Guardians of the Data

Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49

40 min · I går
episode Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49 cover

Beskrivelse

AI has changed the conversation around cybersecurity, but according to Anand Thangaraju, the real challenge has not changed at all: protecting what matters most. In this episode, Ward talks to Anand where he explains why proprietary data has become every organization's most valuable asset and why traditional security approaches are struggling to keep pace. From data lineage and insider risk to agentic remediation and AI driven security operations, he lays out a future where context matters more than tools and where security teams need to understand not just where data lives, but why it moves and who is moving it. Takeaways: * Your crown jewels are your proprietary data. In an AI driven world where public information is being commoditized by the minute, the only thing that gives your organization a true competitive edge is what it knows that no one else does. If you do not have a strong grip on that proprietary data, you do not have a fighting chance. * Stop waiting for the perfect moment to turn on visibility. One of the most common traps CISOs fall into is holding off on DSPM adoption until every compensating control is already in place. Start building now, because the longer you wait for perfection, the more your data sprawl grows into something that is genuinely unmanageable. * Treat data security as a program, not a product. No single tool is going to solve your data security problem. The organizations making real progress are the ones pairing the right technology with the right people, clear policies, and a genuine understanding of what bad actors would actually want from their environment. * Build your insider risk and data security programs together. These two disciplines share the same foundation: knowing where your sensitive data lives, who is touching it, and whether that behavior is normal. Tackle them in silos and you are leaving the most important use cases on the table. * Before you automate remediation, earn the right to do it. A crawl, walk, run approach is not timidity, it is strategy. Start with alert only mode, study your false positive rate, and give your model time to learn the nuances of your business before you hand it the keys to take action. Quote of the Show: * "The model should be almost like a trained security architect or security engineer. It should be able to reason for every single action it's taking." - Anand Thangaraju Links: * LinkedIn: https://www.linkedin.com/in/athangaraju/ [https://www.linkedin.com/in/athangaraju/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

Kommentarer

0

Vær den første til å kommentere

Registrer deg nå og bli medlem av Guardians of the Data sitt community!

Prøv gratis

Prøv gratis i 14 dager

99 kr / Måned etter prøveperioden. · Avslutt når som helst.

  • Eksklusive podkaster
  • 20 timer lydbøker i måneden
  • Gratis podkaster

Alle episoder

50 Episoder

episode Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49 cover

Emerging Threats in Data Protection - Anand Thangaraju - Guardians of the Data - Episode # 49

AI has changed the conversation around cybersecurity, but according to Anand Thangaraju, the real challenge has not changed at all: protecting what matters most. In this episode, Ward talks to Anand where he explains why proprietary data has become every organization's most valuable asset and why traditional security approaches are struggling to keep pace. From data lineage and insider risk to agentic remediation and AI driven security operations, he lays out a future where context matters more than tools and where security teams need to understand not just where data lives, but why it moves and who is moving it. Takeaways: * Your crown jewels are your proprietary data. In an AI driven world where public information is being commoditized by the minute, the only thing that gives your organization a true competitive edge is what it knows that no one else does. If you do not have a strong grip on that proprietary data, you do not have a fighting chance. * Stop waiting for the perfect moment to turn on visibility. One of the most common traps CISOs fall into is holding off on DSPM adoption until every compensating control is already in place. Start building now, because the longer you wait for perfection, the more your data sprawl grows into something that is genuinely unmanageable. * Treat data security as a program, not a product. No single tool is going to solve your data security problem. The organizations making real progress are the ones pairing the right technology with the right people, clear policies, and a genuine understanding of what bad actors would actually want from their environment. * Build your insider risk and data security programs together. These two disciplines share the same foundation: knowing where your sensitive data lives, who is touching it, and whether that behavior is normal. Tackle them in silos and you are leaving the most important use cases on the table. * Before you automate remediation, earn the right to do it. A crawl, walk, run approach is not timidity, it is strategy. Start with alert only mode, study your false positive rate, and give your model time to learn the nuances of your business before you hand it the keys to take action. Quote of the Show: * "The model should be almost like a trained security architect or security engineer. It should be able to reason for every single action it's taking." - Anand Thangaraju Links: * LinkedIn: https://www.linkedin.com/in/athangaraju/ [https://www.linkedin.com/in/athangaraju/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

I går40 min
episode Where Is Your Grandmother's Data? - David Smith - Guardians of the Data - Episode #48 cover

Where Is Your Grandmother's Data? - David Smith - Guardians of the Data - Episode #48

