You Can't Outrun a Script: AI Security in a Law Firm with Michael Massey - Ep 220

No Longer Exploratory: Building AI Governance for K12 with Desmond Grant - Ep 223

Guest Introduction: Desmond Grant [https://www.linkedin.com/in/reevolve/] is the CIO of Littleton Public Schools [https://www.littletonpublicschools.net/], a high-performing school district located approximately 15 minutes southwest of the Denver metro area and recognized across Colorado and the nation for its academic outcomes. In his second year as CIO, Desmond oversees technology strategy, cybersecurity, and data governance for a district navigating the same funding pressures, enrollment declines, and AI adoption challenges facing public education nationwide. He brings a practitioner's perspective to every conversation about technology in schools, grounded in a conviction that the decisions made right now about AI literacy will shape a generation. Here's a Glimpse of What You'll Learn * Why Desmond says we are no longer in the exploratory phase of AI and what the shift to intentional use actually requires of school districts * Why his district adopted the principle that it is not about being pro AI or anti AI but about being AI literate and why that reframe changes every conversation * How Littleton built an AI task force including staff, educators, students, and leaders to produce a framework being released at the start of the 2026 to 2027 school year * Why data privacy agreements and data governance have to come before any organization can responsibly give AI access to its data * How Desmond is crowdsourcing cybersecurity expertise internally across every domain on his team without the budget to hire dedicated security staff * Why machine learning is the unsung hero of the AI security battle and why the MGM breach is the clearest example of what it would have stopped * Why a prominent AI researcher's claim that AI will be more significant than electricity, including more significant than the Internet, is now getting a much larger show of hands in Desmond's presentations In This Episode Desmond opens with a budget reality that shapes everything else he says in this episode. Littleton Public Schools is funded primarily on a per-pupil basis, enrollment is declining across the state and the country, and Colorado's state deficit is creating competition for the same limited dollars between Medicaid, K12, and every other public obligation. In that environment, being a high-performing district does not guarantee resources. It just means the expectations are higher. Desmond's response to that constraint is practical and creative: he is exploring cell tower and colocation partnerships as revenue streams, building a crowdsourced internal security team across every technology domain on his staff, and pursuing a managed security service provider relationship that gives him access to a bench of specialists, including data privacy experts and penetration testers, without the cost of hiring them full time. The framing he uses throughout is the same: when the pot is limited, you get creative about what else is in the room. The AI governance section of this episode is where Desmond is most candid about what the past year taught him. He felt at the start of his tenure that there was time to develop policy thoughtfully. Twelve months later he looked up and said they were behind. That experience produced one of the most direct and repeatable lines in the episode: we are no longer in the exploratory phase of AI. The district has moved past that point. The response was an AI task force that brought together staff, educators, non-educators, leaders, and students to build a framework organized around four pillars: cybersecurity and data privacy, teaching and learning integration, policy and ethics, and the principle that there must always be a human in the loop. The framework was presented to district leaders and the Board of Education and is being released at the start of the 2026 to 2027 school year. The principle Desmond has adopted as his north star for all of it: it is not whether you are pro AI or anti AI. It is whether you are AI literate. You may feel any way you want about it, but if you are at least informed, you can justify your thinking and your reasoning. That framing has changed how he runs every stakeholder conversation about AI in the district. The security conversation in this episode is where Desmond and the host find the most alignment and the most productive friction. Desmond makes the machine learning versus LLM distinction in terms that are as clear as any guest this season. Machine learning is not consuming your data and running as an agent. It is asking one question on a continuous loop: is this normal? Adobe encrypting a file it does not normally encrypt. Desmond sending emails at 3:00 AM in a voice that does not sound like him. A new admin account doing things on day one that no other admin does. These are the signals machine learning catches at machine speed, stops, and escalates to a human. That is the model Desmond believes wins the security battle, not blocking everything off, not patching faster, not adding another SIEM or EDR layer, but having a system that sees abnormal behavior across every surface and calls for an adult before the damage is done. The MGM breach, he argues, is the clearest proof of what that would have meant in practice: a new admin account running behaviors no established admin ran, on day one, and no system flagging it as abnormal. Machine learning would have caught it. Nothing else would have. This episode is brought to you by Cyberlynx [https://cyberlynx.com/podcast]

