In this episode of Guardians of the Data, Ward sits down with Sweeney Williams, Head of Responsible AI, to unpack the biggest challenge facing data security today ... speed.

With over 20 years of experience spanning cybersecurity, privacy, and AI governance, Sweeney shares how the rapid acceleration of AI is reshaping everything from geopolitical competition to regulatory approaches and security threats. What once felt like a manageable evolution now demands constant adaptation, forcing organizations to rethink how they govern, secure, and deploy AI in real time.

The conversation explores why traditional approaches to regulation and risk management are struggling to keep up, how bad actors are leveraging AI to scale attacks, and why organizations can’t afford to wait for clarity before taking action. Sweeney also outlines practical steps for building a strong AI governance foundation, emphasizing the importance of fundamentals like data governance, transparency, and cross-functional collaboration.

Takeaways:

• Speed is the Defining Challenge of AI. AI isn’t just evolving quickly. It’s forcing rapid change across regulation, geopolitics, and security. Organizations are struggling to keep pace with constant shifts in capabilities and expectations.
• Regulation is Lagging and May Stay That Way. Global attitudes toward AI regulation have shifted dramatically, with many regions prioritizing innovation and competitiveness over strict governance.
• AI is Amplifying Security Risks. Bad actors are using AI to launch more sophisticated and scalable attacks, lowering the barrier to entry and increasing the pressure on security teams.
• Fundamentals Still Matter! Strong data governance, transparency, access controls, and bias mitigation remain essential, even as the technology evolves.
• You Can’t Wait for Clarity! Organizations that delay action until regulations stabilize risk falling behind. The best time to build AI governance is now.
• Third party AI Risk is a Growing Blind Spot. Vendors are rapidly embedding AI into their products, often without clear visibility, making third party risk management more complex than ever.

Quote of the Show:

• “The best time to plant your AI governance tree… is right now.” - Sweeney Williams

Links:

• LinkedIn: https://www.linkedin.com/in/sweeney-williams-00762564/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, Ben Rothke joins the show to break down the biggest data security challenges facing organizations today and why many of them are harder to solve than ever before.

With over 30 years in cybersecurity, Ben shares a grounded perspective on how the landscape has evolved from simpler perimeter-based models to today’s world of data sprawl, AI-driven threats, and overwhelming complexity. He explains why AI isn’t just another trend, but a “tsunami” that’s fundamentally changing how both attackers and defenders operate.

The conversation dives into why so many organizations are playing catch-up, how shadow IT and poor foundations create long-term risk, and why the most dangerous security problems can’t be solved with a single tool or quick fix. Ben also offers practical guidance on how teams can approach AI more responsibly, starting with clear use cases, strong guardrails, and embedding security from the very beginning.

Takeaways:

• Get Security Involved From the Start: Before deploying any new technology, especially AI, loop in information security from day one. Don't retrofit security after the fact; it's far more costly and risky.
• Define Your Use Case Before Buying Tools: Ask "What is my problem, and how will this tool solve it?" Don't buy enterprise AI or security tools because they're on the Gartner Hype Cycle. Start with a clearly defined use case.
• Create AI Policies and Guardrails Now: If your organization hasn't done it yet, immediately establish policies and processes governing how AI tools can be used: what data can be entered, by whom, and under what conditions.
• Document Before You Deploy: Create detailed design documents for any AI or IT system before rollout, covering use cases, security controls, privacy controls, and support plans. Undocumented "shadow IT" becomes tomorrow's critical vulnerability.
• Address Data Sprawl Proactively: Inventory where your data lives across servers, cloud, mobile, and third-party vendors. You can't protect what you don't know you have.
• Take Third-Party Supply Chain Risk Seriously: Even a single weak vendor can expose massive amounts of data. Vet your software supply chain rigorously.

Quote of the Show:

• “In the last year and change, the challenge of AI has just been a tsunami.” - Ben Rothke

Links:

• LinkedIn: https://www.linkedin.com/in/benrothke/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, Ward sits down with Brent Bigelow: security consultant, President of the Charlotte ISSA, and a cybersecurity veteran with nearly four decades of experience. They unpack one of the most persistent and overlooked challenges in data security: unstructured data.

Brent shares why unstructured data remains the “wild west” of security, how it quietly grows through everyday business operations, and why most organizations still struggle to get their arms around it, especially in the context of mergers and acquisitions.

The conversation explores how “shadow business” contributes to data sprawl, why traditional approaches like classification and DLP fall short, and how the rise of AI is accelerating both the risk and complexity of managing unknown data. Brent also reflects on his career journey from the pre-internet era to today’s AI-driven landscape, offering hard-earned lessons on sustainability, leadership, and staying curious in a rapidly evolving field.

Takeaways:

• Audit Your Unstructured Data: You can't protect what you don't know you have. Dedicate a formal project to discovering, cataloging, and classifying unstructured data across your organization, especially after mergers and acquisitions.
• Establish and Enforce a Data Governance Policy: Policy is the "stake in the sand." Define where data should live, in what formats, and who owns it. Without written policy, you have nothing to point to when a breach or compliance issue surfaces.
• Watch Out For "Shadow Business," Not Just Shadow IT: Business units are storing data in unauthorized places just as often as rogue IT does. Extend your data governance conversations beyond IT to include business unit leaders.
• Control Privilege and Access as People Leave: When employees move on, they often take data access, or even the data itself, with them. Enforce least-privilege and revoke access promptly at offboarding.
• Treat AI Ingestion of Unstructured Data as a Risk: If your organization is deploying Copilot, generative AI, or any LLM that touches internal data, understand what unstructured data it's consuming. Garbage in, garbage out, and the "garbage" could be sensitive or regulated data.
• Don't Let Duplicate Data Pollute Your AI Models: Version control and de-duplication matter more now than ever. Unmanaged duplicates degrade AI output quality and can introduce conflicting or outdated information into critical workflows.
• Know Your Data Classification Framework and Actually Use It: Internal use, confidential, public. Make sure employees understand how to label data and where each classification belongs.

Quote of the Show:

• “Unstructured data is no different than the ocean: it just keeps rising.” - Brent Bigelow

Links:

• LinkedIn: https://www.linkedin.com/in/brent-bigelow-02b7791/ 
• Website: https://www.charlotteissa.org/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, Andrew Wilder shares why traditional data loss prevention (DLP) programs have struggled to deliver real value, and what needs to change in an AI-driven world. Drawing from decades of experience leading security programs at global organizations, he breaks down the core challenge most teams still face: relying on humans to classify and manage massive volumes of data simply doesn’t scale.

The conversation explores how AI is reshaping data security, from automatically identifying sensitive data to reducing false positives and improving visibility across the organization. Andrew also explains why security should act as an enabler, not a blocker, and how CISOs can prioritize the right investments while balancing risk and business needs.

If you’re rethinking your approach to data security, AI, or DLP, this episode offers a practical look at what’s working, what isn’t, and where the future is headed.

Takeaways:

• Stop Relying on Humans to Classify Your Data: Manual data classification fails at scale. Invest in AI-powered DSPM tools that automatically crawl, catalog, and classify sensitive data across your environment.
• Use Just-In-Time Popups to Change User Behavior: Real-time prompts asking users to justify unusual data movement are more effective than blocking controls. They create accountability, generate valuable intel, and shift culture without requiring a large team to chase false positives.
• Think of Security as an Enabler, Not a Blocker: Present risks with options and let the business decide their risk appetite. Your job is to inform, not to dictate. Frame security like brakes on a Formula 1 car: they let you go faster safely.
• Look at AI From Three Angles: How is the business using it (and how do you secure that)? How are attackers using it? How can your security team use AI agents to do more with finite resources?
• Build a Team of "Bot Masters": Use AI agents to automate repetitive tasks (SOC L1 triage, GRC forms, legacy account cleanup, third-party risk). Free your human talent for higher-value, strategic work.
• Reassess Your Security Posture At Least Every 90 Days: The risk landscape changes fast (new AI models, zero-days, etc.). Your 3-year roadmap should be a living document, not a static plan.

Quote of the Show:

• “Your job as a CISO is to be kind of a ruthless prioritizer.” - Andrew Wilder

Links:

• LinkedIn: https://www.linkedin.com/in/apwilder/ 
• Website: https://cybersecurityintheboardroom.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, Ketan Gotmare shares how nearly two decades in cybersecurity have shaped his perspective on modern data protection and why today’s biggest challenge isn’t a lack of tools, but a fundamental imbalance between speed and control.

He introduces the concept of the “velocity versus control paradox,” where businesses are under constant pressure to move faster, adopt AI, and drive digital innovation while security teams are still expected to verify, govern, and reduce risk without slowing anything down. Ketan walks through the evolution of data security, from the “castle and moat” era to today’s borderless, cloud-first world, explaining why traditional approaches no longer work and what organizations must do instead. He emphasizes that security teams can no longer act as gatekeepers, and must shift toward enabling the business while still protecting sensitive data. The conversation dives into practical ways to get started, including how to define what sensitive data actually is, where it lives across structured and unstructured environments, and why most organizations struggle before they even begin implementing frameworks like zero trust.

