You Can't Outrun a Script: AI Security in a Law Firm with Michael Massey - Ep 220

Building the School of the Future in Kansas with Rob Dickson - Ep 222

Guest Introduction: Rob Dickson [https://www.linkedin.com/in/showmerob/] is the CIO of Wichita Public Schools [https://www.usd259.org/], the largest school district in Kansas, serving just under 50,000 students across 87 schools and programs throughout the Wichita metro area. In a role that spans both operational and instructional technology, Rob oversees cybersecurity and infrastructure alongside a portfolio of forward-looking educational initiatives that includes a public micro school, an immersive coding program, a hub for advanced cybersecurity and machine learning education built in partnership with Wichita State University, and a summer STEM camp serving 800 middle school students. He brings a career that started in the U.S. Air Force and spans 27 years in education technology to one of the most ambitious public school technology programs in the country. Here's a Glimpse of What You'll Learn * How Wichita Public Schools built Future Ready Centers where students learn advanced manufacturing, BioMed, and cybersecurity in environments that look nothing like classrooms * Why Rob draws a sharp line between productive struggle and cognitive offload, and why getting that balance right is the most important AI challenge in education today * How AI-powered tabletop exercises running on continuous improvement cycles are changing how Rob's team builds and tests its security posture * Why 900 job applicants for a single data analyst position turned out to be a social engineering threat vector and what Rob did about it * Why Rob is hiring students from WSU Tech to do real cybersecurity work and refresh 45,000 devices this summer * Why skills now have life cycles measured in years rather than careers, and what that means for how schools and post-secondary institutions need to rethink what they teach * Why the superintendent who gives his team room to take risks is the most important ingredient in everything Wichita is building In This Episode Rob opens with a description of Wichita Public Schools that reframes what a public school district can look like when leadership decides to build toward industry outcomes rather than test scores. The Future Ready Centers are not classrooms. The advanced manufacturing center teaches students to build planes. The Hack, the new hub for advanced computer knowledge built in partnership with Wichita State University, teaches cybersecurity and machine learning as extensions of computer science, with data science on the way. The micro school called Creative Minds runs on a 2.5-hour instruction model with the rest of the day in project-based learning organized around a year-long theme. This year it was animal conservation. Last year it was food preservation, culminating in a dinner and a show. Rob is explicit that none of this exists without the relationships that came first: with WSU Tech, with Wichita State, with local industry, and with the state Department of Education that had to understand what a school day that does not look like a school day actually is before it could be approved. The AI and education section of this episode is where Rob makes his most intellectually precise argument. Cognitive offload is real and useful. He does it himself every day to get through the work. But productive struggle cannot be outsourced because the wisdom that comes from working through a hard problem is not transferable. AI can help a student produce an output, but it cannot understand the material from the student's lens, bias, and perspective. That understanding only develops through the struggle, and once it exists, it is what makes a person capable of evaluating AI's outputs rather than simply accepting them. Rob draws the through-line to agentic AI directly: when you build an AI agent, you have to decompose a task to its root level and make it highly verifiable. If the task is not verifiable, subjectiveness enters the picture. And subjectiveness requires wisdom. And wisdom only comes from the productive struggle that most shortcuts are trying to skip. It is one of the more complete and practically grounded arguments for teaching children how to think before teaching them how to use AI that this podcast has featured. The security section of this episode delivers two concrete and specific examples that most IT leaders outside of education will not have heard before. The first is the 900-applicant problem: Rob posted a data analyst position and received over 900 applications. When his team began vetting them, a significant number were not real people. They were social engineering attempts to get an insider into the district's systems with access to student data. The second is the continuous improvement tabletop model, where instead of scheduling the annual March tabletop exercise and calling it done, Rob's team runs scenarios through AI, posts the results, and uses the memory the system has built to push the next scenario further. The result is a security posture that improves continuously rather than in once-a-year snapshots. Both examples reflect the same underlying principle: the threat environment in a school district is as complex as any enterprise, and the organizations that survive are the ones that treat security as a process rather than an event. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

From 45-Year Mainframe to AI Campus: Loyola's CIO on What Works with Alan Schomaker - Ep 221

