The Cyber Business Podcast

Legacy Vulnerabilities, Machine Speed Attacks, and Routing AI Safely with Mike Hiltz - Ep 225

40 min · 16. heinä 2026
jakson Legacy Vulnerabilities, Machine Speed Attacks, and Routing AI Safely with Mike Hiltz - Ep 225 kansikuva

Kuvaus

Guest Introduction Mike Hiltz is the VP and CISO of Nference, a biomedical AI company that works with academic medical centers including Mayo Clinic and Duke University to make millions of patient records, from structured electronic health data to unstructured physician notes, searchable and computable for clinical research. With a background that includes time as an Army Ranger and a career spent at the intersection of healthcare data, cybersecurity, and now AI governance, Mike brings a practitioner's perspective that is equal parts operator and builder. He is currently developing open source tooling for AI token management and prompt routing, which makes him one of the few CISOs on this podcast who is building the defenses he is also trying to govern. Here's a Glimpse of What You'll Learn * How Nference deploys inside academic medical center environments to de-identify patient data using AI and make it available for clinical research without it ever leaving the institution * Why Mike believes the defenders will ultimately win the AI security battle and the specific condition that has to be true before that happens * Why the industry's decades of unexploited legacy vulnerabilities created a false sense of security that machine-speed attacks are now dismantling * Why small organizations are not safer because attackers ignore them, and how they become the supply chain liability that puts large organizations at risk * How Mike built Memforge, an open source memory management system for AI agents, specifically because Claude kept putting him in timeout while vibe coding an Android app * Why AI token budgeting and smart model routing matter as much to security governance as they do to cost, and what Mike is building to solve both simultaneously * Why security awareness training may become unnecessary as AI-powered real-time protection matures, and why we are not there yet for the populations that need it most In This Episode Mike opens with a description of Nference that reframes what healthcare AI actually means in practice. The challenge is not just digitizing patient records. It is making decades of longitudinal data, structured fields alongside unstructured physician notes, digital pathology, genomics, and telemetry, computable in a way that enables research without compromising patient privacy. Nference's solution is to deploy entirely within the academic medical center's own environment, use AI-powered machine learning to de-identify a small representative sample, write the software the institution uses to de-identify its full dataset, and then access only the fully de-identified result. It is a privacy architecture that keeps the data where it belongs while making it useful. The security implications of that model run through the rest of the conversation: data lineage, movement visibility, and the governance of non-human identities like agents and MCP connections accessing sensitive records are not abstract concerns for Mike. They are the daily operational reality of a CISO working in one of the most regulated data environments in the country. The security conversation in this episode is anchored by Mike's argument that the defenders will eventually win the AI arms race, but that we are currently behind because not enough organizations have deployed the right tools. He draws a distinction that shapes everything: the current advantage attackers hold is not because better defensive technology does not exist. It is because the technology exists and is not yet ubiquitous. Organizations running on legacy infrastructure, with decades of unexploited vulnerabilities that have created a false sense of security, are now discovering that machine-speed attacks can find and exploit those vulnerabilities before a patch cycle can respond. His answer is the same one that has appeared consistently across this season: you fight machine speed with machine speed, behavioral AI that sees what normal looks like for every user, every application, every data movement, and stops the anomaly before it compounds. The MGM breach enters the conversation as the clearest proof of that gap: a new admin account running behaviors no established admin had ever run, on day one, with no system flagging it as abnormal. Mike is an optimist about where this ends. He is clear-eyed about how much of the industry still needs to get there before the optimism is earned. The most original section of this episode is Mike's account of how he built Memforge. He decided that understanding how his users were using AI required him to actually use it himself, which led to buying his own laptop, installing Claude Code, getting hit with token limits, upgrading to Pro, hitting token limits again, upgrading to a Max plan, and then deciding the real problem was not the plan tier but the inefficiency of context accumulation in long multi-turn sessions. Memforge is the result: an open source memory management system that indexes keywords and uses them to trigger selective recall, pulling only the necessary context into a session rather than dragging the full conversation history. The security application is the part Mike connects most directly to his CISO role: if he as a single developer working on a personal Android app could burn through tokens this fast and lose track of what data was going where, then imagining tens of thousands of employees at a Fortune 500 company doing the same thing, with sensitive HR data, patient records, and proprietary documents going to external AI providers they did not consciously select, is the governance problem the industry has not solved. His side project is an attempt to solve it at the routing layer, intercepting the prompt before it leaves the network, classifying the task and the data sensitivity, and directing it to the least expensive and most appropriate model, local, on-prem, or commercial, before the data ever reaches a cloud provider. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

Kommentit

0

Ole ensimmäinen kommentoija

Rekisteröidy nyt ja liity The Cyber Business Podcast-yhteisöön!

