond mere checkbox security compliance. "Alexandre explained, “Organizations often view SOC 2 or ISO certification as the end goal, but that's just the starting point. What matters is building a comprehensive security program that actually addresses real risks and maintains security posture over time."

The discussion delved deep into CMMC 2.0 compliance challenges facing defense contractors. While surveys indicate most organizations believe they're prepared for certification, the reality is starkly different: the actual number of organizations ready to pass certification requirements is quite low. Evgeniy noted, "Don't wait to start your CMMC preparation. This isn't just about checking boxes. Organizations need to understand their environment, document their processes, and implement required controls - all of which takes significant time and resources."

The Kitecast conversation highlighted growing concerns about employees inadvertently exposing sensitive data through public large language models (LLMs) and other AI tools. Rather than focusing solely on technical controls, the experts emphasized the need for comprehensive governance frameworks that include clear policies, regular training, and approved platforms for business use. You cannot just block ChatGPT and think you've solved the problem. New AI tools emerge constantly. Organizations need to educate employees about the risks and provide secure alternatives for legitimate business needs.

2025 Forecast Report

https://www.kiteworks.com/forecast-report/

LinkedIn Profile for Evgeniy Kharam

https://www.linkedin.com/in/ekharam/

LinkedIn Profile for Alexandre Blanc

https://www.linkedin.com/in/alexandre-blanc-cyber-security-88569022/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Jerod Brennen, VP of Cybersecurity Services at SideChannel, brings a unique perspective to cybersecurity leadership. Originally pursuing a career in music education, Brennen's journey led him through various IT roles before landing in cybersecurity at a public utility. Today, he serves as a vCISO for multiple organizations while also creating educational content for LinkedIn Learning, where he has developed over 40 courses covering topics from application security to ethics in technology. His unconventional path from music to technology has shaped his approach to security leadership, emphasizing the importance of both technical expertise and human understanding.

As a vCISO, Brennen emphasizes the importance of tailored security approaches for small and medium-sized businesses. His work at SideChannel involves helping organizations across various sectors—from healthcare technology to manufacturing—build resilient security programs that align with their specific needs and capabilities. He highlights that while many of these businesses may not have the resources for a full-time CISO, they still require sophisticated security leadership to protect their digital assets and maintain compliance with industry standards. Brennen’s approach focuses on building security programs that enable business growth rather than simply implementing restrictions, ensuring that security measures support rather than hinder organizational objectives.

A significant portion of the conversation focused on the challenges of data security in modern business environments. Brennen discusses the complexities of managing data access, particularly in cloud environments, and emphasizes the importance of proper tenant separation for different environments (development, testing, production). He notes that while cost often drives initial cloud decisions, mature organizations eventually shift their focus to building stable, secure infrastructure that aligns with their business goals. The discussion delved into the increasing importance of compliance frameworks such as SOC 2 and CMMC, with Brennen sharing insights on how organizations can effectively prepare for and maintain these certifications while avoiding common pitfalls.

The discussion also touched on emerging technologies, particularly the challenges and opportunities presented by AI. Brennen addresses the growing concern among organizations about the secure use of generative AI tools, highlighting the need for clear policies around data sharing with these platforms. He emphasizes the importance of considering long-term implications of AI adoption, drawing parallels with recent events in the tech industry to illustrate the potential risks of data handling by emerging technology companies. His perspective on AI security is particularly relevant given the current landscape where many employees are already using these tools without formal organizational guidance.

LinkedIn: https://www.linkedin.com/in/jerodbrennen/

SideChannel: https://sidechannel.com/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Evgeniy Kharam is the founder of a cybersecurity consulting company and an industry veteran with extensive expertise in cybersecurity. He advises clients on navigating the complexities of the cybersecurity landscape and co-hosts two popular podcasts focused on cybersecurity architecture and business insights. Evgeniy is also a board advisor for the Canadian Cybersecurity Network, the largest technology group in Canada. Outside of his professional life, he is an active family man with four children, including twins, and enjoys organizing snowboarding events for networking in the cybersecurity community.