Building the School of the Future in Kansas with Rob Dickson - Ep 222

Guest Introduction: Rob Dickson [https://www.linkedin.com/in/showmerob/] is the CIO of Wichita Public Schools [https://www.usd259.org/], the largest school district in Kansas, serving just under 50,000 students across 87 schools and programs throughout the Wichita metro area. In a role that spans both operational and instructional technology, Rob oversees cybersecurity and infrastructure alongside a portfolio of forward-looking educational initiatives that includes a public micro school, an immersive coding program, a hub for advanced cybersecurity and machine learning education built in partnership with Wichita State University, and a summer STEM camp serving 800 middle school students. He brings a career that started in the U.S. Air Force and spans 27 years in education technology to one of the most ambitious public school technology programs in the country. Here's a Glimpse of What You'll Learn * How Wichita Public Schools built Future Ready Centers where students learn advanced manufacturing, BioMed, and cybersecurity in environments that look nothing like classrooms * Why Rob draws a sharp line between productive struggle and cognitive offload, and why getting that balance right is the most important AI challenge in education today * How AI-powered tabletop exercises running on continuous improvement cycles are changing how Rob's team builds and tests its security posture * Why 900 job applicants for a single data analyst position turned out to be a social engineering threat vector and what Rob did about it * Why Rob is hiring students from WSU Tech to do real cybersecurity work and refresh 45,000 devices this summer * Why skills now have life cycles measured in years rather than careers, and what that means for how schools and post-secondary institutions need to rethink what they teach * Why the superintendent who gives his team room to take risks is the most important ingredient in everything Wichita is building In This Episode Rob opens with a description of Wichita Public Schools that reframes what a public school district can look like when leadership decides to build toward industry outcomes rather than test scores. The Future Ready Centers are not classrooms. The advanced manufacturing center teaches students to build planes. The Hack, the new hub for advanced computer knowledge built in partnership with Wichita State University, teaches cybersecurity and machine learning as extensions of computer science, with data science on the way. The micro school called Creative Minds runs on a 2.5-hour instruction model with the rest of the day in project-based learning organized around a year-long theme. This year it was animal conservation. Last year it was food preservation, culminating in a dinner and a show. Rob is explicit that none of this exists without the relationships that came first: with WSU Tech, with Wichita State, with local industry, and with the state Department of Education that had to understand what a school day that does not look like a school day actually is before it could be approved. The AI and education section of this episode is where Rob makes his most intellectually precise argument. Cognitive offload is real and useful. He does it himself every day to get through the work. But productive struggle cannot be outsourced because the wisdom that comes from working through a hard problem is not transferable. AI can help a student produce an output, but it cannot understand the material from the student's lens, bias, and perspective. That understanding only develops through the struggle, and once it exists, it is what makes a person capable of evaluating AI's outputs rather than simply accepting them. Rob draws the through-line to agentic AI directly: when you build an AI agent, you have to decompose a task to its root level and make it highly verifiable. If the task is not verifiable, subjectiveness enters the picture. And subjectiveness requires wisdom. And wisdom only comes from the productive struggle that most shortcuts are trying to skip. It is one of the more complete and practically grounded arguments for teaching children how to think before teaching them how to use AI that this podcast has featured. The security section of this episode delivers two concrete and specific examples that most IT leaders outside of education will not have heard before. The first is the 900-applicant problem: Rob posted a data analyst position and received over 900 applications. When his team began vetting them, a significant number were not real people. They were social engineering attempts to get an insider into the district's systems with access to student data. The second is the continuous improvement tabletop model, where instead of scheduling the annual March tabletop exercise and calling it done, Rob's team runs scenarios through AI, posts the results, and uses the memory the system has built to push the next scenario further. The result is a security posture that improves continuously rather than in once-a-year snapshots. Both examples reflect the same underlying principle: the threat environment in a school district is as complex as any enterprise, and the organizations that survive are the ones that treat security as a process rather than an event. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

From 45-Year Mainframe to AI Campus: Loyola's CIO on What Works with Alan Schomaker - Ep 221