Aloita maksutta

14 vrk ilmainen kokeilu

Kokeilun jälkeen 7,99 € / kuukausi. · Peru milloin tahansa.

  • Podimon podcastit
  • 20 kuunteluaikaa / kuukausi
  • Lataa offline-käyttöön

Kaikki jaksot

223 jaksot

jakson Legacy Vulnerabilities, Machine Speed Attacks, and Routing AI Safely with Mike Hiltz - Ep 225 kansikuva

Legacy Vulnerabilities, Machine Speed Attacks, and Routing AI Safely with Mike Hiltz - Ep 225

Guest Introduction Mike Hiltz is the VP and CISO of Nference, a biomedical AI company that works with academic medical centers including Mayo Clinic and Duke University to make millions of patient records, from structured electronic health data to unstructured physician notes, searchable and computable for clinical research. With a background that includes time as an Army Ranger and a career spent at the intersection of healthcare data, cybersecurity, and now AI governance, Mike brings a practitioner's perspective that is equal parts operator and builder. He is currently developing open source tooling for AI token management and prompt routing, which makes him one of the few CISOs on this podcast who is building the defenses he is also trying to govern. Here's a Glimpse of What You'll Learn * How Nference deploys inside academic medical center environments to de-identify patient data using AI and make it available for clinical research without it ever leaving the institution * Why Mike believes the defenders will ultimately win the AI security battle and the specific condition that has to be true before that happens * Why the industry's decades of unexploited legacy vulnerabilities created a false sense of security that machine-speed attacks are now dismantling * Why small organizations are not safer because attackers ignore them, and how they become the supply chain liability that puts large organizations at risk * How Mike built Memforge, an open source memory management system for AI agents, specifically because Claude kept putting him in timeout while vibe coding an Android app * Why AI token budgeting and smart model routing matter as much to security governance as they do to cost, and what Mike is building to solve both simultaneously * Why security awareness training may become unnecessary as AI-powered real-time protection matures, and why we are not there yet for the populations that need it most In This Episode Mike opens with a description of Nference that reframes what healthcare AI actually means in practice. The challenge is not just digitizing patient records. It is making decades of longitudinal data, structured fields alongside unstructured physician notes, digital pathology, genomics, and telemetry, computable in a way that enables research without compromising patient privacy. Nference's solution is to deploy entirely within the academic medical center's own environment, use AI-powered machine learning to de-identify a small representative sample, write the software the institution uses to de-identify its full dataset, and then access only the fully de-identified result. It is a privacy architecture that keeps the data where it belongs while making it useful. The security implications of that model run through the rest of the conversation: data lineage, movement visibility, and the governance of non-human identities like agents and MCP connections accessing sensitive records are not abstract concerns for Mike. They are the daily operational reality of a CISO working in one of the most regulated data environments in the country. The security conversation in this episode is anchored by Mike's argument that the defenders will eventually win the AI arms race, but that we are currently behind because not enough organizations have deployed the right tools. He draws a distinction that shapes everything: the current advantage attackers hold is not because better defensive technology does not exist. It is because the technology exists and is not yet ubiquitous. Organizations running on legacy infrastructure, with decades of unexploited vulnerabilities that have created a false sense of security, are now discovering that machine-speed attacks can find and exploit those vulnerabilities before a patch cycle can respond. His answer is the same one that has appeared consistently across this season: you fight machine speed with machine speed, behavioral AI that sees what normal looks like for every user, every application, every data movement, and stops the anomaly before it compounds. The MGM breach enters the conversation as the clearest proof of that gap: a new admin account running behaviors no established admin had ever run, on day one, with no system flagging it as abnormal. Mike is an optimist about where this ends. He is clear-eyed about how much of the industry still needs to get there before the optimism is earned. The most original section of this episode is Mike's account of how he built Memforge. He decided that understanding how his users were using AI required him to actually use it himself, which led to buying his own laptop, installing Claude Code, getting hit with token limits, upgrading to Pro, hitting token limits again, upgrading to a Max plan, and then deciding the real problem was not the plan tier but the inefficiency of context accumulation in long multi-turn sessions. Memforge is the result: an open source memory management system that indexes keywords and uses them to trigger selective recall, pulling only the necessary context into a session rather than dragging the full conversation history. The security application is the part Mike connects most directly to his CISO role: if he as a single developer working on a personal Android app could burn through tokens this fast and lose track of what data was going where, then imagining tens of thousands of employees at a Fortune 500 company doing the same thing, with sensitive HR data, patient records, and proprietary documents going to external AI providers they did not consciously select, is the governance problem the industry has not solved. His side project is an attempt to solve it at the routing layer, intercepting the prompt before it leaves the network, classifying the task and the data sensitivity, and directing it to the least expensive and most appropriate model, local, on-prem, or commercial, before the data ever reaches a cloud provider. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