Takeaways:

• Embrace the "Velocity vs. Control" Mindset: Security teams must stop being blockers. Find the balance between enabling business innovation and maintaining data protection.
• Apply Zero Trust as a Concept, Not a Product: Don't buy into "zero trust" tools blindly. Start small and identify your most sensitive/high-value data, layer controls around those assets, and expand from there. Never trust, always verify.
• Know What Your Sensitive Data Is Before Worrying About Where It Is: Partner with Privacy, Legal, and Compliance early. Ask: "If this data got out, would it cost us money or damage our brand?" That's your sensitive data. Define it in a formal standard before scanning anything.
• Don't Try to Boil the Ocean, Start with the Obvious: Prioritize structured/business-system data first. Then tackle unstructured user-generated data. Leave shadow data for the crawl/walk/run phase.
• Don't Do It Alone: Build strategic partnerships with data teams, privacy, legal, risk, and compliance. Data governance and data security have the same goals. Leverage that alignment.
• Think Data Lifecycle (DSPM), Not Just Classification + DLP: Track data from creation to retirement. Understand how data flows across your network, to SaaS platforms, and to third parties. Data lineage is the foundation of mature data security posture management.

Quote of the Show:

• “You cannot block the business.” - Ketan Gotmare

Links:

• LinkedIn: https://www.linkedin.com/in/ketangotmare/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, we unpack a huge topic: how to “speak business” when you’re a technology leader. We take a look back at recent episodes to hear from real cybersecurity experts on how they convey risk and security concerns to people who don't have the technical expertise.

This episode brings together insights from industry leaders on how to shift from being the “department of no” to becoming a trusted business partner by understanding business priorities, communicating risk in meaningful terms, and building strong cross-functional relationships.

Featuring: Antonio Taylor, Joshua Copeland, Rick Doten, Jennifer Fite, Mark Alvardo, Frank DePaola, and Sanjeev Kumar.

Takeaways:

• Stop Being the "Department of No": Instead of defaulting to blocking requests, find the safe and right way to enable what the business needs to do.
• Learn to Speak Business, Not Tech: Translate technical jargon and cyber risk into business risk, real dollars, and layman's terms so leadership can understand, support, and fund your programs.
• Be a Student of the Business: Understand your organization's structure, operations, long-term strategy, and threat landscape so you can give relevant, informed advice. 
• Build Relationships with Your Peers: Proactively connect with people across departments (HR, sales, operations) whose work your decisions will impact.
• Listen for Problems You Can Solve: In one-on-ones with business leaders, listen for pain points where security, automation, or AI can add value. Then offer solutions, not restrictions.
• Frame Security as Risk Guidance, Not Gatekeeping: Present risks, likelihoods, and impacts, but let the business make the final decision to accept, mitigate, or transfer risk.
• Make Business Partners an Extension of Security: When you bring people secure solutions that help them do their jobs, they start asking vendors the right security questions on your behalf.

Connect with these featured guests:

• Antonio Taylor: https://www.linkedin.com/in/antoniodtaylor/ 
• Joshua Copeland: https://www.linkedin.com/in/joshuacopeland/ 
• Rick Doten: https://www.linkedin.com/in/rick-doten-633470177/ 
• Jennifer Fite: https://www.linkedin.com/in/jenfitephd/ 
• Mark Alvarado: https://www.linkedin.com/in/mark-alvarado-8715148/ 
• Frank DePaola: https://www.linkedin.com/in/frankdepaola/ 
• Sanjeev Kumar: https://www.linkedin.com/in/trusted-ai-ciso/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this re-aired episode, we revisit a powerful conversation with Hans Vargas, Enterprise Data Protection Lead at Marathon Petroleum Corporation.

Hans shares timeless insights on one of the most persistent challenges in data security: understanding what data actually matters and how to protect it effectively. From the importance of data discovery and classification to the realities of working with business stakeholders, this episode is a practical look at what it takes to build a strong data protection foundation.

As organizations continue to navigate cloud adoption, AI, and increasingly distributed environments, Hans’s perspective is just as relevant today as when this episode first aired.

Takeaways:

• Know What You Need to Protect: Start with data discovery and identify what data you have, where it is, and what is sensitive. You can't protect what you don't know exists.
• Engage Data Owners Directly: Build relationships with data owners, not just stakeholders. Have open conversations to understand what is truly sensitive and important to the business.
• Communicate the Value of Data Protection: Clearly explain to business units why data protection matters, using relatable analogies if needed (e.g., moving houses, hoarding).
• Establish and Strengthen Data Governance: Ensure your organization has clear data governance policies covering the entire data lifecycle from creation to disposition.
• Collaborate Across Teams: Work closely with data governance, legal, and business units. Data security is a two-way street; share discoveries and insights to improve overall protection.
• Don’t Rely Solely on Tools: Deploying a tool is not enough. Make sure processes and responsibilities are in place before or alongside technology adoption.
• Consider the Full CIA Triad: Don’t focus only on confidentiality. Ensure data integrity and availability are also prioritized to keep the business running smoothly.

Quote of the Show:

• “I argue that the conversation about the architecture of how to protect data should be one of the first things.” - Hans Vargas

Links:

• LinkedIn: https://www.linkedin.com/in/hansvargas/ 
• Website: https://www.marathonpetroleum.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, Anand Pallapalayam, an enterprise data protection leader with nearly 30 years of experience, explains why the biggest data security challenge isn’t technology, it’s people. Anand breaks down the classic “three Ps” of security: people, process, and products. He argues that education and awareness should be the foundation of every security strategy. From understanding sensitive data types like PII, PHI, and PCI to teaching employees the real risks of data misuse, he shares why even basic training can dramatically improve an organization’s security posture.

Anand shares lessons from his career journey into data security and why continuous learning is essential in fields like technology. His message is simple but powerful: protect the data, educate the people, and build systems thoughtfully from the start.

Takeaways:

• Prioritize People Through Education: Start with mandatory employee training on data security fundamentals like what sensitive data is (PII, PHI, PCI), why it matters, and basic protection principles.
• Never Use Sensitive Data as Database Keys: Avoid using SSN, credit card numbers, or other sensitive data as primary or secondary keys in your database schemas. Instead, use sequential numbers or unique identifiers (UIDs) to minimize the exposure surface.
• Take Time to Design Systems Right the First Time: Invest 70-75% of your effort in planning and designing technical systems before implementation. "Postmortem work" to fix security flaws in production systems is expensive, risky, and disruptive.
• Understand That Data Abuse Exceeds Data Use: Recognize that in today's environment, the misuse and abuse of data is more prevalent than legitimate use. Train employees to be protective of sensitive information and question whether data collection is truly necessary.
• Use Tokenization Over Encryption When Possible: It preserves the original format, type, and size of data, improves usability for applications, and still protects sensitive data at rest.
• Separate Authorization from Authentication: Move beyond basic authentication to implement proper authorization controls. Limit access to sensitive data to only the 5% of employees who genuinely need it for their business functions.

Quote of the Show:

• “In this time and age, the abuse of data is more existing than the use of data itself.” - Anand Pallapalayam

Links:

• LinkedIn: https://www.linkedin.com/in/anand-pallapalayam-bb4a2a70/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, Ward sits down with Areejit Banerjee, Senior Manager of Data Protection and Product Strategy and published author, to unpack one of the biggest challenges in modern cybersecurity: protecting data in the age of artificial intelligence. With over 20 years of experience across banking, data analytics, AI, and adversarial systems, Areejit shares his perspective on how synthetic data, AI scraping, and outdated policy frameworks are reshaping the security landscape. 

Areejit explains how we are reaching the limits of decades of “organic” human-generated data. As that well runs dry, AI systems are increasingly trained on synthetic data generated from existing models. The risk? If the original datasets lacked global representation or contained structural bias, synthetic data doesn’t fix the problem; it compounds it.

Takeaways:

• Adopt a Three-Pillar Defense Strategy: Organizations must address data security through technical defenses, product design, and public policy engagement to modernize laws like the Computer Fraud and Abuse Act.
• Map Your Scraping Landscape With Common Language: Use standardized ontologies like OWASP's automated threat standards so legal, product, and technical teams speak the same language about threats. This prevents fighting different battles on different grounds.
• Classify Data By Value, Not Uniformly: Don't defend all data equally. Identify your data lineage and protect proprietary intellectual property more heavily while keeping commodity-level data more accessible to reduce friction for legitimate users.
• Implement Layered Defense Architecture: Create perimeter defenses, protect high-value business assets first, and adjust friction based on customer behavior.
• Connect Individual Work to Organizational Mission: Whether you're writing SQL code or building AI models, regularly reflect on how your specific contribution advances the larger mission. This transforms work from bill-paying to meaningful impact and increases job fulfillment.
• Conduct AI Impact Assessments Before Launch: Every product using AI should undergo an impact assessment using frameworks from Microsoft, NIST, or the EU AI Act to identify and mitigate bias before deployment, not after problems emerge.
• Balance Tactical and Strategic Security Initiatives: Create a day-zero tactical playbook (like onboarding AI-enabled bot detection vendors) while simultaneously planning strategic moves to avoid an endless backlog.

Quote of the Show:

• “If we use the same rule book that we had before, we are lagging. We are waiting for a catastrophe to happen.” - Areejit Banerjee

Links:

• LinkedIn: https://www.linkedin.com/in/areejitbanerjee/ 
• CircleID: https://circleid.com/members/9502
• Dark Reading: https://www.darkreading.com/author/areejit-banerjee 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, Ward sits down with retail CISO Mark Alvarado to unpack one of the biggest misconceptions in cybersecurity leadership: technical expertise alone isn’t enough anymore. With over 20 years of experience across digital risk, IT infrastructure, and data privacy, Mark shares why today’s most successful CISOs must master emotional intelligence, relationship building, and business alignment. The conversation explores what it truly takes to build a resilient, business-aligned security program.

