Guardians of the Data

Data Never Sleeps - Andy Soodek - Guardians of the Data - Episode # 50

41 min · 9 jul 2026
aflevering Data Never Sleeps - Andy Soodek - Guardians of the Data - Episode # 50 artwork

Beschrijving

What if the biggest threat to your data wasn't a hacker, but your own success at collecting it? On this episode of Guardians of the Data, host Ward Balcerzak sits down with Andy Soodek, a privacy strategist and data governance expert with over three decades in the industry, to make a case that reframes the whole conversation: data protection was never a project with an end date. Andy breaks down why consent, data sprawl, and now AI are pulling organizations into a governance cycle that never actually closes, and why the companies still treating it like a checklist are the ones falling furthest behind.   Takeaways: * Treat data governance as a continuous loop, not a project you complete and shelve. New data, new tools, and new regulations mean the work never truly ends, so build a governance model that evolves alongside your business instead of expecting a finish line. * Get intentional about consent and transparency before you collect data, not after. Once that data gets shared with third parties or reused for new purposes, unclear consent turns into unclear liability down the road. * Simplify your data classification scheme rather than over-engineering it. Too many tiers create inconsistent access controls and confuse the people who actually need to use the data, so aim for a system that is easy to train on internally and easy to explain to an auditor. * Audit your data retention practices honestly. Most organizations are holding far more data than their own policies allow, and old data sitting around past its useful life adds legal exposure with little upside. * Build AI governance into your existing risk framework instead of treating it as a separate initiative. As regulations like California's ADMT rules expand, organizations need real explainability and human review built into automated decisions. Quote of the Show: * "It's a never-ending governance cycle. You've got to keep up with what you've got going on now, because the next challenge is already on its way." - Andy Soodek Links: * LinkedIn: https://www.linkedin.com/in/andysoodek/ [https://www.linkedin.com/in/andysoodek/]  Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

Reacties

0

Wees de eerste die een reactie plaatst

Meld je nu aan en word lid van de Guardians of the Data community!

Probeer gratis

Probeer 14 dagen gratis

€ 9,99 / maand na proefperiode. · Elk moment opzegbaar.

  • Podcasts die je alleen op Podimo hoort
  • 20 uur luisterboeken / maand
  • Gratis podcasts

Alle afleveringen

51 afleveringen

aflevering Data Never Sleeps - Andy Soodek - Guardians of the Data - Episode # 50 artwork

Data Never Sleeps - Andy Soodek - Guardians of the Data - Episode # 50

What if the biggest threat to your data wasn't a hacker, but your own success at collecting it? On this episode of Guardians of the Data, host Ward Balcerzak sits down with Andy Soodek, a privacy strategist and data governance expert with over three decades in the industry, to make a case that reframes the whole conversation: data protection was never a project with an end date. Andy breaks down why consent, data sprawl, and now AI are pulling organizations into a governance cycle that never actually closes, and why the companies still treating it like a checklist are the ones falling furthest behind.   Takeaways: * Treat data governance as a continuous loop, not a project you complete and shelve. New data, new tools, and new regulations mean the work never truly ends, so build a governance model that evolves alongside your business instead of expecting a finish line. * Get intentional about consent and transparency before you collect data, not after. Once that data gets shared with third parties or reused for new purposes, unclear consent turns into unclear liability down the road. * Simplify your data classification scheme rather than over-engineering it. Too many tiers create inconsistent access controls and confuse the people who actually need to use the data, so aim for a system that is easy to train on internally and easy to explain to an auditor. * Audit your data retention practices honestly. Most organizations are holding far more data than their own policies allow, and old data sitting around past its useful life adds legal exposure with little upside. * Build AI governance into your existing risk framework instead of treating it as a separate initiative. As regulations like California's ADMT rules expand, organizations need real explainability and human review built into automated decisions. Quote of the Show: * "It's a never-ending governance cycle. You've got to keep up with what you've got going on now, because the next challenge is already on its way." - Andy Soodek Links: * LinkedIn: https://www.linkedin.com/in/andysoodek/ [https://www.linkedin.com/in/andysoodek/]  Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

9 jul 202641 min
aflevering Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49 artwork

Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49

AI has changed the conversation around cybersecurity, but according to Anand Thangaraju, the real challenge has not changed at all: protecting what matters most. In this episode, Ward talks to Anand where he explains why proprietary data has become every organization's most valuable asset and why traditional security approaches are struggling to keep pace. From data lineage and insider risk to agentic remediation and AI driven security operations, he lays out a future where context matters more than tools and where security teams need to understand not just where data lives, but why it moves and who is moving it. Takeaways: * Your crown jewels are your proprietary data. In an AI driven world where public information is being commoditized by the minute, the only thing that gives your organization a true competitive edge is what it knows that no one else does. If you do not have a strong grip on that proprietary data, you do not have a fighting chance. * Stop waiting for the perfect moment to turn on visibility. One of the most common traps CISOs fall into is holding off on DSPM adoption until every compensating control is already in place. Start building now, because the longer you wait for perfection, the more your data sprawl grows into something that is genuinely unmanageable. * Treat data security as a program, not a product. No single tool is going to solve your data security problem. The organizations making real progress are the ones pairing the right technology with the right people, clear policies, and a genuine understanding of what bad actors would actually want from their environment. * Build your insider risk and data security programs together. These two disciplines share the same foundation: knowing where your sensitive data lives, who is touching it, and whether that behavior is normal. Tackle them in silos and you are leaving the most important use cases on the table. * Before you automate remediation, earn the right to do it. A crawl, walk, run approach is not timidity, it is strategy. Start with alert only mode, study your false positive rate, and give your model time to learn the nuances of your business before you hand it the keys to take action. Quote of the Show: * "The model should be almost like a trained security architect or security engineer. It should be able to reason for every single action it's taking." - Anand Thangaraju Links: * LinkedIn: https://www.linkedin.com/in/athangaraju/ [https://www.linkedin.com/in/athangaraju/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

2 jul 202640 min
aflevering Where Is Your Grandmother's Data? - David Smith - Guardians of the Data - Episode #48 artwork

Where Is Your Grandmother's Data? - David Smith - Guardians of the Data - Episode #48

Most organizations have spent decades classifying data without ever asking the most important question: what are we actually trying to do with that classification? In this episode, David Smith, a cybersecurity leader with 30 years of experience across financial services, biopharma, consulting, and the vendor space, reframes the entire data governance conversation around one deceptively simple idea: custodianship. David argues that AI did not create the data governance crisis. Organizations handed it 30 years of ungoverned data and said go. What AI did was pull the covers off a problem that has been quietly compounding through every layer of abstraction since the mainframe days. Takeaways: * Every new layer of data technology, from data warehouses to cloud to AI, breaks the original rules attached to data. The further data gets from its source, the harder it is to enforce how it should be used or protected. * Good data governance isn't about corporate policies and DLP rules. It's about custodianship, treating every data set the way you'd treat something precious that belongs to someone you love, and being intentional about who can access it, how it's stored, and what happens if something goes wrong. * AI doesn't create data governance problems, it inherits them. When organizations feed decades of ungoverned data into AI systems, they're handing enormous power to a tool that has no way to respect rules that were never properly defined in the first place. * Data classification fails most organizations not because the concept is wrong, but because schemas focus too much on what the data is and not enough on what people are allowed to do with it. Traffic Light Protocol is a better model because it defines behavior, not just sensitivity level. * Starting a cybersecurity career at the help desk builds skills no technical training can replicate. Learning to solve problems under pressure with frustrated users and outdated systems directly prepares you for the real-world constraints of enterprise security work. Quote of the Show: * "AI inherited rather than creating the data governance problem. Organizations handed it 30 years of ungoverned data and said go." - David Smith Links: * LinkedIn: https://www.linkedin.com/in/davidesmithcissp/ [https://www.linkedin.com/in/davidesmithcissp/] * Personal Website: https://desmithsecurity.com/ [https://desmithsecurity.com/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

25 jun 202645 min
aflevering Governance Never Ends - Zach Lewis - Guardians of the Data - Episode # 47 artwork