16. heinä 202640 min
jakson The Economics of Cybercrime and the AI Strategy Behind Getty with Isaac Straley - Ep 224 kansikuva

The Economics of Cybercrime and the AI Strategy Behind Getty with Isaac Straley - Ep 224

Guest Introduction: Isaac Straley [https://www.linkedin.com/in/isaac-straley/] is the CISO of the J. Paul Getty Trust [https://www.getty.edu/], one of the world's most significant cultural institutions, encompassing two museums in Los Angeles, a deep academic research library and scholarship program, a scientific conservation laboratory, and a global philanthropic grant-making foundation. Two months into his fourth CISO role, Isaac brings a career spent almost entirely in public sector and nonprofit organizations, including three prior stints as CISO at public research universities, to an institution that is increasingly a target in a sector that has historically underinvested in cybersecurity. He also holds responsibility for Getty's enterprise-wide AI strategy, making him one of the few guests this podcast has featured who is simultaneously building the offensive and defensive AI posture for the same organization. Here's a Glimpse of What You'll Learn * Why museums, libraries, and cultural institutions are now active targets and how recent attacks on the Seattle Library, Toronto Library, and British Museum changed the conversation * Why Isaac frames cybersecurity almost exclusively through an economics and business lens and what that means for how he prioritizes risk at Getty * Why patch management is the encyclopedia of security strategy and what has to replace it in an era of machine-speed vulnerability discovery * Why the NIST CSF 2.0's three response-oriented functions are more important than its two prevention-oriented ones and why the field has been signaling this for years * How observability pipelines rather than prevention controls are the architecture that makes AI-age security actually work * Why Isaac advises every aspiring security professional to go learn something else first and why that advice is more relevant in the AI era than it has ever been * Why measuring a SOC analyst on how many threats they found is the wrong metric and what he is replacing it with In This Episode Isaac opens by making the case, with genuine conviction, that the J. Paul Getty Trust needs a CISO and not merely an IT security director. The argument is stronger than it initially sounds. Getty is not just a tourist destination hosting a million and a half visitors a year across two museums in Los Angeles. It runs a digital archive of another million and a half physical pieces being built into a publicly accessible, API-enabled collection. Its conservation institute does leading-edge materials science research on how to preserve degrading plastics, oils, and stone. Its foundation funds cultural heritage organizations globally and distributes open source software, including a heritage data management platform used for archaeological dig sites. And all of it sits in a sector that, as Isaac notes directly, has not had the investment and focus it needs, evidenced by recent ransomware attacks on the Seattle Public Library, the Toronto Public Library, and the British Museum. That context is what makes his framing of the threat so useful: he thinks about attacks almost exclusively from an economics standpoint. Attackers are running supply chains with HR departments. Their KPIs are not calibrated to spare hospitals or museums. The question is simply whether a vulnerability exists and whether it can be exploited, and the answer is almost always yes and yes. The security architecture argument Isaac makes in this episode is the one that most challenges how the field has historically measured itself. Prevention and protection matter, he acknowledges, and there is a legal and ethical obligation to maintain basic hygiene. But NIST CSF 2.0 already signals where the weight should be: three of its five core functions are on the response side, detect, respond, and recover. The discipline has been pointing at this for years. What is new is that the AI age makes it structurally unavoidable. Organizations are no longer building controlled infrastructure with thoughtful design and hardened controls baked in. They are building platforms for people to create things nobody anticipated, and those platforms cannot be protected through prevention alone. What they can be protected through is observability, building trace data pipelines that capture what is happening across every system in real time, feeding that data to machine learning that understands what normal looks like, and escalating anomalies to a human before the damage compounds. Isaac is specific that this is not just a security strategy. It is a virtuous loop, because the same observability infrastructure that makes security possible also gives builders better feedback on whether their systems are working. Security and functionality, aligned by design rather than in opposition. The talent and leadership section of this episode is where Isaac is most candid about what he has learned the hard way. His standard advice to students asking how to break into cybersecurity is to go learn something else first: a business process, a technology, where it breaks, what controls feel like from the inside. The cybersecurity skills can be taught. The business knowledge and architecture intuition cannot be shortcut. In the AI era, that advice becomes more urgent, not less, because the organizations that will use AI well are the ones whose people can ask good questions of it. The 85% of Microsoft employees who stopped using Copilot after 90 days went straight to demanding outputs without context. The 15% who became power users treated it the way you treat a new hire who needs to learn the job. Isaac extends that into a leadership obligation: if AI is going to do the routine rote work, then the measure of a SOC analyst's success should not be how many threats they found. It should be how much they improved the observability pipeline from what they learned. That shift in measurement is what allows organizations to ride the wave of AI capability rather than be made redundant by it. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

