AI Security: Gerald Auger on Shadow AI, Non Human Identities, and AI Defense

AI Security: Gerald Auger on Shadow AI, Non Human Identities, and AI Defense

AI is moving faster than policy, training, and many traditional controls were designed to handle.  In this episode of ClearTech Loop, Jo Peterson talks with Gerald Auger, Chief Content Creator of Simply Cyber, about shadow AI, non human identities, over-permissioned agents, and what AI defense means when AI systems can act at machine speed.  Gerald brings the educator, GRC, and practitioner-community lens to the conversation. His take is practical: organizations probably cannot put AI back in the bottle, so they need to educate users, provide approved tools, bring agents into identity governance, and start treating AI governance like a real security discipline.   What You’ll Hear in This Episode  Jo and Gerald discuss:  * Why shadow AI is a problem for IT, security, and the organization   * How AI is becoming easier to use inside everyday SaaS tools   * Why sensitive data in public AI tools creates a visibility gap   * Why user education has to be part of AI security   * How non human identities and AI agents create new permissioning risks   * Why Gerald thinks organizations may need a “manager in the loop”   * What AI defense means when AI systems can act quickly and at scale   Key Insight  AI governance is becoming its own discipline.  Gerald’s point is not that organizations can stop AI adoption. It is that they need to build around it with education, approved tools, segmented environments, identity controls, better detection, and practical guardrails before “just let it run” becomes the strategy. Which, respectfully, is not a strategy. It is a group project with consequences.  Timestamps  00:00 Introduction to Gerald Auger  00:30 Gerald’s background in cybersecurity, education, and Simply Cyber  01:38 Shadow AI as an IT, security, and organizational issue  03:00 Why public AI tools create data visibility risk  04:40 Why organizations have to “ride the lightning”  06:46 Jo on the missing layer of AI security training  07:13 AI inside everyday tools and emerging attacker behavior  08:58 Non human identities and over-permissioned agents  12:30 AI Wrangler or Manager in the Loop?  13:12 What AI defense means in practice  15:46 AI Gone Wild and closing thoughts  Guest Bio  Gerald Auger, PhD, is Chief Content Creator of Simply Cyber. He is a cybersecurity educator, GRC practitioner, community builder, and creator of the Simply Cyber Daily Cyber Threat Brief.  He has a PhD in Cyber Operations from Dakota State University and teaches cybersecurity at The Citadel. Through Simply Cyber, Gerald helps cybersecurity professionals build careers through practical education, daily threat briefings, and practitioner-first community content.   Resources  * Simply Cyber Academy: The Definitive GRC Analyst Program https://academy.simplycyber.io/p/the-definitive-grc-analyst-program [https://academy.simplycyber.io/p/the-definitive-grc-analyst-program?utm_source=chatgpt.com]  * Flashlight in a Dark Room: A Grounded Theory Study on Information Security Management at Small Healthcare Provider Organizations by Gerald Auger https://scholar.dsu.edu/theses/329/ [https://scholar.dsu.edu/theses/329/?utm_source=chatgpt.com]  * Subscribe to ClearTech Loop on YouTube: https://www.youtube.com/@ClearTechResearch/ [https://www.youtube.com/@ClearTechResearch/]   Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, GRC, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos [https://www.youtube.com/@ClearTechResearch/videos] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security: Maybelyn Plecic on Shadow AI, Non Human Identities, and AI Defense

