The Cyber Business Podcast
Guest Introduction Mike Hiltz is the VP and CISO of Nference, a biomedical AI company that works with academic medical centers including Mayo Clinic and Duke University to make millions of patient records, from structured electronic health data to unstructured physician notes, searchable and computable for clinical research. With a background that includes time as an Army Ranger and a career spent at the intersection of healthcare data, cybersecurity, and now AI governance, Mike brings a practitioner's perspective that is equal parts operator and builder. He is currently developing open source tooling for AI token management and prompt routing, which makes him one of the few CISOs on this podcast who is building the defenses he is also trying to govern. Here's a Glimpse of What You'll Learn * How Nference deploys inside academic medical center environments to de-identify patient data using AI and make it available for clinical research without it ever leaving the institution * Why Mike believes the defenders will ultimately win the AI security battle and the specific condition that has to be true before that happens * Why the industry's decades of unexploited legacy vulnerabilities created a false sense of security that machine-speed attacks are now dismantling * Why small organizations are not safer because attackers ignore them, and how they become the supply chain liability that puts large organizations at risk * How Mike built Memforge, an open source memory management system for AI agents, specifically because Claude kept putting him in timeout while vibe coding an Android app * Why AI token budgeting and smart model routing matter as much to security governance as they do to cost, and what Mike is building to solve both simultaneously * Why security awareness training may become unnecessary as AI-powered real-time protection matures, and why we are not there yet for the populations that need it most In This Episode Mike opens with a description of Nference that reframes what healthcare AI actually means in practice. The challenge is not just digitizing patient records. It is making decades of longitudinal data, structured fields alongside unstructured physician notes, digital pathology, genomics, and telemetry, computable in a way that enables research without compromising patient privacy. Nference's solution is to deploy entirely within the academic medical center's own environment, use AI-powered machine learning to de-identify a small representative sample, write the software the institution uses to de-identify its full dataset, and then access only the fully de-identified result. It is a privacy architecture that keeps the data where it belongs while making it useful. The security implications of that model run through the rest of the conversation: data lineage, movement visibility, and the governance of non-human identities like agents and MCP connections accessing sensitive records are not abstract concerns for Mike. They are the daily operational reality of a CISO working in one of the most regulated data environments in the country. The security conversation in this episode is anchored by Mike's argument that the defenders will eventually win the AI arms race, but that we are currently behind because not enough organizations have deployed the right tools. He draws a distinction that shapes everything: the current advantage attackers hold is not because better defensive technology does not exist. It is because the technology exists and is not yet ubiquitous. Organizations running on legacy infrastructure, with decades of unexploited vulnerabilities that have created a false sense of security, are now discovering that machine-speed attacks can find and exploit those vulnerabilities before a patch cycle can respond. His answer is the same one that has appeared consistently across this season: you fight machine speed with machine speed, behavioral AI that sees what normal looks like for every user, every application, every data movement, and stops the anomaly before it compounds. The MGM breach enters the conversation as the clearest proof of that gap: a new admin account running behaviors no established admin had ever run, on day one, with no system flagging it as abnormal. Mike is an optimist about where this ends. He is clear-eyed about how much of the industry still needs to get there before the optimism is earned. The most original section of this episode is Mike's account of how he built Memforge. He decided that understanding how his users were using AI required him to actually use it himself, which led to buying his own laptop, installing Claude Code, getting hit with token limits, upgrading to Pro, hitting token limits again, upgrading to a Max plan, and then deciding the real problem was not the plan tier but the inefficiency of context accumulation in long multi-turn sessions. Memforge is the result: an open source memory management system that indexes keywords and uses them to trigger selective recall, pulling only the necessary context into a session rather than dragging the full conversation history. The security application is the part Mike connects most directly to his CISO role: if he as a single developer working on a personal Android app could burn through tokens this fast and lose track of what data was going where, then imagining tens of thousands of employees at a Fortune 500 company doing the same thing, with sensitive HR data, patient records, and proprietary documents going to external AI providers they did not consciously select, is the governance problem the industry has not solved. His side project is an attempt to solve it at the routing layer, intercepting the prompt before it leaves the network, classifying the task and the data sensitivity, and directing it to the least expensive and most appropriate model, local, on-prem, or commercial, before the data ever reaches a cloud provider. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]
223 Folgen
Kommentare
0Sei die erste Person, die kommentiert
Melde dich jetzt an und werde Teil der The Cyber Business Podcast-Community!