22. kesä 202635 min
jakson No Longer Exploratory: Building AI Governance for K12 with Desmond Grant - Ep 223 kansikuva

No Longer Exploratory: Building AI Governance for K12 with Desmond Grant - Ep 223

Guest Introduction: Desmond Grant [https://www.linkedin.com/in/reevolve/] is the CIO of Littleton Public Schools [https://www.littletonpublicschools.net/], a high-performing school district located approximately 15 minutes southwest of the Denver metro area and recognized across Colorado and the nation for its academic outcomes. In his second year as CIO, Desmond oversees technology strategy, cybersecurity, and data governance for a district navigating the same funding pressures, enrollment declines, and AI adoption challenges facing public education nationwide. He brings a practitioner's perspective to every conversation about technology in schools, grounded in a conviction that the decisions made right now about AI literacy will shape a generation. Here's a Glimpse of What You'll Learn * Why Desmond says we are no longer in the exploratory phase of AI and what the shift to intentional use actually requires of school districts * Why his district adopted the principle that it is not about being pro AI or anti AI but about being AI literate and why that reframe changes every conversation * How Littleton built an AI task force including staff, educators, students, and leaders to produce a framework being released at the start of the 2026 to 2027 school year * Why data privacy agreements and data governance have to come before any organization can responsibly give AI access to its data * How Desmond is crowdsourcing cybersecurity expertise internally across every domain on his team without the budget to hire dedicated security staff * Why machine learning is the unsung hero of the AI security battle and why the MGM breach is the clearest example of what it would have stopped * Why a prominent AI researcher's claim that AI will be more significant than electricity, including more significant than the Internet, is now getting a much larger show of hands in Desmond's presentations In This Episode Desmond opens with a budget reality that shapes everything else he says in this episode. Littleton Public Schools is funded primarily on a per-pupil basis, enrollment is declining across the state and the country, and Colorado's state deficit is creating competition for the same limited dollars between Medicaid, K12, and every other public obligation. In that environment, being a high-performing district does not guarantee resources. It just means the expectations are higher. Desmond's response to that constraint is practical and creative: he is exploring cell tower and colocation partnerships as revenue streams, building a crowdsourced internal security team across every technology domain on his staff, and pursuing a managed security service provider relationship that gives him access to a bench of specialists, including data privacy experts and penetration testers, without the cost of hiring them full time. The framing he uses throughout is the same: when the pot is limited, you get creative about what else is in the room. The AI governance section of this episode is where Desmond is most candid about what the past year taught him. He felt at the start of his tenure that there was time to develop policy thoughtfully. Twelve months later he looked up and said they were behind. That experience produced one of the most direct and repeatable lines in the episode: we are no longer in the exploratory phase of AI. The district has moved past that point. The response was an AI task force that brought together staff, educators, non-educators, leaders, and students to build a framework organized around four pillars: cybersecurity and data privacy, teaching and learning integration, policy and ethics, and the principle that there must always be a human in the loop. The framework was presented to district leaders and the Board of Education and is being released at the start of the 2026 to 2027 school year. The principle Desmond has adopted as his north star for all of it: it is not whether you are pro AI or anti AI. It is whether you are AI literate. You may feel any way you want about it, but if you are at least informed, you can justify your thinking and your reasoning. That framing has changed how he runs every stakeholder conversation about AI in the district. The security conversation in this episode is where Desmond and the host find the most alignment and the most productive friction. Desmond makes the machine learning versus LLM distinction in terms that are as clear as any guest this season. Machine learning is not consuming your data and running as an agent. It is asking one question on a continuous loop: is this normal? Adobe encrypting a file it does not normally encrypt. Desmond sending emails at 3:00 AM in a voice that does not sound like him. A new admin account doing things on day one that no other admin does. These are the signals machine learning catches at machine speed, stops, and escalates to a human. That is the model Desmond believes wins the security battle, not blocking everything off, not patching faster, not adding another SIEM or EDR layer, but having a system that sees abnormal behavior across every surface and calls for an adult before the damage is done. The MGM breach, he argues, is the clearest proof of what that would have meant in practice: a new admin account running behaviors no established admin ran, on day one, and no system flagging it as abnormal. Machine learning would have caught it. Nothing else would have. This episode is brought to you by Cyberlynx [https://cyberlynx.com/podcast]