Evgeniy joined the Kitecast podcast to discuss his new book, Architecting Success: The Art of Soft Skills in Technical Sales. It is a reflection on the evolution of sales engineering, especially in the cybersecurity field. Evgeniy draws from his personal experiences to address the increasingly complex nature of technical sales and the gap between technical knowledge and the ability to communicate it effectively in business terms. The book also serves as a personal challenge for Evgeniy, as he admits that writing is outside his comfort zone, and he believes that improving soft skills is often about doing what you dislike most.

During the podcast interview, one of the key topics Evgeniy discusses is the importance of soft skills in cybersecurity sales. He emphasizes the need for adaptability, listening, and the ability to connect with clients. He points out that successful cybersecurity sales professionals must adjust their approach based on the client’s mood, energy, and current situation, moving from transactional interactions to building genuine relationships.

Evgeniy also explores the dynamics between sales professionals and sales engineers. He suggests that the sales engineer’s role is not just to support the sales team but to engage in a more collaborative manner, asking the right questions to help the sales team qualify deals effectively. This dynamic allows for a smoother sales process, where both parties respect each other's expertise and play to their strengths, without crossing into each other's responsibilities.

Another major point of discussion is the impact of virtual sales in a post-COVID world. Evgeniy stresses the importance of maintaining professionalism in virtual environments, from investing in proper equipment like cameras and microphones to ensuring a polished appearance. He also highlights the growing reliance on voice communication and the need to train one's voice for better delivery, as remote work has made verbal communication a primary tool for client interactions.

LinkedIn: https://www.linkedin.com/in/ekharam/

Architecting Success: https://www.softskillstech.ca/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

John Christly, VP of Services for Blue Team Alpha, and author of two cybersecurity books, brings his wealth of experience to this episode of Kitecast. With a background spanning roles such as CEO, CIO, CISO, and CTO, as well as military service, Christly offers unique insights into the world of cybersecurity compliance for Department of Defense (DoD) contractors.

In this enlightening discussion, Christly demystifies the Cybersecurity Maturity Model Certification (CMMC) process. He explains how many organizations are surprised to find they’re further along in compliance than they initially thought, thanks to existing frameworks like DFARS and NIST 800-171. However, he cautions that self-attestation is no longer sufficient, emphasizing the need for third-party verification in the new CMMC landscape.

Christly also delves into the critical role of FedRAMP certification in doing business with the government. He highlights the importance of data sovereignty and security in protecting American interests. The conversation explores the challenges of achieving “FedRAMP-like” status and the expertise required to truly build secure systems to DoD specifications.

The podcast doesn’t shy away from emerging threats, with Christly offering valuable insights on managing AI-related risks in the workplace. He stresses the importance of clear policies, employee education, and ongoing monitoring to harness the benefits of AI while protecting sensitive data. Christly’s practical advice on consolidating security tools and gaining visibility into cloud application usage provides actionable strategies for improving organizational cybersecurity posture.

Whether you’re a DoD contractor or simply interested in elevating your cybersecurity practices, this episode of Kitecast is a must-listen. Tune in now and take the first step toward robust, compliant cybersecurity for your organization.

LinkedIn

https://www.linkedin.com/in/johnchristly/

Blue Team Alpha

https://www.blueteamalpha.com

Book: NIST 800-171 Controls Made Simple: A Step by Step Guide

https://www.udemy.com/course/nist-800-171-controls-made-simple

Book: The Basics of Cybersecurity

https://www.amazon.com/dp/B0CZY65DQC

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Kayne McGladrey, the Field CISO at hyperproof, is a renowned cybersecurity expert with an extensive background in enhancing security landscapes across various industries. His career is marked by significant contributions in developing robust security frameworks, managing complex risk scenarios, and driving comprehensive compliance initiatives. With a deep commitment to transforming the cybersecurity field, Kayne’s insights and strategies continue to influence how organizations approach security and regulatory compliance, making him a sought-after voice in the industry.

