Downloading Random AI Tools Is...A Career Choice

Three Pivots In

A lot of people think cybersecurity has one “right” entry point: computer science degree, IT help desk, then a straight climb into security. Courtney Hans is living proof that the best security leaders often come from the roads nobody expects. She’s led adventure travelers through remote terrain, earned an MBA, built security programs as a first security hire inside a fast moving SaaS startup, and now serves as VP of Cyber Services at ANV Cyber helping policyholders use cyber insurance as a relationship that reduces risk, not just a payout after a bad day. We get into how confidence is built, not gifted. Courtney shares the real experiences that taught her “I can do hard things,” and why that matters when you’re laid off, starting over, or walking into a board level conversation. From there, we unpack the day to day reality of security leadership: influence without ownership, trust as your main lever, and why curiosity beats fear based messaging when you’re trying to build a security first culture. You’ll also hear a grounded take on modern cyber risk management, including how insurance questionnaires miss nuance, how to avoid wasting budget on the wrong security tools, and why hardening what you already own in Google Workspace or Microsoft 365 can deliver fast wins. We touch AI security, changing best practices, and the leadership skill of saying “I don’t know yet” while still staying accountable and helpful. If you’re planning a cybersecurity career pivot, hiring security talent, or trying to make security work for the business instead of against it, this conversation will give you language, frameworks, and a mindset you can use immediately. Subscribe, share this with a friend who’s considering a pivot, and leave a review to help more people find the show. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Downloading Random AI Tools Is...A Career Choice

Everybody wants AI right now, and that includes the teams security rarely sees as “technical.” When marketing, HR, and ops start downloading agent tools, prompt packs, and random code from the internet, we get a new kind of software supply chain risk, one that most security programs are not staffed or tooled to handle. I sit down with Amber Bennoui, a product leader and builder who has worked across cloud security, developer pipelines, and software supply chain security, and who now co-leads community efforts through the AI Security Alliance (AISECA). We talk about the mindset behind frontier work: learning fast, asking better questions, and refusing to ship “AI features” that do not answer the basics of who, what, when, where, and why. Amber shares what it looks like to pressure-test guidance with peer reviewers so it works in real companies, not just on a spreadsheet. We also go deep on Jiffy Labs, Amber’s project to bring visibility, scanning, and risk scoring to the AI artifact ecosystem. Think inventory for prompts, models, and agent components, plus practical ways to assess provenance and lineage when security tools are blind to what is actually being pulled into environments. From the Mythos conversation to the reality of ephemeral code rewritten by autonomous agents, we unpack why traditional security patterns struggle and why the AI “shared responsibility model” is still missing. If you care about AI security, AI governance, DevSecOps, and the future of AppSec, this conversation will sharpen how you think and what you ask for next. Subscribe, share the show with a friend, and leave a review to help more people find Voices of the Vigilant. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

GRC Has Layers!

Security teams get asked the same question in a hundred different ways: “What’s the ROI?” We go straight at it with Monica Reagor, Manager of Information Security Compliance at Crestron Electronics and host of the My GRC POV podcast, to show how governance, risk, and compliance becomes a growth lever when it’s done with clarity, data, and the right relationships. We trace Monica’s path from technical IT roles into compliance, then zoom in on the real work of modern information security compliance: translating legislation into executive decisions, turning requirements into engineering action, and mapping frameworks like NIST and ISO 27001 so you can scale evidence, audits, and certifications without burning out your team. We also talk about why “I don’t make money” is the wrong framing and how security can protect revenue, reduce loss, and even help win contracts when customer security questionnaires become the price of entry. Then we get into the pressure cooker: AI governance, privacy, supply chain risk management, and the reality that regulations evolve across US states, federal agencies, the EU, and APAC markets at the same time. Monica shares why operating to the most restrictive standard can be the simplest global strategy, and why GRC must show up early so teams can move fast with documented risk decisions instead of last-minute blockers. If you’re building a GRC program, defending a security budget, or trying to connect compliance to real business outcomes, you’ll leave with language you can use and a clearer mental model for the layers. Subscribe, share this with a teammate who needs it, and leave a review with your biggest challenge proving security value. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Podcasthon 2026 Special - Cyberjutsu’s Playbook For Belonging In Cybersecurity

We are participating in Podcasthon 2026. Podcasthon is the world’s largest podcast charity initiative, bringing together podcasters globally to raise awareness for charitable causes. In support of this noble cause, we spotlight the Women’s Society of Cyberjutsu with CEO Mari Galloway, tracing how hands-on training, cohort mentorship, and a tight-knit community create real jobs and lasting confidence. We unpack CyberjutsuCon 2026, the “Beyond The Patterns” theme, and a make a clear ask to support growth. In this episode we discuss: • Origins of Cyberjutsu and the early workshop model • Mary’s path across SOC, vuln management, sales, and leadership • Why hands-on labs beat lectures for real skill transfer • The evolving mission to include chapters, academies, and grants • measuring impact with surveys, testimonials, and outcomes • Cohort mentorship that builds leaders and peers • Accessibility, scholarships, and low-cost entry points • CyberjutsuCon 2026 format, theme, and community vibe • Sponsorship tiers, current partners, and funding needs • Chapter expansion targets in Miami, Chicago, Seattle, Midwest • Vigilance as authentic leadership and daily practice If you know me personally, even if you don't know me personally, but you know me professionally, and we've done business together before, I expect you to step up. We need you to step up. You have no problem using the talent that is being produced by Cyberjutsu and other organizations. It's time for you to help. This is an easy way for you to invest in developing and growing talent  for your organization. It is a no brainer. Please get a hold of Mari, get a hold of me, go to the website - https://womenscyberjutsu.org/ and make difference. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Speaking Security: Leadership, Language, and Learning to Pivot

Security fails when it’s written for auditors instead of humans. Jess Vachon sits down with cybersecurity and privacy leader Ash Mohanaprakas to unpack how the best security programs feel practical, lightweight, and deeply aligned to the mission, even under pressure. Ash shares how she helps organizations turn security from a cost center into a strategic advantage that supports enterprise deals, customer trust, and acquisition readiness. Ash’s story is anything but linear: an Oxford-trained linguist, a first-generation immigrant, and one of the only undergraduate student parents during her time there. We talk about how language and identity shape the way people interpret risk, why “translation” is an underrated security leadership skill, and how her early governance, risk, and compliance work at a huge university taught her to design controls that researchers can actually live with. The conversation also gets candid about imposter syndrome, early-career salary constraints, and the confidence that comes from learning hard frameworks by doing real work. From ISO 27001 to SOC 2, we dig into what companies get wrong when they overbuild compliance with endless policies, and what to do instead when you need scalable security with minimal friction. We also tackle AI security and AI governance: why “AI-first” is not a differentiator, how to think about agentic workflows, and where AI can genuinely reduce repetitive GRC tasks so humans can focus on complex risk decisions and culture. If you care about cybersecurity leadership, pragmatic compliance, risk management, board communication, and building security programs that scale, this one will land. Subscribe, share this with a security leader who’s drowning in documentation, and leave a review with the most “unread policy” moment you’ve seen. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1