Takeaways:

• Be a Student of Your Business: Deeply understand your company's structure, operations, long-term strategy, and threat landscape to provide relevant security advice and build effective programs tailored to your organization's unique culture.
• Prioritize EQ and Relationship-Building Over Pure Technical Skills: The most critical CISO skill today is emotional intelligence and the ability to translate complex security concepts into business language that leadership can understand and act upon.
• Focus Security Efforts on Identity and Network Access: Since all data access requires user IDs and network connectivity, concentrating your resources on authentication management and network security provides the strongest foundation for protecting business data.
• Document Everything Systematically: Create comprehensive, well-organized documentation of processes, procedures, and configurations to ensure knowledge transfer, program continuity, and operational efficiency when team members change.
• Accept That You Can't Stop Everything: Rather than trying to prevent all threats, focus on protecting your most critical business data, limiting blast radius when incidents occur, and ensuring rapid recovery capabilities.
• Invest in Continuous Learning: Stay current with evolving technology, regulations, and threat landscapes through formal education, certifications, peer networking, and industry conferences to remain effective in this rapidly changing field.

Quote of the Show:

• “We can’t really one hundred percent stop cyber crime,… but we can limit the blast radius.” - Mark Alvarado

Links:

• LinkedIn: https://www.linkedin.com/in/mark-alvarado-8715148/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, Ward sits down with Jason Elrod, Founder of Limitless Cyber and CISO of a multi-billion-dollar healthcare system, to unpack the real risks and realities of AI in today’s enterprise.

Jason makes it clear: AI may be the biggest emerging data threat, but the fundamentals haven’t changed. Data inventory, classification, identity controls, and governance frameworks still form the bedrock of security. The problem? Many organizations skipped those steps and are now trying to integrate AI into fragile environments. As cyber threats accelerate, attackers are already leveraging automation and AI. Jason argues that defenders must do the same by using AI to automate, augment, and amplify blue teams rather than replace them.

Takeaways:

• Don't Give AI Direct Access to Everything: Never connect AI directly to your data lake or core systems. Instead, create a curated "bastion dataset" specifically for AI use cases.
• Master the Fundamentals First: Data inventory, classification, and context are essential. Make sure you have these mastered before integrating AI into your organization.
• Pause and Assess Your Current AI Deployments: Prioritize AI use cases that deliver actual ROI vs. just "interest on investment," and stop exploratory AI projects until the fundamentals are in place.
• Implement AI for Defense: Use AI to automate, augment, and amplify your security team. You must use AI to defend against AI-speed attacks.
• Career Advice: Out-Frame AI, Don't Outwork It: Focus on skills AI can't replace: discernment, integrity, morality, judgment, and become AI's manager rather than its competitor.
• Pay the Cost in Discipline Now, Not Anxiety Later: Skipping fundamentals today creates stress you'll carry for years. Make sure to document and do things right from the start.

Quote of the Show:

• “Have a rock-solid data governance plan and framework in place. Then it's easier to have a more stable AI governance in place.” - Jason Elrod

Links:

• LinkedIn: https://www.linkedin.com/in/thejasonelrod/ 
• Website: https://www.limitlesscyber.com/ 
• YouTube: https://www.youtube.com/@LimitlessCyber 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Sanjeev Kumar, Senior Global AI & Data Protection Lead at Amazon Web Services, joins Ward on the podcast today for a deep dive into the real risks organizations face as AI moves from experimentation to production.

With more than 20 years of cybersecurity experience and a career that spans the rise of cloud computing to today’s AI transformation, Sanjeev shares what organizations consistently get wrong about data governance, ownership, least privilege, and AI deployment. This is not a high-level “AI is risky” discussion. It’s a tactical breakdown of what security leaders must implement now to avoid regulatory, reputational, and operational fallout.

Takeaways:

• Start with Data Classification and Inventory: Understand the types of data you have (sensitive, regulated, or intellectual property) and where they reside before implementing any controls.
• Establish Clear Data Ownership and Stewardship: Define who owns the data (business leaders), who manages it daily (data stewards), and who maintains the infrastructure (IT custodians). Everyone must understand their responsibilities.
• Never Let Temporary Become Permanent: When moving data to interim storage solutions, ensure proper controls are in place. Temporary shortcuts often become permanent security gaps.
• Always Experiment in Isolated Environments: Start with black-box environments using synthetic data first. Never expose experimental AI systems to production or public networks.
• Implement Dynamic, Behavior-Based Access Controls: Move beyond traditional RBAC to access controls that adapt based on actual behavior patterns, not just historical permissions.
• Understand Both Financial and Non-Financial Risks: Reputational damage, regulatory scrutiny, and loss of customer trust often outweigh direct financial penalties.
• Live in the Future: Anticipate what will matter in 4-5 years and start learning it today. Position yourself where the industry is heading, not where it is now.

Quote of the Show:

• “Vendor can be replaced, trust cannot be.” - Sanjeev Kumar

Links:

• LinkedIn: https://www.linkedin.com/in/trusted-ai-ciso/ 
• Website: https://aws.amazon.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, host Ward Balcerzak sits down with Joshua Copeland, Director of Cybersecurity at Crescendo. With more than 25 years of experience across IT, cybersecurity, and government, Joshua brings a refreshingly honest perspective: most security failures don’t come from bad tools; they come from misaligned leadership, misunderstood business risk, and security teams operating in a vacuum.

Throughout the conversation, Joshua breaks down why cybersecurity professionals must stop speaking only in technical terms and start translating risk into real business impact, from revenue and operations to productivity and customer trust. The discussion also dives deep into AI and data security, where Joshua argues that AI hasn’t introduced new risk, but simply exposes the risks organizations have ignored for years. From shadow AI and data leakage to prompt engineering and governance, this episode offers practical guidance for security leaders trying to keep up with reality.

Takeaways:

• Learn to Speak Business, Not Just Tech: Cybersecurity professionals need to translate technical risks into business impact.
• Build Cross-Functional Relationships Early: Understand how your security decisions impact productivity and workflows. Talk to operations teams before implementing security controls.
• Avoid Building Solutions in a Vacuum: Don't create security controls based solely on frameworks or "best practices".
• Network Relentlessly: Attend local B-Sides and regional conferences (cheaper than RSA) and join local cyber clubs and professional chapters.
• Focus on What Actually Protects Your Business: Prioritize vulnerabilities based on your environment, not just severity scores. Understand your critical business processes and protect those first.
• Say Yes to New Opportunities: Joshua's career advice: volunteer for things outside your comfort zone. Non-traditional paths often lead to the most interesting opportunities.

Quote of the Show:

• “ We're really, really good at technology. We really suck at business, and that's where we fall flat.” - Joshua Copeland

Links:

• LinkedIn: https://www.linkedin.com/in/joshuacopeland/ 
• Website: https://www.crescendo.ai/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

The cybersecurity industry has no shortage of open roles, yet thousands of capable candidates still can’t land their first job. In this episode of Guardians of the Data, Ward Balcerzak sits down with Marlene DeHart, cybersecurity executive, advisor, and Air Force Reserve veteran, to explore why the problem isn’t a lack of interest or intelligence; it’s how the industry defines experience.

Drawing on more than 20 years across enterprise security, internal audit, military cyber operations, and emerging technologies like Web3 and AI, Marlene argues that cybersecurity needs to be treated more like a trade: skills-first, mentor-led, and learned through real-world practice, not just certifications and degrees.

Takeaways:

• Seek Mentorship Actively: Find experienced professionals who can guide your career development and commit to mentoring others once you gain experience, creating a reciprocal learning ecosystem.
• Participate in Hands-On Challenges: Join hackathons, capture-the-flag events, and collaborative technical challenges to demonstrate real-world skills beyond what certifications alone can show.
• Build a Skills Portfolio: Create tangible demonstrations of your work that showcase your abilities to potential employers, moving beyond traditional resumes to include actual project examples and problem-solving evidence.
• Apply Fundamentals to New Technologies: Bridge your existing cybersecurity knowledge to emerging technologies like AI, blockchain, and Web3 by applying core principles you already understand to new contexts.
• Establish Reskilling Pathways: Companies should build structured programs to help existing employees transition when business direction or technology stacks change, rather than leaving team members behind.
• Gamify Learning Experiences: Make skills development engaging through scenario-based training, real-world simulations, and competitive challenges that mirror actual workplace situations.

Quote of the Show:

• “ Once you're skilled, you have to keep reskilling. You have to upskill.” - Marlene Dehart

Links:

• LinkedIn: https://www.linkedin.com/in/marleneveum/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, host Ward Balcerzak sits down with Arturo Santos, Director of Cybersecurity Architecture at Amtrak, to explore the growing risks facing operational technology (OT), the realities of protecting critical infrastructure, and why data governance, AI, and industry collaboration are no longer optional.

With more than 30 years of experience in IT and cybersecurity, Arturo shares real-world insights from the rail industry, discusses why legacy data retention practices are putting organizations at risk, and explains how modern cyber-physical systems are reshaping security priorities across transportation, energy, and other critical sectors.

