Voices of the Vigilant

Downloading Random AI Tools Is...A Career Choice

Everybody wants AI right now, and that includes the teams security rarely sees as “technical.” When marketing, HR, and ops start downloading agent tools, prompt packs, and random code from the internet, we get a new kind of software supply chain risk, one that most security programs are not staffed or tooled to handle. I sit down with Amber Bennoui, a product leader and builder who has worked across cloud security, developer pipelines, and software supply chain security, and who now co-leads community efforts through the AI Security Alliance (AISECA). We talk about the mindset behind frontier work: learning fast, asking better questions, and refusing to ship “AI features” that do not answer the basics of who, what, when, where, and why. Amber shares what it looks like to pressure-test guidance with peer reviewers so it works in real companies, not just on a spreadsheet. We also go deep on Jiffy Labs, Amber’s project to bring visibility, scanning, and risk scoring to the AI artifact ecosystem. Think inventory for prompts, models, and agent components, plus practical ways to assess provenance and lineage when security tools are blind to what is actually being pulled into environments. From the Mythos conversation to the reality of ephemeral code rewritten by autonomous agents, we unpack why traditional security patterns struggle and why the AI “shared responsibility model” is still missing. If you care about AI security, AI governance, DevSecOps, and the future of AppSec, this conversation will sharpen how you think and what you ask for next. Subscribe, share the show with a friend, and leave a review to help more people find Voices of the Vigilant. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

GRC Has Layers!

Security teams get asked the same question in a hundred different ways: “What’s the ROI?” We go straight at it with Monica Reagor, Manager of Information Security Compliance at Crestron Electronics and host of the My GRC POV podcast, to show how governance, risk, and compliance becomes a growth lever when it’s done with clarity, data, and the right relationships. We trace Monica’s path from technical IT roles into compliance, then zoom in on the real work of modern information security compliance: translating legislation into executive decisions, turning requirements into engineering action, and mapping frameworks like NIST and ISO 27001 so you can scale evidence, audits, and certifications without burning out your team. We also talk about why “I don’t make money” is the wrong framing and how security can protect revenue, reduce loss, and even help win contracts when customer security questionnaires become the price of entry. Then we get into the pressure cooker: AI governance, privacy, supply chain risk management, and the reality that regulations evolve across US states, federal agencies, the EU, and APAC markets at the same time. Monica shares why operating to the most restrictive standard can be the simplest global strategy, and why GRC must show up early so teams can move fast with documented risk decisions instead of last-minute blockers. If you’re building a GRC program, defending a security budget, or trying to connect compliance to real business outcomes, you’ll leave with language you can use and a clearer mental model for the layers. Subscribe, share this with a teammate who needs it, and leave a review with your biggest challenge proving security value. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Podcasthon 2026 Special - Cyberjutsu’s Playbook For Belonging In Cybersecurity

We are participating in Podcasthon 2026. Podcasthon is the world’s largest podcast charity initiative, bringing together podcasters globally to raise awareness for charitable causes. In support of this noble cause, we spotlight the Women’s Society of Cyberjutsu with CEO Mari Galloway, tracing how hands-on training, cohort mentorship, and a tight-knit community create real jobs and lasting confidence. We unpack CyberjutsuCon 2026, the “Beyond The Patterns” theme, and a make a clear ask to support growth. In this episode we discuss: • Origins of Cyberjutsu and the early workshop model • Mary’s path across SOC, vuln management, sales, and leadership • Why hands-on labs beat lectures for real skill transfer • The evolving mission to include chapters, academies, and grants • measuring impact with surveys, testimonials, and outcomes • Cohort mentorship that builds leaders and peers • Accessibility, scholarships, and low-cost entry points • CyberjutsuCon 2026 format, theme, and community vibe • Sponsorship tiers, current partners, and funding needs • Chapter expansion targets in Miami, Chicago, Seattle, Midwest • Vigilance as authentic leadership and daily practice If you know me personally, even if you don't know me personally, but you know me professionally, and we've done business together before, I expect you to step up. We need you to step up. You have no problem using the talent that is being produced by Cyberjutsu and other organizations. It's time for you to help. This is an easy way for you to invest in developing and growing talent  for your organization. It is a no brainer. Please get a hold of Mari, get a hold of me, go to the website - https://womenscyberjutsu.org/ and make difference. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Speaking Security: Leadership, Language, and Learning to Pivot

Security fails when it’s written for auditors instead of humans. Jess Vachon sits down with cybersecurity and privacy leader Ash Mohanaprakas to unpack how the best security programs feel practical, lightweight, and deeply aligned to the mission, even under pressure. Ash shares how she helps organizations turn security from a cost center into a strategic advantage that supports enterprise deals, customer trust, and acquisition readiness. Ash’s story is anything but linear: an Oxford-trained linguist, a first-generation immigrant, and one of the only undergraduate student parents during her time there. We talk about how language and identity shape the way people interpret risk, why “translation” is an underrated security leadership skill, and how her early governance, risk, and compliance work at a huge university taught her to design controls that researchers can actually live with. The conversation also gets candid about imposter syndrome, early-career salary constraints, and the confidence that comes from learning hard frameworks by doing real work. From ISO 27001 to SOC 2, we dig into what companies get wrong when they overbuild compliance with endless policies, and what to do instead when you need scalable security with minimal friction. We also tackle AI security and AI governance: why “AI-first” is not a differentiator, how to think about agentic workflows, and where AI can genuinely reduce repetitive GRC tasks so humans can focus on complex risk decisions and culture. If you care about cybersecurity leadership, pragmatic compliance, risk management, board communication, and building security programs that scale, this one will land. Subscribe, share this with a security leader who’s drowning in documentation, and leave a review with the most “unread policy” moment you’ve seen. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1

Built to Defend, Wired to Lead.

What if building stronger security started with building stronger people? We sit down with founder and researcher Shira Shamban to explore the human engine behind cloud security: courage, bias, pivots, and the relentless focus required to turn signal into action. From a values‑driven upbringing and early community projects to leading a startup through the 2020 lockdowns, Shira’s story pulls back the curtain on what it really takes to ship meaningful outcomes when the odds say don’t. We unpack her first thesis—PLG and shift‑left for developers—and why it crashed into day‑to‑day incentives. Then we trace the pivot: keep the core engine that analyzes cloud infrastructure and auto‑remediates misconfigurations, but deliver it to the security teams who own risk, reporting, compliance, and budgets. Along the way we confront the market reality of CSPM saturation, where category leaders win on brand safety as much as features, and how “nobody was fired for buying IBM” still shapes enterprise cybersecurity. The result is a candid look at tool sprawl, alert fatigue, and the real metric that moves CISOs: hours saved and friction reduced between security and engineering. Shira also shares why Israel keeps producing high‑impact cybersecurity startups—mandatory service, hands‑on constraints, and a figure‑it‑out mindset that mirrors startup life. We look ahead to AI in the cloud and quantum timelines without the hype, balancing today’s phishing and misconfigurations with tomorrow’s decryption risks. Most of all, we talk advocacy: saying yes to the stage to make women visible, mentoring through communities like She Codes and Cyber Ladies, and treating karma as infrastructure for a healthier industry. If you care about cloud security, startup execution, and the people who make both possible, this conversation will sharpen your lens and expand your playbook. Subscribe, leave a review, and share it with someone who needs a push to take the next step. Send us Fan Mail [https://www.buzzsprout.com/2434484/fan_mail/new] Support the show [https://www.buzzsprout.com/2434484/support] https://www.vigilantviolet.com/ www.linkedin.com/in/jessvachon1