Your AI policy does not matter much if no one understands how to follow it.  In this episode of ClearTech Loop, Jo Peterson talks with Maybelyn Plecic, Manager of Training and Adoption at Network to Code, about shadow AI, non human identities, and what AI defense actually means when people are already using AI to get work done.  Maybelyn brings a security, compliance, training, and adoption lens to the conversation. She is CISSP certified, AWS certified, and has spent her career helping teams strengthen security posture, drive compliance initiatives, and make technical change usable.  Why This Matters  AI adoption is already happening inside organizations.  The challenge is that governance, policy, training, and approved tools are not always keeping pace.  That creates risk, but not always because people are acting recklessly. In many cases, employees are trying to move faster, automate boring work, and solve problems the official process has not solved yet.  Maybelyn frames shadow AI as an IT issue, a security issue, and a trust issue. Her point is clear: if leaders want people to use AI safely, they have to make the safe path understandable, practical, and easier than the workaround.  What You’ll Hear in This Episode  * Why shadow AI starts with trust, not blame  * How protected proof of concept environments and AI sandboxes can reduce risk  * Why shared language matters when AI systems, agents, and workflows touch data  * How prompt injection, AI training defaults, and history tracking create new security concerns  * Why AI defense is not just a tooling conversation  * How leaders can create AI guidance that teams will actually follow  Key Insight  AI security is not only about tools and controls.  It is about whether people understand the rules, whether the approved process works, and whether organizations are willing to meet teams where the work actually happens.  As Maybelyn says in the episode: “how do you expect someone to be compliant if they don't even know the rules, right?”  Timestamps  00:00 Introduction to ClearTech Loop  00:26 Meet Maybelyn Plecic  01:29 Shadow AI: IT problem, security problem, or both?  01:54 Why shadow AI starts with trust  03:00 AI is moving faster than governance  04:47 AI generated content, visibility, and accountability  06:35 How language around AI is changing  08:43 Using AI to automate the boring work  10:40 How AI changes the CISO conversation  12:33 Non human identities and the importance of shared language  13:05 Workflow questions become security questions  14:26 Prompt injection, AI defaults, and training gaps  15:47 What AI defense means beyond tools  17:30 Why AI guidance has to match each team  18:45 Closing thoughts  Guest Bio  Maybelyn Plecic is the Manager of Training and Adoption at Network to Code. She specializes in helping teams make technical change practical, secure, and usable.  Her work spans security posture, compliance initiatives, technical enablement, training strategy, and customer adoption. She brings a builder’s perspective to AI security, with a focus on making complex technology easier for people to understand and use responsibly.  Additional Resources  * Maybelyn Plecic website: https://www.maybelynplecic.com/ [https://www.maybelynplecic.com/]  * Network to Code Resource Center: https://networktocode.com/resources/resource-center/ [https://networktocode.com/resources/resource-center/]  * NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework [https://www.nist.gov/itl/ai-risk-management-framework]  * Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 [https://www.buzzsprout.com/2248577]  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, shadow AI, non human identities, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos [https://www.youtube.com/@ClearTechResearch/videos] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

AI security is not showing up as one clean problem.  It is showing up across governance, risk, productivity, identity, API security, and defense.  In this episode of ClearTech Loop, Jo Peterson talks with seasoned CISO Patricia Titus, about shadow AI, non human identities, AI agents, APIs, and what AI defense means when organizations are trying to move quickly without losing control. Patricia brings more than 25 years of cybersecurity leadership experience across public and private sectors, including financial services, technology, and government.   Patricia’s take is practical: shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem. If organizations want employees to use AI responsibly, the approved path has to be easier than the workaround.   What You’ll Hear in This Episode  * Jo and Patricia discuss:  * Shadow AI as a governance, risk, productivity, and security issue  * Why visibility has to come before control  * How CISOs and CIOs can create approval lanes that are easier than going rogue  * Why AI agents are becoming a new control plane  * How non human identities, service accounts, bots, and APIs are changing the access conversation  * Why AI defense is less about novelty and more about applying fundamentals at a new scale and speed  Key Insight  * AI defense is not just about buying new tools.  * It is about understanding what AI connects to, what data it consumes, how agents behave, and whether the organization can prove access is controlled.  * That makes this episode especially relevant for CIOs, CISOs, IT leaders, security leaders, and enterprise teams trying to manage AI adoption inside real environments.  Timestamps  00:00 Introduction to Patricia Titus  01:34 ClearTech Loop hot take format and AI security focus  02:25 Shadow AI as both an IT and security problem  03:03 Visibility, safe paths, and enforceable guardrails  05:17 AI agents as a new control plane  06:06 Why emerging AI agent behavior creates new concerns  08:46 Jo on executive awareness and evidence  10:33 Non human identities and how CISOs and CIOs are enabling them  12:34 Least privilege, zero trust, and proving agents are turned off  14:27 APIs as part of the non human identity conversation  15:25 AI defense as fundamentals at a new scale and velocity  16:12 Closing thoughts  Guest Bio  Patricia Titus is a seasoned Chief Information Security Officer. She is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.  She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.  Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations and leadership.  Resources  * If Every User Needs an Identity, Why Don’t Our APIs? by Patricia Titus https://abnormal.ai/blog/user-identity-apis [https://abnormal.ai/blog/user-identity-apis?utm_source=chatgpt.com]  * Preparing for AI Regulation: What CISOs Can Do Now by Patricia Titus https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now [https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now?utm_source=chatgpt.com]  * Building a Culture of Proactive Threat Defense by Patricia Titus https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense [https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense?utm_source=chatgpt.com]  * Season 1 ClearTech Loop https://www.buzzsprout.com/2248577 [https://www.buzzsprout.com/2248577]  Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos [https://www.youtube.com/@ClearTechResearch/videos] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

