Seiso Side-Up

Episode 20 - AI Chats w/ Zenable and OpenArc

The conversation covers the integration of AI in software development, the importance of feedback and verification in the development process, and the client perception of AI's impact on software development speed and quality. The conversation delves into the security risks posed by AI agents, citing an example of a security breach and discussing the importance of combatting these risks. It explores the implementation of preventative controls, observability, and data analysis, as well as the management of access and controls. Additionally, it touches on the future of AI in software development and the need for organizations to adopt AI policies to mitigate potential challenges. Takeaways * AI in Software Development * Feedback and Verification * Client Perception of AI AI agents pose new security risks * Security principles still apply to AI agents Chapters * 00:00 Client Perception of AI * 24:52 Security Risks of AI Agents * 30:34 Preventative Controls for AI Agents * 36:12 Managing Access and Controls * 43:35 Future of AI in Software Development

Episode 19 - Hacklore and Friends

The conversation explores the concept of 'hack lore' and its impact on cybersecurity, focusing on the disconnect between perceived security and actual security. It delves into the myths and misconceptions surrounding security, the role of AI in creating new hack lore, and the need to address the mundane aspects of security. The discussion also highlights the importance of holding companies accountable for customer security outcomes and the challenges of AI in cybersecurity. The conversation delves into the challenges of implementing AI and security in modern workflows, highlighting the need for a secure-by-design approach and the importance of understanding customer security outcomes. It also emphasizes the role of leadership in taking ownership of security and risk. Takeaways * Hack lore: The conversation sheds light on the concept of 'hack lore' and its impact on cybersecurity, emphasizing the need to retire bad advice and focus on the basics. * AI and Hack Lore: The emergence of AI in cybersecurity introduces new challenges and misconceptions, leading to the creation of new hack lore around AI security advice and frameworks. Secure-by-design approach is crucial for AI and cloud systems * Leadership must take ownership of security and risk Chapters * 00:00 AI and Hack Lore: The New Frontier * 25:26 Security as an Afterthought in AI Implementation * 31:11 Cultural Perspective on Applying Security Basics to AI * 39:31 Secure by Design in Real-world AI Environments * 45:25 Ownership of Risk and Accountability * 50:53 Implementing Secure by Design Principles

Episode 18 - vGRC Evolution Part II of II

The conversation delves into the evolving role of GRC professionals, emphasizing the non-negotiable skills, challenges, and the shift from compliance operators to strategic partners. It also explores the influence of GRC on business decisions, burnout prevention, and the importance of continuous learning and risk-based decision-making. Takeaways * Technical understanding and fluency are non-negotiable skills for modern GRC professionals. * Risk management, continuous learning, and business context understanding are crucial for GRC professionals. * Data analytics and risk visualization play a significant role in GRC responsibilities. * GRC professionals are evolving from compliance operators to strategic partners, influencing business decisions earlier in the planning stage. * Challenges for GRC teams include continuous learning, resistance from within GRC and the business, and burnout prevention. * Leadership can better support evolving GRC roles by involving GRC professionals in strategic conversations early and building trust. * Prioritizing cloud hosting, security, and AI technology skills is essential for GRC professionals. * A risk-based approach and proactive decision-making are crucial mindset shifts for modern GRC teams. Chapters * 00:00 Skills for Modern GRC Professionals * 11:08 GRC as a Strategic Partner * 17:20 Challenges and Growing Pains * 22:37 Preventing Burnout

Episode 18 - vGRC Evolution Part I of II

The podcast episode explores the evolution of GRC roles, the impact of automation on GRC tasks, and the strategic shift in GRC expectations. It also delves into the measurement of the value of GRC beyond passing audits. The conversation highlights the expanding nature of GRC roles and the significant impact of automation on GRC tasks. Takeaways * GRC roles are expanding * Automation has significantly impacted GRC tasks Chapters * 00:00 Evolution of GRC Roles * 05:31 Impact of Automation on GRC Tasks * 21:31 Measuring the Value of GRC

Episode 17 - New Year, Same AI Risks

AI is no longer experimental—it’s embedded in enterprise systems, security operations, and everyday business tools. In this episode of The Seiso Side-Up Podcast, host Lauren Shaffer joins Seiso COO Eric Lansbery and co-host Heidi Patrick to discuss why AI security, AI governance, and risk management are now critical priorities. The conversation covers the evolution of AI adoption and the real risks organizations face, including model poisoning, data leakage, hallucinations, and unmanaged GenAI use. Eric shares practical guidance on applying NIST AI Risk Management Framework, ISO/IEC standards, ethical AI, and GRC best practices to build secure, compliant, and resilient AI programs. This episode delivers key 2026 AI governance takeaways for security leaders, GRC professionals, and executives looking to manage AI risk, meet regulatory expectations, and strengthen enterprise trust.