Guest Introduction Alan Schomaker is the CIO of Loyola University New Orleans, a Jesuit-based institution of approximately 5,000 students that includes a law school and sits on the Gulf Coast as one of four Loyola universities across the country. Five years into his tenure, Alan has led one of the more dramatic technology transformations in higher education, taking the university off a 45-year-old mainframe system and into a cloud-based infrastructure, navigating a hurricane mid-implementation, and now building an AI adoption culture that encourages faculty and staff to solve their own problems rather than wait for IT to do it for them. Here's a Glimpse of What You'll Learn * How Alan led Loyola through a mainframe-to-cloud migration while a hurricane shut down operations mid-implementation * Why ghost students powered by AI agents are committing financial aid fraud at universities across the country and how Alan's team is detecting them * Why locking down AI to a single approved tool is short-sighted and what Alan is doing instead to prevent shadow AI from taking root on campus * How a new registrar used ChatGPT to solve in 16 hours a workflow problem that IT had been unable to crack for a year * How that same registrar then built an AI scheduling tool that reduced a week-long whiteboard process to 10 minutes * Why AI writes better SQL than most database administrators and what that means for how technical staff should be thinking about their role * Why teaching students how to use AI is the same obligation universities have always had with every other powerful tool In This Episode Alan's first five years at Loyola University New Orleans read like a case study in change management under pressure. He inherited a 45-year-old mainframe that some staff still describe as the greatest system ever built, navigated the cultural resistance of moving business processes back to the departments that own them, and did it all while a hurricane shut the campus down for a month in the middle of the implementation. The technical migration was the easy part. Getting people to accept that having more control over their own systems was a benefit rather than a burden was the harder work, and Alan is candid that it is still ongoing. What that experience built in him is a clear instinct about where the real friction in technology adoption lives, and it is almost never in the technology. The ghost student problem Alan describes is one of the most specific and underreported AI threat vectors this podcast has covered. AI agents are being deployed to enroll as fake students in online programs, submit falsified identification documents, collect financial aid and Pell Grant money, and disappear. Alan knows it is not unique to Loyola because he has compared notes with CIOs at other universities and found it spreading. The tell that cracked it open at Loyola was an address verification check that started returning properties actively listed for sale on Zillow. That single data point revealed the fraudulent enrollment pattern and prompted a broader vetting process that now correlates IP location, phone verification, SSN identification, and address data before admissions decisions are made. It is a practical, layered response to a threat that most institutions have not yet acknowledged publicly. The two stories Alan tells about his new registrar are the best argument for democratized AI problem-solving this podcast has captured in a single episode. The first: a grade change workflow that had defeated IT for a year, attempted through the ERP's native tools, abandoned at 80% completion, and then solved by the registrar in 16 total hours using ChatGPT to build a Google Form with scripting, a logging sheet, automated email routing, an approve-deny button for the associate dean, and a two-day reminder trigger. Simple, elegant, and built by the person who understood the process because he lives it. The second: a class scheduling tool that replaced a week of whiteboard and Post-it note work with a 10-minute automated output, complete with a shareable dashboard for the facilities team to assess building impact before scheduling repairs. Alan's response to both was not to shut them down but to help vet them for security and get them into production. His philosophy is explicit: if IT becomes the bottleneck, shadow AI fills the gap. He would rather be the person staff bring ideas to than the one they hide them from.

You Can't Outrun a Script: AI Security in a Law Firm with Michael Massey - Ep 220