In this Kitecast episode, Kayne McGladrey challenges the traditional view of cybersecurity as merely a cost center, proposing instead that it acts as a critical enabler of business. He eloquently explains how effective cybersecurity measures can unlock new market opportunities and help sustain revenue streams, thus fundamentally altering the narrative from a grudging investment into a strategic asset. By integrating robust cybersecurity practices, businesses can protect their operations from potential threats while enabling smooth and secure growth and innovation.

Throughout the discussion, Kayne explores the evolving landscape of compliance tools, moving away from outdated methods like manual spreadsheets to more sophisticated, automated solutions. These advanced tools are designed to streamline and enhance the efficiency of compliance processes. However, Kayne points out the challenges businesses face, such as the lack of executive buy-in, which can hinder successful integration. He emphasizes the critical need for aligning security and compliance strategies with broader business objectives to ensure a cohesive and proactive approach to managing compliance.

Kayne delves deeper into the practical challenges faced by cybersecurity teams, especially in the realms of evidence collection and risk assessment. He criticizes the persistence of outdated, manual processes that many organizations still use and advocates for a shift toward automated, more reliable methods. Such modern approaches not only save time but also improve the accuracy and effectiveness of cybersecurity measures, thereby enhancing an organization’s ability to manage and mitigate risks more efficiently.

Looking toward the future, Kayne discusses the development of a GRC (Governance, Risk, and Compliance) maturity model that he is pioneering. This model is intended to provide organizations with a clear, actionable roadmap to enhance their governance structures and compliance strategies. By adopting this model, organizations can better navigate the complexities of regulatory environments, reduce risk, and cultivate a proactive, compliance-forward culture. Kayne’s vision for the future of GRC is aimed at making compliance a seamless part of business operations, thus fostering greater organizational resilience and adaptability.

LinkedIn Profile

https://www.linkedin.com/in/kaynemcgladrey/

hyperproof

https://hyperproof.io/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Jacqui Kernot, the Security Director at Accenture for Australia and New Zealand, boasts over two decades of extensive experience in cybersecurity, spanning multiple industries. Recognized for her authoritative voice on diversity and inclusion alongside cybersecurity risk management, Jacqui is a well-regarded speaker who frequently addresses these pressing issues. She is committed to pushing the boundaries of cybersecurity and focused on integrating cutting-edge AI and technological advancements into the security domain.

In her recent appearance on the Kitecast episode, Jacqui illuminated the transformative impact of AI on cybersecurity. She pointed out that although AI technology is still emerging, the foundational steps taken today by organizations to build robust infrastructures will be pivotal. Jacqui stressed that companies poised to anticipate future technological needs and begin laying the groundwork for AI integration will likely lead the industry. This strategic foresight is crucial for fully realizing AI’s potential and maintaining a competitive edge in cybersecurity.

A significant portion of Jacqui's discussion centered on the imperative of data sovereignty and stringent management practices. In an era increasingly dominated by large language models and cloud-based technologies, securing and responsibly managing data is paramount. Jacqui advocated for strict data governance frameworks that ensure data is accessible only by authorized personnel, emphasizing that responsible AI deployment is fundamental to future security architectures.

Jacqui also delved deeply into the role of Zero Trust architecture in today’s cybersecurity landscape. She explained that as organizations increasingly migrate to cloud services and face more complex cyber threats, adopting a Zero Trust approach is crucial. This methodology is not only essential for blocking unauthorized access but also vital for building resilient security protocols that can robustly counteract potential breaches.

Looking forward, Jacqui shared insights on the evolving challenges and opportunities within cybersecurity. She highlighted the necessity for security strategies to remain adaptive and vigilant against new threats while also leveraging emerging technologies. The discussion touched on the need for more sophisticated security measures that can effectively safeguard against the evolving landscape of cyber threats, ensuring that organizations can protect their critical assets in an increasingly digital world.

LinkedIn Profile
www.linkedin.com/in/jkernot/

Accenture
www.accenture.com/us-en

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.