Guest Introduction Alan Schomaker is the CIO of Loyola University New Orleans, a Jesuit-based institution of approximately 5,000 students that includes a law school and sits on the Gulf Coast as one of four Loyola universities across the country. Five years into his tenure, Alan has led one of the more dramatic technology transformations in higher education, taking the university off a 45-year-old mainframe system and into a cloud-based infrastructure, navigating a hurricane mid-implementation, and now building an AI adoption culture that encourages faculty and staff to solve their own problems rather than wait for IT to do it for them. Here's a Glimpse of What You'll Learn * How Alan led Loyola through a mainframe-to-cloud migration while a hurricane shut down operations mid-implementation * Why ghost students powered by AI agents are committing financial aid fraud at universities across the country and how Alan's team is detecting them * Why locking down AI to a single approved tool is short-sighted and what Alan is doing instead to prevent shadow AI from taking root on campus * How a new registrar used ChatGPT to solve in 16 hours a workflow problem that IT had been unable to crack for a year * How that same registrar then built an AI scheduling tool that reduced a week-long whiteboard process to 10 minutes * Why AI writes better SQL than most database administrators and what that means for how technical staff should be thinking about their role * Why teaching students how to use AI is the same obligation universities have always had with every other powerful tool In This Episode Alan's first five years at Loyola University New Orleans read like a case study in change management under pressure. He inherited a 45-year-old mainframe that some staff still describe as the greatest system ever built, navigated the cultural resistance of moving business processes back to the departments that own them, and did it all while a hurricane shut the campus down for a month in the middle of the implementation. The technical migration was the easy part. Getting people to accept that having more control over their own systems was a benefit rather than a burden was the harder work, and Alan is candid that it is still ongoing. What that experience built in him is a clear instinct about where the real friction in technology adoption lives, and it is almost never in the technology. The ghost student problem Alan describes is one of the most specific and underreported AI threat vectors this podcast has covered. AI agents are being deployed to enroll as fake students in online programs, submit falsified identification documents, collect financial aid and Pell Grant money, and disappear. Alan knows it is not unique to Loyola because he has compared notes with CIOs at other universities and found it spreading. The tell that cracked it open at Loyola was an address verification check that started returning properties actively listed for sale on Zillow. That single data point revealed the fraudulent enrollment pattern and prompted a broader vetting process that now correlates IP location, phone verification, SSN identification, and address data before admissions decisions are made. It is a practical, layered response to a threat that most institutions have not yet acknowledged publicly. The two stories Alan tells about his new registrar are the best argument for democratized AI problem-solving this podcast has captured in a single episode. The first: a grade change workflow that had defeated IT for a year, attempted through the ERP's native tools, abandoned at 80% completion, and then solved by the registrar in 16 total hours using ChatGPT to build a Google Form with scripting, a logging sheet, automated email routing, an approve-deny button for the associate dean, and a two-day reminder trigger. Simple, elegant, and built by the person who understood the process because he lives it. The second: a class scheduling tool that replaced a week of whiteboard and Post-it note work with a 10-minute automated output, complete with a shareable dashboard for the facilities team to assess building impact before scheduling repairs. Alan's response to both was not to shut them down but to help vet them for security and get them into production. His philosophy is explicit: if IT becomes the bottleneck, shadow AI fills the gap. He would rather be the person staff bring ideas to than the one they hide them from.

You Can't Outrun a Script: AI Security in a Law Firm with Michael Massey - Ep 220

Guest Introduction Michael Massey [https://www.linkedin.com/in/michaeljmassey/?skipRedirect=true] is the CISO at Reminger Co LPA [https://www.reminger.com/], a defense-focused law firm handling medical malpractice defense, workers compensation defense, and insurance defense across a large portfolio of client matters. With a background that includes time at IBM Watson Health during what he describes as the early days of AI in healthcare analytics, Michael brings a practitioner's perspective to one of the most data-sensitive environments in cybersecurity: a law firm storing thousands of confidential client records, HIPAA-covered medical files, and privileged communications that cannot afford to be compromised. Here's a Glimpse of What You'll Learn * Why Michael's team discovered their own AI-powered security tools were working correctly by accidentally locking themselves out * How Darktrace Identity and Rapid7 are functioning as the frontline defense layer at Reminger and what real-world triggered alerts actually look like in practice * Why attorneys citing AI-hallucinated case citations before judges is the most concrete example of what happens when verification stops * How DLP tools surface genuine insider threat activity and why filtering the noise to find the real signal is one of the hardest ongoing challenges in legal IT * Why Michael's time at IBM Watson Health gives him a firsthand lens on how fast AI can move from promising to catastrophic when governance is absent * Why the vendor vetting process has become one of the most time-consuming and frustrating parts of AI adoption in a HIPAA-regulated environment * Why the cat and mouse game between attackers and defenders will never end and what that means for how security teams should be building their programs In This Episode Michael opens with a phrase that stopped the host mid-sentence: you cannot outrun a script. It is the clearest and most economical summary of why AI-powered security is no longer optional that this podcast has captured. When attackers are operating at machine speed, any defensive posture that depends on human reaction time is structurally behind. Michael is not making an abstract argument. He is describing his operational reality at a law firm where confidential client records, HIPAA data, and privileged legal communications are stored across a system that receives attempted intrusions on a regular basis. Darktrace and Rapid7 are not aspirational purchases. They are the tools he relies on daily, and he tells the story of how he knows they work because both he and a colleague locked themselves out of their own systems within the same week by doing something outside their normal behavioral pattern. The AI flagged it, acted on it, and left two security administrators calling each other for help. His conclusion is exactly right: that is not a problem, that is proof. The legal AI section of this episode is where Michael brings a perspective most security guests cannot. Attorneys at firms across the country are now appearing before judges with case citations that do not exist, sourced from AI systems that hallucinated the precedents with complete confidence and no disclaimer. In the legal world, Michael notes, they have their own term for this now. Law clerks are finding the ghost cases. Judges are calling attorneys to account. Disciplinary counsel is getting involved. Fines, suspensions, and in some cases disbarment proceedings are following. Michael draws the through-line to security directly: the same verification failure that burns an attorney in a courtroom burns a security analyst who acts on a false positive without checking. The tool is only as good as the human process built around it. At Reminger, the challenge is particularly acute because attorneys are naturally risk-averse and because many of them do not realize they are already using AI tools, a fact revealed by an internal survey where staff said they did not use AI while actively relying on AI-powered systems every day. The IBM Watson Health story is the most historically grounded moment in the episode and one of the more sobering case studies this podcast has featured. Michael was there when Watson Health was doing what he now recognizes as early AI: ingesting thousands of hospital records, building treatment outcome models, identifying that Drug A produced better results than Drug B or C for patients matching specific profiles. It worked. Then it moved into cancer research and it moved too fast, and the result was a patient receiving chemotherapy who did not have cancer, a lawsuit, and the end of Watson Health as a going concern. Michael uses this not as a cautionary tale against AI but as a calibration: the pace of adoption has to be matched to the quality of the governance surrounding it. The organizations and governments that cannot move fast enough to build appropriate guardrails are not being slow. They are being outrun by a technology whose consequences they cannot yet fully anticipate. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