Takeaways:

• Implement Strict Data Retention Policies: Organizations must establish clear guidelines for data retention and storage. Develop retention schedules based on legal requirements, business needs, and industry best practices, then enforce them rigorously.
• Treat Employee Data with Equal Priority as Customer Data: Many organizations focus heavily on protecting customer information while overlooking employee data. Your employees deserve the same level of protection you provide to your customers.
• Adopt a Data Custodianship Mindset: Shift how your organization thinks about personal information. Always remember that the data belongs to the individual, and your organization is merely a temporary steward.
• Monitor Threats Across Your Entire Supply Chain: Your organization doesn't operate in a vacuum. Stay informed about security incidents, vulnerabilities, and attack patterns across your industry and related sectors.
• Engage with Industry Standards Development: Participate in the creation and refinement of security standards for your sector. Your expertise and real-world experience can help shape standards that are both effective and practical.
• Leverage Collaborative Threat Intelligence Sharing: A collaborative approach provides visibility into threats you might never see coming from your own network alone. The key is moving from isolated security operations to participating in a broader intelligence ecosystem.

Quote of the Show:

• “ I started working in cybersecurity because I am passionate about protecting my data. I see it as a consumer .” - Arturo Santos

Links:

• LinkedIn: https://www.linkedin.com/in/-arturo-santos/ 
• Website: https://www.amtrak.com/home 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Ward sits down with Frank DePaola, Vice President and CISO at EnPro and recipient of the 2025 Top Global CISO award. With over 25 years of experience in cybersecurity, Frank shares a masterclass on navigating the complexities of modern data security, from the "data sprawl" of the AI era to the unique challenges of maintaining security during aggressive M&A cycles. 

The conversation dives deep into the realization that "data is the new currency of business," which has led organizations to accumulate petabytes of information that become increasingly difficult to manage. Frank explains why the state of your data directly impacts the success of AI initiatives and why security leaders must transition from a static mindset to one that secures data in motion, especially as it leaves the organization's physical purview through cloud services and subcontractors.

Takeaways:

• Build Or Update Your Data Retention Policy: Work collaboratively with business units to understand their actual needs and regulatory requirements, not arbitrary timeframes.
• Leverage Community Expertise: Reach out to industry peers or hire consultants who've implemented programs before; don't reinvent the wheel.
• Shift From Static to Dynamic Protection: Move beyond securing data only where it resides; focus on securing data in motion and throughout its lifecycle.
• Consolidate Your Tools: Look for comprehensive platforms that integrate DLP, DSPM, and AI governance rather than managing multiple point solutions.
• Gather Complete Requirements Upfront: Avoid point solution sprawl by thoroughly vetting all use cases before making technology investments.
• Build a Risk-Based Roadmap: Connect tactical initiatives directly to organizational strategic objectives, so teams understand how their work impacts the business.

Quote of the Show:

• “Data is the new currency of business.” - Frank Depaola

Links:

• LinkedIn: https://www.linkedin.com/in/frankdepaola/ 
• Website: https://www.enpro.com/overview/default.aspx 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, author and VP of IT for Mission Healthcare, Antonio Taylor, reveals why modern security success has less to do with tools and everything to do with building trust, curiosity, and true business partnerships. Antonio brings 25+ years of experience in enterprise IT leadership, data security, and organizational transformation. He’s seen behind the curtain of data sprawl, shadow SaaS, M&A chaos, and the cultural friction that often exists between business units and cybersecurity teams. Antonio shares how security leaders can shift from “the department of no” to trusted business partners by staying curious, building relationships, and speaking the language of the business rather than the language of technology.

Takeaways:

• Become a True Business Partner: Learn how your company makes money and frame security as an accelerator, not a barrier.
• Build Trust Before You Need It: When business units trust you, they'll involve you in decisions before purchasing tools or implementing solutions.
• Make Security Part of the Culture: Transform employees into your "biggest firewall" by making them security partners.
• Offer Alternatives: Instead of blocking tools, find secure alternatives that meet their needs (like suggesting Copilot instead of ChatGPT).
• Create a "Life Resume": Document all your accomplishments, not just job-related ones, to combat imposter syndrome and recognize your inherent skills.
• Embrace AI as an Enhancement Tool: Use AI to advance your capabilities, not replace them.
• Listen for Pain Points: Proactively identify business problems and propose secure solutions before they go rogue.

Quote of the Show:

• “Security, we’re the bad people. We’re the ones who tell you no all the time, and I think that’s a myth that has to be shot down.” - Antonio Taylor

Links:

• LinkedIn: https://www.linkedin.com/in/antoniodtaylor/ 
• Website: https://www.homewithmission.com/ 
• Book: https://a.co/d/127OwCr 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, host Ward Balcerzak sits down with Jennifer Fite, Principal Consultant on the Data Risk Management team at Trace3, to unpack the real-world challenges organizations face when trying to protect sensitive data in today’s cloud-first, integration-heavy environments.

Jen shares why supply chain breaches have become one of the fastest-growing data security threats and why focusing solely on AI misses the bigger picture. As organizations move from on-prem infrastructure to sprawling cloud ecosystems, security teams are losing visibility into where data lives, who’s accessing it, and how it’s being used. Jen emphasizes a recurring theme: data security is contextual, not binary. Unlike traditional security controls, protecting data requires understanding business intent, user behavior, and downstream data usage, all of which can change over time.

Takeaways:

• Harden Internal Data Security Practices: Focus on protecting data at rest, minimizing unnecessary data proliferation, and ensuring robust internal controls regardless of external integrations.
• Implement User Behavior Analytics: Establish monitoring to understand normal user behavior and detect anomalies. This helps identify potential breaches, especially when attackers use legitimate credentials.
• Know Your Data Estate: Maintain visibility into where sensitive data is stored, who has access, and how it is used. Regularly update your data inventory and access controls.
• Establish Data Ownership and Accountability: Assign clear data owners who understand and can authorize access and usage. Ensure business justification for all data access and regularly review permissions.
• Start with Immediate, Practical Steps: If resources are limited, address the most critical gaps first (e.g., implement basic classification and access policies), then build toward a more comprehensive data security program.
• Regularly Review and Adjust Access: Continuously re-evaluate who has access to what data, ensuring permissions are still necessary and appropriate, and remove access when it is no longer needed.

Quote of the Show:

• “ I don't wanna say no, but because it depends, I have to sit with that person and understand what they're doing so we can create the safe right way to do that thing.” - Jennifer Fite

Links:

• LinkedIn: https://www.linkedin.com/in/jenfitephd/ 
• Website: https://www.trace3.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this re-air episode, we’re revisiting Ward’s conversation with Lance Fischer, Principal Security Architect at Guidepoint Security, but its insights are more relevant than ever as organizations grapple with data sprawl, AI adoption, and rising regulatory pressure.

With nearly three decades in security, Lance breaks down one of the most misunderstood areas of modern security programs: the difference between data governance and data stewardship, and why confusing the two stalls progress before it even begins.

Takeaways:

• Prioritize Visibility First: Before implementing controls or buying tools, ensure you have a clear understanding of what data you have, where it resides, and how it flows within your organization.
• Clarify Data Governance vs. Data Stewardship: Define clear roles. Governance sets the policies and rules; stewardship ensures those rules are applied consistently. Foster communication and cooperation between these groups.
• Start Small and Scale: Don’t try to solve everything at once. Tackle visibility and controls in manageable pieces. Focus on a subset of data or a specific business unit to build momentum.
• Engage Stakeholders Across the Business: Involve HR, Legal, IT, and business units early to ensure policies are practical and have buy-in. Encourage open dialogue rather than top-down mandates.
• Understand and Plan for Resource Needs: Assess the people, time, and budget required for data security initiatives before launching. Avoid overburdening staff with too many roles; dedicate resources where possible.
• Document Decisions and Processes: Track inputs and outputs from governance meetings and policy changes for audit and continuous improvement.
• Anticipate and Manage Tool Sprawl: Regularly review existing tools for effectiveness and eliminate redundant or unused solutions. Don’t assume swapping tools will solve underlying process or visibility issues.

Quote of the Show:

• “ Data governance is the rules of the game. Data stewardship ensures those rules are applied consistently and effectively.” - Lance Fischer

Links:

• LinkedIn: https://www.linkedin.com/in/lance-fischer-a0301219/ 
• Website: https://www.guidepointsecurity.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, we run back some of the best conversations of the year. Ward brings together insights from data security, privacy, and governance leaders across industries to answer one foundational question: What is the biggest challenge organizations are facing when it comes to data security?

From data classification to data sprawl, to even knowing what data you have, we cover it all in this episode.

Featuring: Rick DeLoach, Daley Varghese, Hans Vargas, Bryan DeLuca, Trevor Dolan, Luis Valenzuela, and Christian Ghigliotty.

Takeaways:

• Know Your Data: Conduct a thorough inventory and classification of your data assets.
• Establish Strong Governance: Develop clear, practical data governance policies and procedures. Involve legal, privacy, and business stakeholders in defining standards.
• Assess and Address Risks: Regularly perform risk assessments for new and existing data uses and understand who has access to what.
• Balance Technology with Process: Don’t rely solely on tools. Ensure you have the right processes and people in place.
• Educate and Empower: Provide ongoing training and awareness for all employees, not just annual modules. Embed “champions” or advocates for data security and privacy throughout the organization.
• Continuously Improve: Create feedback loops to refine policies, processes, and technology over time.
• Adapt to Change: Be proactive in adapting to new challenges like remote work, AI, and cloud adoption. Stay curious and seek out passionate partners across the organization.