Guest Introduction Michael Massey [https://www.linkedin.com/in/michaeljmassey/?skipRedirect=true] is the CISO at Reminger Co LPA [https://www.reminger.com/], a defense-focused law firm handling medical malpractice defense, workers compensation defense, and insurance defense across a large portfolio of client matters. With a background that includes time at IBM Watson Health during what he describes as the early days of AI in healthcare analytics, Michael brings a practitioner's perspective to one of the most data-sensitive environments in cybersecurity: a law firm storing thousands of confidential client records, HIPAA-covered medical files, and privileged communications that cannot afford to be compromised. Here's a Glimpse of What You'll Learn * Why Michael's team discovered their own AI-powered security tools were working correctly by accidentally locking themselves out * How Darktrace Identity and Rapid7 are functioning as the frontline defense layer at Reminger and what real-world triggered alerts actually look like in practice * Why attorneys citing AI-hallucinated case citations before judges is the most concrete example of what happens when verification stops * How DLP tools surface genuine insider threat activity and why filtering the noise to find the real signal is one of the hardest ongoing challenges in legal IT * Why Michael's time at IBM Watson Health gives him a firsthand lens on how fast AI can move from promising to catastrophic when governance is absent * Why the vendor vetting process has become one of the most time-consuming and frustrating parts of AI adoption in a HIPAA-regulated environment * Why the cat and mouse game between attackers and defenders will never end and what that means for how security teams should be building their programs In This Episode Michael opens with a phrase that stopped the host mid-sentence: you cannot outrun a script. It is the clearest and most economical summary of why AI-powered security is no longer optional that this podcast has captured. When attackers are operating at machine speed, any defensive posture that depends on human reaction time is structurally behind. Michael is not making an abstract argument. He is describing his operational reality at a law firm where confidential client records, HIPAA data, and privileged legal communications are stored across a system that receives attempted intrusions on a regular basis. Darktrace and Rapid7 are not aspirational purchases. They are the tools he relies on daily, and he tells the story of how he knows they work because both he and a colleague locked themselves out of their own systems within the same week by doing something outside their normal behavioral pattern. The AI flagged it, acted on it, and left two security administrators calling each other for help. His conclusion is exactly right: that is not a problem, that is proof. The legal AI section of this episode is where Michael brings a perspective most security guests cannot. Attorneys at firms across the country are now appearing before judges with case citations that do not exist, sourced from AI systems that hallucinated the precedents with complete confidence and no disclaimer. In the legal world, Michael notes, they have their own term for this now. Law clerks are finding the ghost cases. Judges are calling attorneys to account. Disciplinary counsel is getting involved. Fines, suspensions, and in some cases disbarment proceedings are following. Michael draws the through-line to security directly: the same verification failure that burns an attorney in a courtroom burns a security analyst who acts on a false positive without checking. The tool is only as good as the human process built around it. At Reminger, the challenge is particularly acute because attorneys are naturally risk-averse and because many of them do not realize they are already using AI tools, a fact revealed by an internal survey where staff said they did not use AI while actively relying on AI-powered systems every day. The IBM Watson Health story is the most historically grounded moment in the episode and one of the more sobering case studies this podcast has featured. Michael was there when Watson Health was doing what he now recognizes as early AI: ingesting thousands of hospital records, building treatment outcome models, identifying that Drug A produced better results than Drug B or C for patients matching specific profiles. It worked. Then it moved into cancer research and it moved too fast, and the result was a patient receiving chemotherapy who did not have cancer, a lawsuit, and the end of Watson Health as a going concern. Michael uses this not as a cautionary tale against AI but as a calibration: the pace of adoption has to be matched to the quality of the governance surrounding it. The organizations and governments that cannot move fast enough to build appropriate guardrails are not being slow. They are being outrun by a technology whose consequences they cannot yet fully anticipate. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

Why AI Rollouts Fail and What Employers Did Differently with Kelley Kage - Ep 219

Guest Introduction Kelley Kage is the CIO of Employers Insurance, a 113-year-old workers compensation carrier operating nationwide that recently expanded into excess workers compensation. Overseeing technology, data, product management, and cybersecurity, Kelley has led one of the most deliberate and results-driven enterprise AI rollouts featured on this podcast, achieving 77% adoption and 90% training completion companywide within the first two months of deploying Claude across the entire organization. She brings a change management framework to AI adoption that is already delivering measurable business value, and a conviction that the insurance industry is not the laggard in this transition but an opportunity to lead it. Here's a Glimpse of What You'll Learn * Why Kelley frames governance as an on-ramp rather than a speed bump and how that reframe changes every conversation with skeptical stakeholders * How Employers achieved 77% adoption and 90% training completion companywide within two months and the sequencing that made it possible * Why the ROI on their Claude rollout is already paying for itself multiple times over and why those ideas came from business leaders, not the tech team * Why AI adoption is a change management problem rather than a technology problem and what that distinction means for how you plan the rollout * Why the companies approaching AI purely from a cost savings or headcount reduction mindset are building toward the wrong outcome * How Kelley thinks about AI as an equalizer for executive coaching and mentorship access across every level of an organization * Why being at the front of regulatory evolution is a strategic advantage in heavily regulated industries and how Employers is positioning for exactly that In This Episode Kelley opens with a framing that separates this episode from most AI adoption conversations immediately: governance is not a speed bump, it is the on-ramp. That single reframe carries significant weight in a 113-year-old insurance company where the instinct to slow down for compliance is deeply ingrained. Kelley's argument is not that governance should be bypassed in the name of speed. It is that governance built correctly and in advance is what allows organizations to move faster once the guardrails are in place. Partnering legal, HR, and cybersecurity into the AI adoption process from the start is not overhead. It is the architecture that makes rapid deployment possible without the expensive course corrections that come from moving first and asking permission later. For a regulated industry operating under ongoing scrutiny from multiple agencies, that distinction matters enormously and she makes it clearly. The Claude rollout section of this episode is the most detailed and credible enterprise AI deployment case study this podcast has featured. Kelley is specific about the numbers: 77% adoption rate and 90% training completion in the first one to two months, with ROI already paying for itself multiple times over. But what makes the account valuable is not the metrics. It is the sequencing. The rollout started with the executive team and their direct reports, who went through an intensive training program designed not just to teach them how to use the tool but to retrain how they think about their own business processes. The technology deployment followed the mindset shift, not the other way around. The proof that this sequencing worked came at a companywide event at the end of March, where business leaders presented what they had built themselves with Claude and the value they had already generated. It was not the technology team presenting a roadmap. It was the business owners showing what they had made. That distinction is the one that determines whether an AI rollout produces adoption or produces a tool that 85% of the workforce quietly stops using after 90 days. Kelley closes with an argument about the future of AI in leadership development that is one of the more original takes the podcast has captured this season. Executive coaching has always been costly and difficult to access, which means it has historically been available only to a narrow slice of any organization. AI changes that by giving anyone at any level a tool they can teach who they are, what they are trying to achieve, and what challenges they are working through. Kelley is careful to note that it works best in partnership with human mentors, not as a replacement for them. But the democratization of access to that kind of reflective, feedback-oriented thinking is a genuine shift in what leadership development can look like inside an organization. Paired with her personal board of directors model, which she recommends to everyone she mentors, it represents a framework for continuous growth that does not depend on seniority, budget, or having the right sponsor in the room. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]