Most organizations have spent decades classifying data without ever asking the most important question: what are we actually trying to do with that classification? In this episode, David Smith, a cybersecurity leader with 30 years of experience across financial services, biopharma, consulting, and the vendor space, reframes the entire data governance conversation around one deceptively simple idea: custodianship. David argues that AI did not create the data governance crisis. Organizations handed it 30 years of ungoverned data and said go. What AI did was pull the covers off a problem that has been quietly compounding through every layer of abstraction since the mainframe days. Takeaways: * Every new layer of data technology, from data warehouses to cloud to AI, breaks the original rules attached to data. The further data gets from its source, the harder it is to enforce how it should be used or protected. * Good data governance isn't about corporate policies and DLP rules. It's about custodianship, treating every data set the way you'd treat something precious that belongs to someone you love, and being intentional about who can access it, how it's stored, and what happens if something goes wrong. * AI doesn't create data governance problems, it inherits them. When organizations feed decades of ungoverned data into AI systems, they're handing enormous power to a tool that has no way to respect rules that were never properly defined in the first place. * Data classification fails most organizations not because the concept is wrong, but because schemas focus too much on what the data is and not enough on what people are allowed to do with it. Traffic Light Protocol is a better model because it defines behavior, not just sensitivity level. * Starting a cybersecurity career at the help desk builds skills no technical training can replicate. Learning to solve problems under pressure with frustrated users and outdated systems directly prepares you for the real-world constraints of enterprise security work. Quote of the Show: * "AI inherited rather than creating the data governance problem. Organizations handed it 30 years of ungoverned data and said go." - David Smith Links: * LinkedIn: https://www.linkedin.com/in/davidesmithcissp/ [https://www.linkedin.com/in/davidesmithcissp/] * Personal Website: https://desmithsecurity.com/ [https://desmithsecurity.com/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

25. juni 202645 min
episode Governance Never Ends - Zach Lewis - Guardians of the Data - Episode # 47 cover

Governance Never Ends - Zach Lewis - Guardians of the Data - Episode # 47

What happens when a ransomware threat actor claims they have 380 gigabytes of your data and you have no idea what is actually in it? That was the reality Zach Lewis faced, and it became the catalyst for one of the most thorough data governance journeys you will hear on this show. In this episode, Ward sits down with Zach Lewis, CIO and CISO in the healthcare and higher education space, author of "Locked Up," and a 15 year veteran of the industry. Zach breaks down how a ransomware incident forced a complete reckoning with data classification, what a real multi year DSPM journey actually looks like from the inside, and why normalizing open conversation about cyber attacks might be the most important thing the security community can do right now. Takeaways: * Don't let a good crisis go to waste. A ransomware event, while devastating, can unlock budget, leadership attention, and organizational urgency that would have taken years to build otherwise. The smartest move after an incident is to channel that momentum into the data governance work you already knew needed to happen. * Data classification is not a policy problem, it is an execution problem. Having a policy on paper means nothing if the data isn't actually tagged, governed, and tied to access controls. The real work starts when you move from defining classifications to enforcing them at scale, and that is where tooling and AI become non negotiable. * Data governance is a forever journey, not a project. Even after years of work, Zach's team is still tackling retention, deduplication, and classification accuracy. The goal is not perfection on day one but consistent progress, eating the elephant one bite at a time. * Legal is your secret weapon. General counsel carries a kind of organizational gravity that IT rarely does. When you can align data hygiene and retention efforts with legal risk, people listen and things actually get deleted. * AI is shifting the math on what is even possible. Tasks that would have required a team of analysts reviewing files around the clock can now be handled automatically and accurately. Leaders who lean into AI for data security today are building the foundation that makes everything else, from Copilot adoption to regulatory compliance, far less terrifying tomorrow. Quote of the Show: * "A data governance journey never ends. It's a forever journey. Much like zero trust, the heavy lifting gets done and then it's about setting the right processes in place." - Zach Lewis  Links: * LinkedIn: https://www.linkedin.com/in/zacharylewis1/ [https://www.linkedin.com/in/zacharylewis1/] * Book Link: https://homesteadingciso.com/getlockedup/ [https://homesteadingciso.com/getlockedup/] Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

18. juni 202644 min
episode Securing the Future - Jason Torres - Guardians of the Data - Episode # 46 cover