Connect with these featured guests:

• Rick DeLoach: https://www.linkedin.com/in/rdeloach/ 
• Daley Varghese: https://www.linkedin.com/in/daley-varghese/ 
• Hans Vargas: https://www.linkedin.com/in/hansvargas/ 
• Bryan DeLuca: https://www.linkedin.com/in/bdll/ 
• Trevor Dolan: https://www.linkedin.com/in/trevor-dolan-91a1ab12/ 
• Luis Valenzuela: https://www.linkedin.com/in/luisvalenzuela28323623/ 
• Christian Ghigliotty: https://www.linkedin.com/in/ghigliottyc/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Rick Doten, former Healthplan CISO at Centene Corporation and AI researcher with over 25 years of cybersecurity experience, joins the show to discuss the biggest challenges in data security. Rick emphasizes the critical importance of data governance and quality, explaining how understanding a business's needs and the value of its data are pivotal. He also explores how AI can both enhance and complicate data management. Drawing insights from his varied career path, including his role as a former health plan CISO and current advisor, Rick provides practical advice on mitigating security risks and leveraging AI for data protection.

Takeaways:

• Prioritize Data Governance: Recognize that the biggest challenge in data security is often a lack of data governance. Start by defining what data you have, where it is, who has access, and how valuable it is.
• Engage the Business: Security professionals should not decide what data is most important. Partner with business leaders to understand critical business processes and data.
• Conduct Business Impact Assessments: Work with business units to identify what would constitute a "bad day" for them. Use this to determine which data and systems are most critical.
• Define Clear Policies and Rules: Develop and document policies around data protection, classification, access, retention, and destruction, based on regulatory, contractual, and business requirements.
• Ensure Data Quality: Especially in the age of AI, ensure that data sets are accurate, current, and appropriately managed to avoid issues with automation and analytics.
• Foster Collaboration, Not Adversarial Relationships: Security should be seen as a business enabler, not a blocker. Build trust and open communication with business units.
• Accept That Change Takes Time: Building effective governance and security is a long-term process. Set realistic expectations and avoid quick-fix solutions.

Quote of the Show:

• “We’re only in this game to protect data and the availability of that data.” - Rick Doten

Links:

• LinkedIn: https://www.linkedin.com/in/rick-doten-633470177/ 
• YouTube: https://www.youtube.com/@rickscybersecurityvideos1059 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, AVP of InfoSec and data security leader Kenny Vu breaks down why leadership support is the biggest determining factor in whether a program thrives or fails. With over a decade of experience across engineering, consulting, and hands-on data protection work, Kenny shares a clear, practical framework for assessing risk, creating a roadmap, and earning long-term organizational trust. He dives into the nuances of implementing and managing data security programs, the necessity of education and awareness among employees, and strategies for gaining ongoing support from leadership. Kenny also recounts his journey in the cybersecurity field and offers advice for those looking to move into leadership roles.

Takeaways:

• Secure Leadership Buy-In Early: Success in data security programs hinges on strong leadership support. When starting a new role or initiative, assess the level of leadership commitment and ask tough questions during interviews or project kickoffs.
• Conduct a Thorough Assessment: Begin with a comprehensive assessment of your organization’s data security posture. Identify all current risks, compliance obligations, and gaps in your program.
• Develop a Risk-Based Roadmap: Use your assessment to create a clear, prioritized roadmap. Focus first on “low-hanging fruit” or quick wins that deliver value with minimal effort, then tackle more complex issues.
• Be Flexible with Tools and Solutions: Evaluate existing tools before bringing in new ones. Ensure any solution meets your control requirements, and be prepared to adapt if another team’s priorities or tools impact your plans.
• Show Value Through Reporting: Consistently report on your progress, quick wins, and risk reduction. Use metrics and reports to demonstrate the ongoing value of your data security program.
• Plan for Resource Needs: When building your roadmap, factor in the resources required. Present options to leadership that show what can be achieved with current resources versus additional headcount.

Quote of the Show:

• “If you don't act on it, you accept. You're accepting the risk.” - Kenny Vu

Links:

• LinkedIn: https://www.linkedin.com/in/kenny-vu-cissp-94193289/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Ian Kicmol, leader of a major data protection organization with more than a decade of experience, shares why the biggest challenges facing data security today have less to do with tools and everything to do with people, communication, and the ability to manage overwhelming alert volumes. Ian explains why organizations that expect AI to replace humans in data security are setting themselves up for disappointment, and what teams should focus on instead to build programs that actually work. From hiring the right talent to tuning tools to creating a governance council that aligns engineering, legal, and business stakeholders, Ian breaks down the blueprint for a scalable, sustainable data protection function. Whether you're building a program from scratch or trying to fix alert fatigue, this conversation delivers real-world insight from someone who’s done the work across multiple industries.

Takeaways:

• Invest in People, Not Just Tools: AI and automation are valuable, but people remain the core of a successful data security program. Focus on hiring, developing, and retaining talented individuals.
• Prioritize Communication Skills: Technical expertise is important, but the ability to communicate complex issues in simple, clear language is critical.
• Build Cross-Functional Councils: Establish a data governance council or similar forum that brings together leaders from engineering, legal, operations, and business units to collaboratively assess and make decisions on security rules and alerts.
• Tune and Automate Where Possible: Regularly review and tune security tools to reduce noise and focus on high-priority alerts. Use automation to handle repetitive, low-value tasks, but always keep human oversight for critical decisions.
• Encourage Ownership and Growth: Give team members opportunities to own projects and tools. Support their growth by recognizing strengths and encouraging them to expand their skills.
• Balance AI Adoption with Human Judgment: Embrace AI as a tool to enhance efficiency, but recognize its limitations. Human judgment is still essential for interpreting intent and making nuanced decisions.

Quote of the Show:

• “People are really the core of having a successful program… AI is not there to replace everybody right now.” - Ian Kicmol

Links:

• LinkedIn: https://www.linkedin.com/in/ian-kicmol1/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, Dr. Sergio Sanchez, CIO of Coleman Health Services and former medical turned cybersecurity leader, breaks down the rapidly evolving world of AI-driven cyber threats. With more than 25 years in IT and security, Sergio brings a rare blend of technical insight, human understanding, and real-world experience. He digs into how AI is reshaping the attacker landscape, why non-technical employees are now prime targets, and what leaders must do today to prepare their organizations for the next wave of threats: from voice cloning and deepfake videos to hyper-personalized social engineering attacks. Sergio also shares his incredible personal journey from operating rooms in Mexico to managing technology for the Catholic Church across 50 states, to now securing one of the most mission-critical environments in healthcare.

Takeaways:

• Train Everyone, Not Just Leadership: Security awareness and training should include all employees, not just executives. Threat actors often target those with less technical knowledge.
• Emphasize Caution Before Clicking: Encourage a culture of "think before you click"; whether it’s a link in an email, a text, or a message from a familiar contact.
• Adopt Multi-Factor Authentication (MFA): Use MFA wherever possible, and educate users on alternatives if they don’t have access to a cell phone (e.g., voice call authentication).
• Verify Unusual Requests: Establish code words or secondary verification steps for sensitive requests, especially those involving money or confidential information even if the request appears to come from a trusted source.
• Recognize the Blending of Digital and Real Life: Remind everyone that even if they don’t use social media, their digital footprint (e.g., online banking, email) can still make them a target.
• Support Those Afraid of Technology: Offer extra help and patience to those who are “allergic to technology.” Their lack of comfort can make them prime targets.

Quote of the Show:

• “We are creating a monster that we are now giving the tools to destroy us.” - Dr. Sergio Sanchez

Links:

• LinkedIn: https://www.linkedin.com/in/dr-sergio-e-sanchez/ 
• Website: https://www.colemanservices.org/ 
• Podcast: https://podcasts.apple.com/us/podcast/behind-the-digital-curtain/id1829054726 

 Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Bryan DeLuca, Principal Cybersecurity Engineer and self-proclaimed “Swiss Army knife” for data security programs, shares why every great security strategy starts with understanding your data. With over 25 years of IT and cybersecurity experience across a variety of industries, Bryan dives into what it really means to know your “crown jewels”, the data that would stop your business cold if it were compromised. He also discusses the critical role of trust and mental health in fostering a productive and secure work environment. Additionally, Bryan offers practical advice on data protection strategies, the significance of process-driven approaches, and how to effectively implement data lineage and insider threat management.

Takeaways:

• Know Your Data: Start by identifying what your organization's most sensitive and valuable data is. This varies by industry, so tailor your approach accordingly.
• Engage with the Business: Build relationships with business stakeholders (like a business information security officer) to understand what data is truly critical and why.
• Think Like an Attacker: Consult with ethical hackers or your red team to understand what data would be most attractive to adversaries and how it might be targeted.
• Do Your Own Reconnaissance: Proactively research what information about your organization is available on the dark web or in hacker forums. Don’t rely solely on automated tools, get hands-on.
• Develop and Practice Incident Response: Go beyond compliance checklists. Create tailored incident response plans for different types of sensitive data and run realistic, unannounced tabletop exercises to test your readiness.
• Map and Monitor Sensitive Data: Build a data catalog or index to track where sensitive data lives, how it moves, and who accesses it. Use tagging and alerting to prioritize responses to incidents involving critical data.