ClearTech Loop Special Edition: Rethinking CDN Pricing with AWS CloudFront

Cloud pricing can look simple until the bill arrives.  In this ClearTech Loop Special Edition, Jo Peterson talks with Cristian Graziano, Principal Product Manager at Amazon Web Services, about AWS CloudFront flat rate plans and why predictable pricing matters for teams delivering internet facing applications.  Cristian explains how CloudFront helps accelerate and secure applications, why customers often combine CDN, WAF, DDoS protection, DNS, logging, and monitoring, and how flat rate plans are designed to make that model easier to understand, approve, and manage.  In this episode  Jo and Cristian discuss:  * What AWS CloudFront does   * Why CDN pricing can get complicated   * How CloudFront flat rate plans simplify pricing   * Why predictable monthly costs matter for developers, business units, SMBs, and enterprise teams   * How AWS is making security part of the starting point   * Why WAF, DDoS protection, bot controls, and security visibility matter for internet facing applications   Featured quote  “Security is included by default.” Cristian Graziano, Principal Product Manager, AWS  About the guest  Cristian Graziano is a Principal Product Manager at Amazon Web Services. His work focuses on the customer experience for AWS CloudFront, including onboarding, console experience, and pricing.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos [https://www.youtube.com/@ClearTechResearch/videos] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security Starts with Education: James McQuiggan on Shadow AI, NHIs, and AI Defense

AI security is not only about policies, tools, and controls. It is also about education.  In this episode of ClearTech Loop, Jo Peterson talks with James McQuiggan, founder and CISO of Apparent Security, about shadow AI, non human identities, and what AI defense means as organizations try to keep up with real world AI adoption.  James brings the lens of an educator to the conversation. His perspective keeps coming back to how people learn, how they adopt new tools, and why security teams need to guide safe AI use instead of relying on blocking or policy alone.  In this episode  Jo and James discuss:  * Shadow AI as the next version of shadow IT  * Why AI adoption is happening faster than governance and training  * How CISOs and CIOs can create safer paths for employees using AI  * Why non human identities create new access and data flow risks  * How AI defense includes defending with AI, defending against AI enabled attacks, and protecting AI systems themselves  Timestamps  00:00 Introduction to James McQuiggan and the episode theme  02:32 Shadow AI as the next version of shadow IT  06:17 Why education matters in AI policy and rollout  07:34 Training, micro learning, and helping users work safely  10:05 Non human identities, access, and data flow  12:27 What AI defense means in practice  15:00 Final thoughts and closing  Guest Bio  James McQuiggan is founder and CISO of Apparent Security. He is a threat intelligence strategist, cybersecurity educator, and practitioner with more than 25 years of experience across critical infrastructure, human risk management, and security leadership.   Resources  * AI and the Boardroom: Bridging Innovation and Security by James McQuiggan: https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security [https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security?utm_source=chatgpt.com]  * National Institute of Standards and Technology Cybersecurity Framework: https://www.nist.gov/cyberframework [https://www.nist.gov/cyberframework]  Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos [https://www.youtube.com/@ClearTechResearch/videos] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]