Machine Speed Attacks, Voice Agents, and Why Bad AI Excuses Fail with Keith Trawick - Ep 218

Guest Introduction Keith Trawick [https://www.linkedin.com/in/keith-trawick/] is the CIO of Stretch Zone [https://www.stretchzone.com/], a practitioner-assisted stretching franchise with more than 420 locations across the country and another 75 to 80 expected to open this year. He joined the organization as employee number one when it made the move from boutique wellness service to scalable franchise brand roughly 12 years ago, helping build the technology infrastructure from the ground up in a category that did not exist before Stretch Zone created it. With a career rooted in subscription-based, member-centric businesses, Keith brings a systems-first perspective to the intersection of AI adoption, franchise operations, and the very human challenge of bringing hundreds of independent business owners along on the journey. Here's a Glimpse of What You'll Learn * What it means to build technology for a franchise category that did not exist when you started and how that shapes the systems-first philosophy Keith still operates from today * Why Keith believes the service Stretch Zone delivers is AI-resilient at the front line and where the real AI opportunity lives on the back end * How machine learning in security tools is the unsung hero of the current threat environment and why traditional patching alone cannot keep pace with machine-speed attacks * Why Keith is deploying AI voice agents for inbound and outbound calls across the franchise network and the data foundation problem that has to be solved first * How he is partnering with SoundHound on voice and Blend on middleware to build an agentic system that respects compliance requirements across hundreds of independently owned locations * Why outcome-based pricing for AI tools makes more sense than hourly labor for a franchise model and what that calculation looks like in practice * Why the organizations that wrote off AI after a bad ChatGPT hallucination experience are going to have a very hard time competing from here In This Episode Keith opens with an origin story that reframes what technology leadership looks like when you are building the category, not just the company. Stretch Zone did not have a Google Business Profile category to select when it launched because no such category existed. Nobody knew what getting stretched meant. Keith joined as employee one with the franchise growth model and has spent 12 years building the systems infrastructure that allows more than 420 independently owned locations to deliver a consistent, brand-defined member experience without micromanaging the owners running those businesses. That tension, between brand consistency and franchise autonomy, runs through every technology decision he makes, and it is the lens through which he evaluates every AI initiative the organization is now pursuing. The security section of this episode is where Keith gets most animated, and with good reason. He draws the machine learning versus LLM distinction with a water-in-the-boat analogy that lands harder than most technical explanations do. Traditional patching is reactive by design: the boat manufacturer notifies you of a defect, you patch the hull, done. But zero-day vulnerabilities exploited at machine speed do not wait for the notification cycle. What Keith wants is a system that detects water in the boat as it arrives, identifies where it came from, and addresses it before the hole is officially documented. That is what machine learning tools like Darktrace are doing in practice, and Keith makes a direct case that behavioral AI understanding what is normal for each user, each application, each network pattern, and flagging deviation from that is the only defensive posture that makes sense when the attack pace has crossed from human speed to machine speed. The voice agent initiative is the most concrete and forward-looking section of the episode. Keith is mid-implementation, weeks away from beta testing at targeted locations, and he is candid about exactly how complicated it is to deploy agentic AI responsibly across a franchise network. The technology problem, building an AI that can handle inbound member calls and make outbound follow-ups within the right guardrails, required choosing partners with deep expertise rather than assembling something from YouTube tutorials and automation harnesses. SoundHound handles the voice side. Blend handles the middleware and data layer. But what took the most work was building the data foundation underneath it: a consistent definition of what a member actually is across 420 locations where 100 different owners might give 250 different answers to that question. Keith is clear that the agentic capability is ready. The last mile is compliance, making sure outbound call campaigns are registered, approved, and respectful of each state's quiet period rules across hundreds of independently owned businesses. That is the problem he is solving in real time, and the fact that he is talking about it before the rollout rather than after makes this episode particularly valuable for anyone who is contemplating the same move. This episode is brought to you by Cyberlynx [https://cyberlynx.com/]