Securing the Future - Jason Torres - Guardians of the Data - Episode # 46

What would happen if someone asked your team right now who has access to your most sensitive data and why? For most organizations, that question alone exposes just how far they still have to go. In this episode, Jason Torres draws on over 20 years of experience in healthcare cybersecurity to make the case that data security still comes down to two fundamentals that most organizations haven't cracked, knowing where your data lives, and knowing who is attached to it. Jason breaks down why regulated industries like healthcare face a uniquely relentless challenge where data creation never stops, clinical staff have little patience for security friction, and the stakes of getting it wrong are measured in patient trust and breach costs. He also shares why AI governance committees are the non negotiable first step before any organization touches AI tools.  Takeaways: * Start with the basics, know where your data lives. Before any tooling, framework, or governance program can take hold, organizations need to first identify, locate, and classify their data. It sounds simple, but most companies still can't confidently answer that question, and everything else depends on it. * Access and ownership are two different problems. Knowing who should have access to data is not the same as knowing who does. Closing that gap requires ongoing partnership between security teams and business stakeholders, not just a one time audit. * AI governance must come before AI adoption. Throwing AI tools at the business without establishing governance frameworks, leadership buyin, and usage policies is, in Jason's words, "the Wild Wild West." Forming an AI governance committee to define expectations and outcomes is the essential first step. * The business case for security tools has fundamentally changed. Where organizations once needed dedicated headcount to implement and run new solutions, AI-driven automation is shifting that model, enabling teams to repurpose existing talent rather than request new hires, and to justify investments with clearer, metrics backed ROI. * Diverse backgrounds build stronger security teams. Some of the most effective security professionals didn't come up through traditional IT paths. Bringing in people with backgrounds in finance, communications, or even ministry, as Jason did, creates the range of perspectives and communication styles that make security teams more resilient and well rounded. Quote of the Show: * “Every journey begins with the first step. There's no blueprint for becoming a security leader. It all depends on the time you put in, the knowledge you develop, the action you put forth — and ultimately the relationships you build along the way." - Jason Torres Links: * LinkedIn: https://www.linkedin.com/in/jasontorres/ [https://www.linkedin.com/in/jasontorres/]  Ways to Tune In: * Transistor: https://guardiansofthedata.show/ [https://guardiansofthedata.show/]   * Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ [https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ]  * Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 [https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323]  * Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data [https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data] * iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ [https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/] * YouTube: https://www.youtube.com/@GuardiansoftheDataPod [https://www.youtube.com/@GuardiansoftheDataPod]

11. juni 202645 min
episode Where Are Your Crown Jewels? - Tony Schimizzi - Guardians of the Data - Episode #45 cover

Where Are Your Crown Jewels? - Tony Schimizzi - Guardians of the Data - Episode #45

What if someone asked you right now where your most sensitive data lives? Most organizations would struggle to give a confident answer. In this episode, Tony Schimizzi draws on years of consulting experience to make a point that cuts to the core of modern data security: this is no longer just a cybersecurity problem. It has become a large-scale business operations and governance challenge. Tony breaks down why data sprawl across SaaS products, cloud apps, and collaboration tools has made it nearly impossible for most companies to know where their data is, let alone where the crown jewels are and how well they are protected. Takeaways: ~ Do the Fundamentals First: Asset management, visibility, access control, data classification. These have not changed, and they will not. Most breaches happen because the basics were not in place. ~ Security Is a Double Negative: IT can point to uptime as value. Security cannot point to revenue. Understanding that dynamic and learning to communicate in KPIs and measurable outcomes is how security teams earn their seat at the table. ~ Say Yes, And: The most effective security professionals are not the ones saying no. They find the compensating control that lets the business move forward safely. Never no, but. Always yes, and. ~ Build a Risk Council: Instead of having security engineers fight business decisions above their pay grade, bring the right leaders together: CISO, IT, HR, marketing, legal. Let them hash it out. Decisions made there carry weight decisions made at the engineer level never will. ~ If It Matters, It Should Be Measurable: KPIs taken to the board quarterly, along with examples of incidents that did not escalate because controls were in place, are how security teams demonstrate value without a direct revenue line. ~ Understand How the Business Makes Money: Before you can evaluate risk, you need to know what the business actually runs on. If your initiative would slow down the revenue engine, you need to know that going in. ~ Take Risks When You Are Young: Professionally and personally, the window to experiment, grind, and separate yourself is in your 20s. It is easier to course correct early than to try to change direction later. Quote of the Show: "Companies no longer fully understand or control identity, access, and the data movement across their environments." Tony Schimizzi Links: ~ LinkedIn:https://www.linkedin.com/in/anthony-schimizzi-cissp-ccsp-cism-issap-045b7a82/ Ways to Tune In: ~ Transistor: https://guardiansofthedata.show/   ~ Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ  ~ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323  ~ Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data ~ iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/ ~ YouTube: https://www.youtube.com/@GuardiansoftheDataPod

4. juni 202645 min