Governance Never Ends - Zach Lewis - Guardians of the Data - Episode # 47

What happens when a ransomware threat actor claims they have 380 gigabytes of your data and you have no idea what is actually in it? That was the reality Zach Lewis faced, and it became the catalyst for one of the most thorough data governance journeys you will hear on this show. In this episode, Ward sits down with Zach Lewis, CIO and CISO in the healthcare and higher education space, author of "Locked Up," and a 15 year veteran of the industry. Zach breaks down how a ransomware incident forced a complete reckoning with data classification, what a real multi year DSPM journey actually looks like from the inside, and why normalizing open conversation about cyber attacks might be the most important thing the security community can do right now. Takeaways: * Don't let a good crisis go to waste. A ransomware event, while devastating, can unlock budget, leadership attention, and organizational urgency that would have taken years to build otherwise. The smartest move after an incident is to channel that momentum into the data governance work you already knew needed to happen. * Data classification is not a policy problem, it is an execution problem. Having a policy on paper means nothing if the data isn't actually tagged, governed, and tied to access controls. The real work starts when you move from defining classifications to enforcing them at scale, and that is where tooling and AI become non negotiable. * Data governance is a forever journey, not a project. Even after years of work, Zach's team is still tackling retention, deduplication, and classification accuracy. The goal is not perfection on day one but consistent progress, eating the elephant one bite at a time. * Legal is your secret weapon. General counsel carries a kind of organizational gravity that IT rarely does. When you can align data hygiene and retention efforts with legal risk, people listen and things actually get deleted. * AI is shifting the math on what is even possible. Tasks that would have required a team of analysts reviewing files around the clock can now be handled automatically and accurately. Leaders who lean into AI for data security today are building the foundation that makes everything else, from Copilot adoption to regulatory compliance, far less terrifying tomorrow. Quote of the Show: * "A data governance journey never ends. It's a forever journey. Much like zero trust, the heavy lifting gets done and then it's about setting the right processes in place." - Zach Lewis  Links: * LinkedIn: https://www.linkedin.com/in/zacharylewis1/ [https://www.linkedin.com/in/zacharylewis1/] * Book Link: https://homesteadingciso.com/getlockedup/ [https://homesteadingciso.com/getlockedup/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

18 jun 202644 min
aflevering Securing the Future - Jason Torres - Guardians of the Data - Episode # 46 artwork

Securing the Future - Jason Torres - Guardians of the Data - Episode # 46

What would happen if someone asked your team right now who has access to your most sensitive data and why? For most organizations, that question alone exposes just how far they still have to go. In this episode, Jason Torres draws on over 20 years of experience in healthcare cybersecurity to make the case that data security still comes down to two fundamentals that most organizations haven't cracked, knowing where your data lives, and knowing who is attached to it. Jason breaks down why regulated industries like healthcare face a uniquely relentless challenge where data creation never stops, clinical staff have little patience for security friction, and the stakes of getting it wrong are measured in patient trust and breach costs. He also shares why AI governance committees are the non negotiable first step before any organization touches AI tools.  Takeaways: * Start with the basics, know where your data lives. Before any tooling, framework, or governance program can take hold, organizations need to first identify, locate, and classify their data. It sounds simple, but most companies still can't confidently answer that question, and everything else depends on it. * Access and ownership are two different problems. Knowing who should have access to data is not the same as knowing who does. Closing that gap requires ongoing partnership between security teams and business stakeholders, not just a one time audit. * AI governance must come before AI adoption. Throwing AI tools at the business without establishing governance frameworks, leadership buyin, and usage policies is, in Jason's words, "the Wild Wild West." Forming an AI governance committee to define expectations and outcomes is the essential first step. * The business case for security tools has fundamentally changed. Where organizations once needed dedicated headcount to implement and run new solutions, AI-driven automation is shifting that model, enabling teams to repurpose existing talent rather than request new hires, and to justify investments with clearer, metrics backed ROI. * Diverse backgrounds build stronger security teams. Some of the most effective security professionals didn't come up through traditional IT paths. Bringing in people with backgrounds in finance, communications, or even ministry, as Jason did, creates the range of perspectives and communication styles that make security teams more resilient and well rounded. Quote of the Show: * “Every journey begins with the first step. There's no blueprint for becoming a security leader. It all depends on the time you put in, the knowledge you develop, the action you put forth — and ultimately the relationships you build along the way." - Jason Torres Links: * LinkedIn: https://www.linkedin.com/in/jasontorres/ [https://www.linkedin.com/in/jasontorres/]  Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

11 jun 202645 min