16. kesä 202639 min
jakson Building the School of the Future in Kansas with Rob Dickson - Ep 222 kansikuva

Building the School of the Future in Kansas with Rob Dickson - Ep 222

Guest Introduction: Rob Dickson [https://www.linkedin.com/in/showmerob/] is the CIO of Wichita Public Schools [https://www.usd259.org/], the largest school district in Kansas, serving just under 50,000 students across 87 schools and programs throughout the Wichita metro area. In a role that spans both operational and instructional technology, Rob oversees cybersecurity and infrastructure alongside a portfolio of forward-looking educational initiatives that includes a public micro school, an immersive coding program, a hub for advanced cybersecurity and machine learning education built in partnership with Wichita State University, and a summer STEM camp serving 800 middle school students. He brings a career that started in the U.S. Air Force and spans 27 years in education technology to one of the most ambitious public school technology programs in the country. Here's a Glimpse of What You'll Learn * How Wichita Public Schools built Future Ready Centers where students learn advanced manufacturing, BioMed, and cybersecurity in environments that look nothing like classrooms * Why Rob draws a sharp line between productive struggle and cognitive offload, and why getting that balance right is the most important AI challenge in education today * How AI-powered tabletop exercises running on continuous improvement cycles are changing how Rob's team builds and tests its security posture * Why 900 job applicants for a single data analyst position turned out to be a social engineering threat vector and what Rob did about it * Why Rob is hiring students from WSU Tech to do real cybersecurity work and refresh 45,000 devices this summer * Why skills now have life cycles measured in years rather than careers, and what that means for how schools and post-secondary institutions need to rethink what they teach * Why the superintendent who gives his team room to take risks is the most important ingredient in everything Wichita is building In This Episode Rob opens with a description of Wichita Public Schools that reframes what a public school district can look like when leadership decides to build toward industry outcomes rather than test scores. The Future Ready Centers are not classrooms. The advanced manufacturing center teaches students to build planes. The Hack, the new hub for advanced computer knowledge built in partnership with Wichita State University, teaches cybersecurity and machine learning as extensions of computer science, with data science on the way. The micro school called Creative Minds runs on a 2.5-hour instruction model with the rest of the day in project-based learning organized around a year-long theme. This year it was animal conservation. Last year it was food preservation, culminating in a dinner and a show. Rob is explicit that none of this exists without the relationships that came first: with WSU Tech, with Wichita State, with local industry, and with the state Department of Education that had to understand what a school day that does not look like a school day actually is before it could be approved. The AI and education section of this episode is where Rob makes his most intellectually precise argument. Cognitive offload is real and useful. He does it himself every day to get through the work. But productive struggle cannot be outsourced because the wisdom that comes from working through a hard problem is not transferable. AI can help a student produce an output, but it cannot understand the material from the student's lens, bias, and perspective. That understanding only develops through the struggle, and once it exists, it is what makes a person capable of evaluating AI's outputs rather than simply accepting them. Rob draws the through-line to agentic AI directly: when you build an AI agent, you have to decompose a task to its root level and make it highly verifiable. If the task is not verifiable, subjectiveness enters the picture. And subjectiveness requires wisdom. And wisdom only comes from the productive struggle that most shortcuts are trying to skip. It is one of the more complete and practically grounded arguments for teaching children how to think before teaching them how to use AI that this podcast has featured. The security section of this episode delivers two concrete and specific examples that most IT leaders outside of education will not have heard before. The first is the 900-applicant problem: Rob posted a data analyst position and received over 900 applications. When his team began vetting them, a significant number were not real people. They were social engineering attempts to get an insider into the district's systems with access to student data. The second is the continuous improvement tabletop model, where instead of scheduling the annual March tabletop exercise and calling it done, Rob's team runs scenarios through AI, posts the results, and uses the memory the system has built to push the next scenario further. The result is a security posture that improves continuously rather than in once-a-year snapshots. Both examples reflect the same underlying principle: the threat environment in a school district is as complex as any enterprise, and the organizations that survive are the ones that treat security as a process rather than an event. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