Quote of the Show:

• “We gotta get faster. And the way to do that is knowing where your sensitive data lives on your network.” - Bryan DeLuca

Links:

• LinkedIn: https://www.linkedin.com/in/bdll/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode of Guardians of the Data, Matthew Gonzales, Director of Data Security Engineering, shares what it really takes to build and sustain an effective data security program. Drawing from his 20 years of experience, Matthew stresses the importance of having a structured data security strategy, incorporating business objectives, control frameworks, and operating models. The conversation dives into the nuances of stakeholder engagement, effective communication, and proactive governance. Matthew also shares insights from his own journey in the industry, emphasizing the need to align data security practices with evolving technologies like AI. This episode serves as a comprehensive guide for organizations looking to fortify their data security frameworks.

Takeaways:

• Define a Clear Vision and Mission for Data Security: Start by establishing a vision and mission that aligns with your organization’s broader goals. This sets the tone and direction for your data security program.
• Set Specific Business Objectives: Identify concrete goals, such as global deployment of DLP or minimizing friction for end users, to guide your program’s efforts.
• Establish a Control/Capabilities Framework: Clearly outline what is in scope for your data security program to avoid overlap and friction with other teams (e.g., cloud security, IAM, networking).
• Develop a Robust Operating Model: Map out how your program will operate, including who needs to be involved (cybersecurity peers, legal, HR, privacy, infrastructure, etc.). Use tools like RACI matrices to clarify roles and responsibilities.
• Engage Stakeholders Early and Often: Identify key stakeholders, blockers, and influencers. Bring them together to present your strategy, gather feedback, and secure buy-in.
• Maintain and Update Your Operating Model Regularly: Don’t let your operating model get stale. Update it proactively (ideally monthly or quarterly) to reflect organizational and technological changes.
• Foster a Culture of Self-Service and Openness: Encourage employees to ask questions and seek guidance on data handling. Success is when people proactively reach out for advice.

Quote of the Show:

• “Without a good program, you’re kind of lost in the dark, fumbling around trying to find a light switch.” - Matthew Gonzales

Links:

• LinkedIn: https://www.linkedin.com/in/matthew-c-gonzales-64012a8/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Takeaways:

• Start with Data Classification Tabletop Exercises: Conduct tabletop exercises to classify and understand your organization’s data.
• Involve the Right People: Assign data stewards and involve all key stakeholders in data initiatives.
• Don’t Fear DLP “Prevention” Mode: Move beyond just monitoring to actively preventing data loss, but do so with proper support systems and communication in place.
• Leverage Vendor Relationships: Build strong partnerships with your technology providers to navigate platform changes and challenges.
• Establish Ongoing Support and Feedback Loops: Set up regular check-ins (e.g., quarterly meetings) with departments to review DLP effectiveness and address issues.
• Communicate and Build Awareness: Regularly communicate with high-risk departments (finance, HR, logistics) about DLP and data security. Use newsletters, training, and ongoing discussions to keep data protection top of mind.

Quote of the Show:

• “You should have a strong relationship with those stakeholders and constantly talk about data loss prevention around those people.” - Tobias Simpson

Links:

• LinkedIn: https://www.linkedin.com/in/tobias-simpson-706b57a8/ 
• Website: https://www.kennesaw.edu/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In this episode, Christian Ghigliotty, Head of Enterprise Security Engineering, joins us to unpack what it really takes to build a security-first culture in today’s AI-driven world. From champion programs to collaboration councils, Christian shares how curiosity, communication, and connection are redefining how modern teams protect data. He also opens up about his unconventional career path and why he believes writing and relationship-building are two of the most underrated skills in tech. Whether you’re leading enterprise security or just getting started in data protection, this conversation will leave you thinking differently about how trust, empathy, and engagement fuel resilience.

Takeaways:

• Identify and Empower Champions: Find individuals passionate about data security within your organization and empower them to act as liaisons or "champions" to bridge gaps between teams.
• Create a Council or Working Group: Bring together your champions or stakeholders regularly, not just for updates but for active participation, problem-solving, and sharing ownership of outcomes.
• Leverage Awareness Opportunities: Use events like Cybersecurity Awareness Month to elevate champions, share success stories, and recruit new advocates.
• Apply Your Unique Skills: Leverage your background and strengths (e.g., communication, writing, teaching) to add value in security roles, even if you come from a non-technical background.
• Gamify Security Initiatives: Consider using gamification (leaderboards, rewards, or friendly competition) to incentivize good security practices and increase engagement.
• Document and Share Successes: Regularly communicate wins and lessons learned to maintain momentum and encourage broader participation.
• Don’t Wait for the “Right” Time: Security awareness and improvement should be ongoing, not just tied to special months or events.

Quote of the Show:

• “Cybersecurity doesn't always have to wait till October. Of course, we love to highlight cybersecurity awareness month, but every month we're working together on these things.” - Christian Ghigliotty

Links:

• LinkedIn: https://www.linkedin.com/in/ghigliottyc/

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, Ward sits down with Adrian Guevara, Chief Information Security Officer at TELUS Digital Solutions, to unpack one of the biggest challenges facing organizations today: how to secure your business in an AI-driven world. Adrian brings over two decades of IT and cybersecurity experience and a refreshingly candid take on what it really takes to lead through massive change. Adrian shares insights on the impact of AI on businesses, the importance of understanding and tinkering with technology, and the crucial role of building trust and relationships within an organization. He emphasizes the need for a culture of continuous feedback and collaboration, especially in rapidly growing and technologically evolving environments. The episode also delves into Adrian's fascinating career journey from an IT director who was voluntold to be a security officer to his current role as a CISO, highlighting key strategies for navigating the ever-changing landscape of data security.

Takeaways:

• Ask “Can We Do It Better?”: Regularly question existing processes and tools. Encourage feedback from your team to drive continuous improvement.
• Create a Path of Least Resistance: Make secure, approved tools and processes as easy to use as possible to reduce the temptation for employees to circumvent security.
• Build a Culture of Trust and Approachability: Be visible, approachable, and responsive. Building trust makes it easier to implement change and get buy-in.
• Leverage Feedback for Better Security: Involve your team in decision-making, listen to their feedback, and let them help shape security policies and tool choices.
• Invest in Tools that Support Security: Provide employees with tools like password managers to make secure practices easier to follow.
• Build Relationships: Strong professional relationships help you navigate change, get buy-in, and create a more fulfilling work environment.
• Be Transparent and Communicate the “Why”: When implementing new policies or changes, explain the reasoning and how it benefits the team and organization.

Quote of the Show:

• “ You gotta love what you're doing because there's gonna be hard times and there's gonna be times you have to learn things on your own. Without that love, it just makes it much harder to do.” - Adrian Guevara

Links:

• LinkedIn: https://www.linkedin.com/in/adrian-guevara17/ 
• Website: https://www.telusdigital.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Kraig Faulkner, Field CTO at Infolock, joins the show to discuss the pressing challenges and solutions around data security, particularly focusing on AI and access control. Kraig elaborates on the importance of understanding business data, securing AI access, and the necessary steps organizations need to take to prevent data exfiltration. He shares his professional journey and thoughts on the future trends in data security, including a potential shift back to on-prem solutions and the integration of AI into larger security portfolios. The episode highlights key strategies for implementing and securing AI within organizations, making it a must-listen for security leaders.

Takeaways:

• Start Small, Don’t Boil the Ocean: Begin with a manageable subset of data or a pilot group rather than trying to secure everything at once.
• Audit Access Regularly: Conduct regular audits to determine who has access to what data, why they have access, and whether that access is still appropriate.
• Implement Role-Based Access Controls (RBAC): Use RBAC to ensure only the right people have access to sensitive data, and review these controls periodically.
• Control AI and Tool Access: Roll out generative AI and other new tools methodically. Test with small, trusted groups before wider deployment, and avoid unsanctioned tools.
• Validate AI Outputs: Always verify the accuracy and appropriateness of AI-generated outputs before acting on them or sharing them.
• Involve HR in Identity Management: Ensure HR processes are integrated with IT to manage onboarding, offboarding, and changes in access as roles evolve.
• Prepare for Ongoing Change: Recognize that securing data and managing access is an ongoing process. Regularly revisit policies, tools, and practices as technology and business needs evolve.

Quote of the Show:

• “We have gotten so fascinated with what's new, what's hot, what's moving the needle, right? And we forget about some of the basics.” - Kraig Faulkner

Links:

• LinkedIn: https://www.linkedin.com/in/kraigfaulkner/ 
• Website: https://www.infolock.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today Ward welcomes Hans Vargas, Enterprise Data Protection Lead at Marathon Petroleum Corporation, who brings over two decades of experience in cybersecurity. Hans shares insights on the importance of understanding what data needs to be protected, and the challenges organizations face in this area, especially with the adoption of cloud services. He discusses the significance of communicating the value of data protection to business leaders and data owners, and offers practical advice on data discovery, retention, and governance. Hans emphasizes the necessity of including data security considerations in the early stages of application development and innovation. He also shares his personal journey from Peru to a successful career in the U.S., highlighting the importance of mentorship, continuous learning, and proactive problem-solving in cybersecurity. This episode provides valuable strategies for integrating data security into organizational processes and fostering collaboration between cybersecurity professionals and business stakeholders.