Why AI Rollouts Fail and What Employers Did Differently with Kelley Kage - Ep 219

Guest Introduction Kelley Kage is the CIO of Employers Insurance, a 113-year-old workers compensation carrier operating nationwide that recently expanded into excess workers compensation. Overseeing technology, data, product management, and cybersecurity, Kelley has led one of the most deliberate and results-driven enterprise AI rollouts featured on this podcast, achieving 77% adoption and 90% training completion companywide within the first two months of deploying Claude across the entire organization. She brings a change management framework to AI adoption that is already delivering measurable business value, and a conviction that the insurance industry is not the laggard in this transition but an opportunity to lead it. Here's a Glimpse of What You'll Learn * Why Kelley frames governance as an on-ramp rather than a speed bump and how that reframe changes every conversation with skeptical stakeholders * How Employers achieved 77% adoption and 90% training completion companywide within two months and the sequencing that made it possible * Why the ROI on their Claude rollout is already paying for itself multiple times over and why those ideas came from business leaders, not the tech team * Why AI adoption is a change management problem rather than a technology problem and what that distinction means for how you plan the rollout * Why the companies approaching AI purely from a cost savings or headcount reduction mindset are building toward the wrong outcome * How Kelley thinks about AI as an equalizer for executive coaching and mentorship access across every level of an organization * Why being at the front of regulatory evolution is a strategic advantage in heavily regulated industries and how Employers is positioning for exactly that In This Episode Kelley opens with a framing that separates this episode from most AI adoption conversations immediately: governance is not a speed bump, it is the on-ramp. That single reframe carries significant weight in a 113-year-old insurance company where the instinct to slow down for compliance is deeply ingrained. Kelley's argument is not that governance should be bypassed in the name of speed. It is that governance built correctly and in advance is what allows organizations to move faster once the guardrails are in place. Partnering legal, HR, and cybersecurity into the AI adoption process from the start is not overhead. It is the architecture that makes rapid deployment possible without the expensive course corrections that come from moving first and asking permission later. For a regulated industry operating under ongoing scrutiny from multiple agencies, that distinction matters enormously and she makes it clearly. The Claude rollout section of this episode is the most detailed and credible enterprise AI deployment case study this podcast has featured. Kelley is specific about the numbers: 77% adoption rate and 90% training completion in the first one to two months, with ROI already paying for itself multiple times over. But what makes the account valuable is not the metrics. It is the sequencing. The rollout started with the executive team and their direct reports, who went through an intensive training program designed not just to teach them how to use the tool but to retrain how they think about their own business processes. The technology deployment followed the mindset shift, not the other way around. The proof that this sequencing worked came at a companywide event at the end of March, where business leaders presented what they had built themselves with Claude and the value they had already generated. It was not the technology team presenting a roadmap. It was the business owners showing what they had made. That distinction is the one that determines whether an AI rollout produces adoption or produces a tool that 85% of the workforce quietly stops using after 90 days. Kelley closes with an argument about the future of AI in leadership development that is one of the more original takes the podcast has captured this season. Executive coaching has always been costly and difficult to access, which means it has historically been available only to a narrow slice of any organization. AI changes that by giving anyone at any level a tool they can teach who they are, what they are trying to achieve, and what challenges they are working through. Kelley is careful to note that it works best in partnership with human mentors, not as a replacement for them. But the democratization of access to that kind of reflective, feedback-oriented thinking is a genuine shift in what leadership development can look like inside an organization. Paired with her personal board of directors model, which she recommends to everyone she mentors, it represents a framework for continuous growth that does not depend on seniority, budget, or having the right sponsor in the room. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]