11. kesä 202629 min
jakson From 45-Year Mainframe to AI Campus: Loyola's CIO on What Works with Alan Schomaker - Ep 221 kansikuva

From 45-Year Mainframe to AI Campus: Loyola's CIO on What Works with Alan Schomaker - Ep 221

Guest Introduction Alan Schomaker is the CIO of Loyola University New Orleans, a Jesuit-based institution of approximately 5,000 students that includes a law school and sits on the Gulf Coast as one of four Loyola universities across the country. Five years into his tenure, Alan has led one of the more dramatic technology transformations in higher education, taking the university off a 45-year-old mainframe system and into a cloud-based infrastructure, navigating a hurricane mid-implementation, and now building an AI adoption culture that encourages faculty and staff to solve their own problems rather than wait for IT to do it for them. Here's a Glimpse of What You'll Learn * How Alan led Loyola through a mainframe-to-cloud migration while a hurricane shut down operations mid-implementation * Why ghost students powered by AI agents are committing financial aid fraud at universities across the country and how Alan's team is detecting them * Why locking down AI to a single approved tool is short-sighted and what Alan is doing instead to prevent shadow AI from taking root on campus * How a new registrar used ChatGPT to solve in 16 hours a workflow problem that IT had been unable to crack for a year * How that same registrar then built an AI scheduling tool that reduced a week-long whiteboard process to 10 minutes * Why AI writes better SQL than most database administrators and what that means for how technical staff should be thinking about their role * Why teaching students how to use AI is the same obligation universities have always had with every other powerful tool In This Episode Alan's first five years at Loyola University New Orleans read like a case study in change management under pressure. He inherited a 45-year-old mainframe that some staff still describe as the greatest system ever built, navigated the cultural resistance of moving business processes back to the departments that own them, and did it all while a hurricane shut the campus down for a month in the middle of the implementation. The technical migration was the easy part. Getting people to accept that having more control over their own systems was a benefit rather than a burden was the harder work, and Alan is candid that it is still ongoing. What that experience built in him is a clear instinct about where the real friction in technology adoption lives, and it is almost never in the technology. The ghost student problem Alan describes is one of the most specific and underreported AI threat vectors this podcast has covered. AI agents are being deployed to enroll as fake students in online programs, submit falsified identification documents, collect financial aid and Pell Grant money, and disappear. Alan knows it is not unique to Loyola because he has compared notes with CIOs at other universities and found it spreading. The tell that cracked it open at Loyola was an address verification check that started returning properties actively listed for sale on Zillow. That single data point revealed the fraudulent enrollment pattern and prompted a broader vetting process that now correlates IP location, phone verification, SSN identification, and address data before admissions decisions are made. It is a practical, layered response to a threat that most institutions have not yet acknowledged publicly. The two stories Alan tells about his new registrar are the best argument for democratized AI problem-solving this podcast has captured in a single episode. The first: a grade change workflow that had defeated IT for a year, attempted through the ERP's native tools, abandoned at 80% completion, and then solved by the registrar in 16 total hours using ChatGPT to build a Google Form with scripting, a logging sheet, automated email routing, an approve-deny button for the associate dean, and a two-day reminder trigger. Simple, elegant, and built by the person who understood the process because he lives it. The second: a class scheduling tool that replaced a week of whiteboard and Post-it note work with a 10-minute automated output, complete with a shareable dashboard for the facilities team to assess building impact before scheduling repairs. Alan's response to both was not to shut them down but to help vet them for security and get them into production. His philosophy is explicit: if IT becomes the bottleneck, shadow AI fills the gap. He would rather be the person staff bring ideas to than the one they hide them from.

8. kesä 202638 min