Takeaways:

• Know What You Need to Protect: Start with data discovery and identify what data you have, where it is, and what is sensitive. You can't protect what you don't know exists.
• Engage Data Owners Directly: Build relationships with data owners, not just stakeholders. Have open conversations to understand what is truly sensitive and important to the business.
• Communicate the Value of Data Protection: Clearly explain to business units why data protection matters, using relatable analogies if needed (e.g., moving houses, hoarding).
• Establish and Strengthen Data Governance: Ensure your organization has clear data governance policies covering the entire data lifecycle from creation to disposition.
• Collaborate Across Teams: Work closely with data governance, legal, and business units. Data security is a two-way street; share discoveries and insights to improve overall protection.
• Don’t Rely Solely on Tools: Deploying a tool is not enough. Make sure processes and responsibilities are in place before or alongside technology adoption.
• Consider the Full CIA Triad: Don’t focus only on confidentiality. Ensure data integrity and availability are also prioritized to keep the business running smoothly.

Quote of the Show:

• “If you don't know what you need to protect, that's a problem.” - Hans Vargas

Links:

• LinkedIn: https://www.linkedin.com/in/hansvargas/ 
• Website: https://www.marathonpetroleum.com/ 

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Zach Luze, Data Security Advisory Practice Director at TBD Cyber joins Ward today to focus on the challenges organizations face in demonstrating the value of data security. Zach explains how the inability to show value can impact budgets and resources, emphasizing that many data security programs struggle with meaningful key performance indicators (KPIs). He suggests a blended approach to data discovery and provides insights into building metrics that highlight the value of security programs. Zach also shares his career journey from an IT auditor to his current role, highlighting his work in assessing, designing, and building data security programs. The conversation touches on various aspects of data security, including data discovery, cloud transformation, insider threats, and the burgeoning role of AI in improving data detection and response. The episode concludes with Zach's predictions on AI's growing influence in data security through 2026 and advice for those looking to break into the field.

Takeaways:

• Focus on Meaningful Metrics: Prioritize data security metrics that reflect real impact, not just what’s easiest to measure.
• Align People, Process, and Technology: Engage stakeholders across teams and ensure your data security approach integrates people, processes, and technology from the start.
• Eliminate Stale Data for Savings: Regularly identify and remove outdated or unused data to reduce risk and demonstrate cost savings.
• Adopt an Agile Discovery Mindset: Stay flexible and ready to adjust your data discovery strategy as new information and challenges arise.
• Look Beyond the Obvious: Investigate areas where sensitive data might be hiding, even if you don’t expect to find it there.
• Demonstrate Value Clearly: Communicate the benefits and results of your data security efforts to build support and momentum.

Quote of the Show:

• “Metrics are great. Stories are just as good to back those up and through your insider threat program, that’s where you get the case notes to develop those stories.” - Zach Luze

Links:

• LinkedIn: https://www.linkedin.com/in/zachluze/ 
• Website: https://www.tbdcyber.com/ 

For more insights on data discovery, visit: https://www.sentra.io/product/data-discovery-and-classification

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Daley Varghese, a seasoned privacy expert, joins Ward Balcerzak to reveal why data sprawl and AI misuse may be even more dangerous, and what companies can do to get ahead. Daley emphasizes the importance of governance strategies, data mapping, and the need for cross-functional collaboration among privacy, security, and data governance teams. The episode also highlights the pressing need for education and clear communication within organizations to mitigate risks and build trust with consumers. Daley shares insights on how to start privacy initiatives, manage assessment fatigue, and the role of education and relationships in overcoming these challenges. Additionally, Daley provides advice for professionals looking to enter the privacy field and discusses the evolving landscape of privacy regulations.

Takeaways:

• Engage Governance Early: Start conversations with privacy, legal, security, and data governance professionals as early as possible in any project involving sensitive data.
• Keep Assessments Simple and Understandable: Design privacy and security assessments in clear, layman’s terms so business users can complete them without excessive handholding.
• Educate Continuously: Go beyond mandatory training. Join team meetings, host town halls, and make privacy and security topics relevant and accessible to all employees.
• Mitigate, Don’t Just Identify Risks: Once risks are identified, take concrete steps to address them. Add them to your roadmap and allocate resources to resolve them over time.
• Leverage Privacy and Security Champions: Train and empower champions within business units to advocate for privacy and security, spreading knowledge and best practices.
• Trust, But Verify: Always verify the output of AI and data-driven tools, especially when using external or generative AI systems.
• Stay Informed on Regulations: Partner with legal and policy teams, use industry tools, and pursue certifications to keep up with evolving privacy and security regulations.

Quote of the Show:

• “No company is perfect; every company is struggling with this. It's okay to have these risks identified. What is not okay is once you know that these risks are identified, don't do nothing.” - Daley Varghese

Links:

• LinkedIn: https://www.linkedin.com/in/daley-varghese/ 

For more insights on data sprawl, visit: https://www.sentra.io/use-cases/data-sprawl

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, Ward dives deep into data security challenges with Rick Scot, the global CISO at Elevate Textiles. With almost 20 years of cybersecurity experience, Rick emphasizes the critical importance of addressing insider threats, especially those posed by well-meaning employees unaware of their risky actions. He shares real-world experiences, the evolution of cyber awareness training, the necessity of building strong internal relationships, and insights into his multifaceted career journey. The episode is packed with expert advice for cybersecurity professionals on fostering a culture of security within an organization and tips for young professionals to find a mentor.

Takeaways:

• Prioritize People in Data Security: Recognize that most data breaches are caused by insiders who make mistakes. Focus on educating and supporting employees to reduce accidental risks.
• Stay Vigilant Against Social Engineering: Be aware of sophisticated phishing and social engineering tactics, especially those leveraging personal information from social media and deepfakes. Always verify requests for sensitive information, even if they appear to come from trusted sources.
• Make Security Training Personal and Relevant: Move beyond generic, checkbox-style training. Tailor security awareness programs to real-life scenarios and make them relatable to employees’ daily experiences.
• Know Your Data and Its Value: Understand what data your organization holds, where it resides, and why it’s valuable. This knowledge is crucial for protecting sensitive information and responding to incidents.
• Build Relationships Across the Organization: Foster open communication and trust between security teams and other departments. Building relationships makes it easier for employees to ask questions and report suspicious activity.
• Balance Security and Trust: Implement necessary controls without creating a culture of distrust. Explain the “why” behind security measures to avoid alienating employees.
• Network and Seek Mentorship: Build a professional network inside and outside your organization. Seek mentors, and be open to mentoring others to grow your knowledge and resilience in the field.

Quote of the Show:

• “ I always feel like if I have the institutional knowledge, then I can better protect the company if I understand the business.” - Rick Scot

Links:

• LinkedIn: https://www.linkedin.com/in/ricksscot/ 
• Website: https://www.elevatetextiles.com/ 

For more insights on data loss prevention, visit: https://www.sentra.io/use-cases/data-loss-prevention

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Derek Fisher, Director of the Cybersecurity Defense and Information Assurance Program at Temple University, joins Ward to hash out the ‘why’ behind data security. Derek emphasizes the importance of understanding the integrity and proper usage of data, especially in scenarios like healthcare and financial services. The conversation also explores the differences in data security practices across various industries such as healthcare, financial services, and higher education. Derek shares insights on teaching the next generation of cybersecurity professionals and the relevance of the NIST NICE framework in aligning education and job roles. The episode offers practical advice for aspiring and current cybersecurity professionals on staying curious, demonstrating skills, and the importance of understanding the broader ecosystem of data security.

Takeaways:

• Question Every Data Collection: Before collecting any data, ask yourself if you truly need it. If the answer is no, don’t collect it. This reduces your responsibility to protect unnecessary information and minimizes risk.
• Show Your Work and Stand Out: Document and share your work, especially if you’re entering a new field like cybersecurity. Demonstrating your process and achievements helps you differentiate yourself from others.
• Data Minimization for Security: Avoid collecting data just because you might need it in the future. Every piece of data you store increases your attack surface. Only collect what is essential to reduce potential vulnerabilities.
• Use the NIST NICE Framework for Career Growth: Leverage frameworks like NIST NICE to understand the skills and knowledge required for specific roles. This can help you target your learning and career development more effectively.
• Stay Curious and Threat Model: Maintain a curious mindset and always think like an attacker. Regularly ask, “What can go wrong?” and “What will we do about it?” Practicing basic threat modeling is a critical skill for navigating today’s security landscape.
• Risk-Based Approach to Data Decryption: When deciding whether to decrypt data, use a risk-based approach. Work with legal and HR teams to set clear guidelines and avoid decrypting sensitive categories like healthcare unless necessary.

Quote of the Show:

• “ For me, teaching this next generation of cyber individuals or technologists, it's about showing them sort of the entire picture.” - Derek Fisher

Links:

• LinkedIn: https://www.linkedin.com/in/derek-fisher-sec-arch/ 
• Website: https://www.securelybuilt.com/ 
• Substack: https://substack.com/@securelybuilt

For more insights on data security posture management, visit: https://www.sentra.io/data-security-posture-management

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Lisa Gunning, a counterintelligence and insider risk expert with over 18 years of experience in both the public and private sectors, joins Ward today to dive into human risk. Lisa shares her unique perspective on the human element in cybersecurity, the evolving landscape of insider threats, and the critical importance of building a strong security culture within organizations. The conversation covers the intersection of AI, human behavior, and data protection, offering practical advice for organizations of all sizes. She provides actionable recommendations and stories around her experiences that any listener can benefit from.

Takeaways:

• Recognize the Human Element: Understand that human behavior is often the biggest risk in data security. Both intentional and accidental actions by insiders can create vulnerabilities.
• Foster Security Culture: Build a culture where security is everyone’s responsibility. Encourage open conversations about risks and make security policies clear and rational.
• Partner Across Departments: Collaborate with stakeholders like HR, compliance, IT, and business leaders to address insider risk from multiple angles.
• Iterate Policies: Keep security and data policies up to date. Make them flexible enough to adapt to new technologies and edge cases, rather than relying on rigid, outdated rules.
• Monitor for Insider Threats: Identify high-risk individuals and roles, not just executives or IT admins, but anyone with access to sensitive data or mission-critical processes.
• Leverage Counterintelligence Tactics: Use counterintelligence strategies to understand what assets are valuable to adversaries and how your organization might be targeted.
• Be Transparent About AI Tools: Set clear guidelines for the use of AI note-takers and other digital assistants, especially in confidential meetings.

Quote of the Show:

• “Human behavior is the biggest risk. We are an unpredictable, ever-evolving group, and as a very wise colleague of mine once said, humans are gonna human.” - Lisa Gunning

Links:

• LinkedIn: https://www.linkedin.com/in/lisa-gunning/ 
• Website: https://www.vaillancegroup.com/ 
• Substack: https://lotstounpackthere.substack.com/  

For more insights on generative AI risks, visit: https://www.sentra.io/learn/ghosts-in-the-model-uncovering-generative-ai-risks

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Lance Fischer, Principal Security Architect at Guidepoint Security, joins the show today and dives into the complexities of data security, highlighting the differences between data governance and data stewardship. He emphasizes the significance of visibility and collaboration among stakeholders in maintaining robust data security frameworks. Lance shares insights from his extensive career, revealing the practical challenges and strategies in improving data security through governance, tool rationalization, and pragmatic approaches. The discussion also touches on the evolving landscape of AI, APIs, and the critical importance of securing sensitive data. This episode provides a comprehensive look into the foundational aspects of data security and offers practical advice for organizations to enhance their data protection efforts.

Takeaways:

• Prioritize Visibility First: Before implementing controls or buying tools, ensure you have a clear understanding of what data you have, where it resides, and how it flows within your organization.
• Clarify Data Governance vs. Data Stewardship: Define clear roles. Governance sets the policies and rules; stewardship ensures those rules are applied consistently. Foster communication and cooperation between these groups.
• Start Small and Scale: Don’t try to solve everything at once. Tackle visibility and controls in manageable pieces. Focus on a subset of data or a specific business unit to build momentum.
• Engage Stakeholders Across the Business: Involve HR, Legal, IT, and business units early to ensure policies are practical and have buy-in. Encourage open dialogue rather than top-down mandates.
• Understand and Plan for Resource Needs: Assess the people, time, and budget required for data security initiatives before launching. Avoid overburdening staff with too many roles; dedicate resources where possible.
• Document Decisions and Processes: Track inputs and outputs from governance meetings and policy changes for audit and continuous improvement.
• Anticipate and Manage Tool Sprawl: Regularly review existing tools for effectiveness and eliminate redundant or unused solutions. Don’t assume swapping tools will solve underlying process or visibility issues.

Quote of the Show:

• “What we're talking about here is not visibility, just from putting in a DLP tool. We're also talking about business: having those conversations between real humans to get a sense for what's going on.” - Lance Fischer

Links:

• LinkedIn: https://www.linkedin.com/in/lance-fischer-a0301219/ 
• Website: https://www.guidepointsecurity.com/ 

For more insights on data security posture management, visit: https://www.sentra.io/data-security-posture-management

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today, Trevor Dolan, Cyber Security Executive Advisor at NinjaJobs, shares insights on balancing regulatory compliance with the fundamentals of data protection, designing holistic data protection programs, and the importance of strategic planning. He delves into the five main areas of developing data protection organizations: governance and leadership, risk assessment, policies and procedures, training and awareness, and team and organizational structure. Trevor also offers practical advice for young professionals starting in the field and discusses the significance of building trustworthy relationships with stakeholders. For organizations facing budget and hiring challenges, he suggests prioritizing top-risk areas and leveraging existing resources effectively. The episode concludes with Trevor reflecting on his career journey and sharing his contact information for further connection.

Takeaways:

• Establish Strong Governance and Leadership: Build a solid foundation by defining the scope of your data protection program.
• Conduct a Comprehensive Risk Assessment: Use frameworks like NIST CSF or CIS Controls to assess your current state and maturity. Be honest about gaps and deficiencies; use data to drive consensus and prioritize improvements.
• Develop and Maintain Clear Policies and Procedures: Ensure policies map directly to regulatory, legal, and contractual requirements. Create a hierarchy: policies, procedures, standards, and control implementation patterns.
• Invest in Targeted Training and Awareness: Go beyond generic security training; provide specific modules for privacy, incident management, and data protection. Reinforce training with assessments that encourage critical thinking, not just box-checking.
• Be Flexible and Resourceful with Budget and Staffing: If faced with budget or hiring freezes, focus on top-priority risks and use available tools creatively (“gold, silver, bronze” approach).
• Use Data to Drive Decisions and Build Consensus: Bring objective data to stakeholder discussions to resolve disagreements and focus on solving real problems.
• Continuously Improve and Adapt: Treat your data protection program as a living, evolving effort. Regularly revisit your risk assessments, policies, and training to ensure they remain effective and aligned with business objectives.

Quote of the Show:

• “Make sure that those expectations are well communicated, but do it in a way that helps them to really incorporate that in their day-to-day so that they feel empowered as far as protecting the organization's data, and they feel part of the mission.” - Trevor Dolan

Links:

• LinkedIn: https://www.linkedin.com/in/trevor-dolan-91a1ab12/ 

For more insights on data privacy and compliance, visit: https://www.sentra.io/use-cases/data-privacy-and-compliance

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/  
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

Today Ward welcomes seasoned security veteran and CEO of Nexasure, Rick McElroy. Rick, with over 25 years of experience in cybersecurity, shares his insights on the primary challenges organizations face in data security, focusing on the often-overlooked human and cultural elements. He emphasizes the importance of education, awareness, and the need for a balanced investment between technology and people. Rick also delves into the dynamics of cross-generational training and the impact of organizational culture on security programs. Additionally, he shares his personal journey in cybersecurity, discusses the significance of continuous learning and volunteering, and offers advice for individuals looking to enter or advance in the field. The episode highlights the need for a holistic approach to data security that includes both technological solutions and human factors.

Takeaways:

• Prioritize People and Culture in Security: Invest in security awareness and education at all levels of the organization, not just in technology.
• Engage Leadership Early: Start security conversations at the highest levels (C-suite) to ensure buy-in and proper governance. Clarify who is responsible for risk and ensure decision-makers are educated on security issues.
• Balance Technology with Human Factors: Don’t rely solely on technical solutions; consider how changes impact people and workflows. Design security controls and processes with end users in mind to minimize friction and maximize adoption.
• Invest in Prevention and Smart Tooling: Focus on effective, well-managed controls rather than constantly switching tools. Choose vendors and solutions that can scale with your organization and minimize switching costs.
• Tailor Security Training to Your Audience: Use multimodal training approaches (video, experiential, written) to reach different generations and learning styles.
• Support Career Growth and Entry into Cybersecurity: Take advantage of free vendor training and volunteer opportunities to gain experience.

Quote of the Show:

• “What I'm actually interested in is a change in behavior to the positive, even if that's a tiny thing that one user does that's more secure than it was yesterday.” - Rick McElroy

Links:

• LinkedIn: https://www.linkedin.com/in/rickdecrypts/ 
• Website: https://nexasure.ai/ 

For more insights on cybersecurity resilience, visit: https://www.sentra.io/use-cases/cyber-security-resilience

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/ 
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

The answer is you can’t. Rick DeLoach, Deputy CISO at ADT, joins Ward on this week’s episode to discuss the crucial aspects of data security and governance. Rick shares his two decades of experience in the field, emphasizing the importance of data discovery, classification, and the implementation of structured programs involving process, policy, and technology. The conversation also covers the challenges of integrating AI technologies within organizations and the significance of ongoing business alignment to enhance security practices. Lastly, Rick's journey from finance student to cybersecurity leader offers valuable insights and advice for aspiring professionals in the field.

Takeaways:

• Start with Data Discovery and Classification: You can't protect what you don't know you have. Begin by inventorying and classifying your data assets.
• Establish Strong Governance and Policy Frameworks: Before investing in technology, ensure you have clear, organization-wide policies and processes for data handling and security.
• Align Security with Business Needs: Engage business stakeholders to understand what data is most critical, why it matters, and the impact if it’s lost or exposed.
• Educate and Partner with Business Users: Move from being the “department of no” to a partner that educates and collaborates with business units on secure data practices.
• Be Proactive, Not Reactive: Build and maintain a data inventory to enable rapid response and assessment in the event of a breach or incident.
• Balance Innovation and Security: Embrace new technologies like AI, but ensure their use is governed by clear policies and risk assessments.
• Stay Adaptable: The security landscape changes rapidly—be ready to adjust your approach as new challenges and technologies emerge.

Quote of the Show:

• “You don't know how to protect something if you don't know what it is and where it's at.” - Rick DeLoach

Links:

• LinkedIn: https://www.linkedin.com/in/rdeloach/ 
• Website: https://www.adt.com/ 

For more insights on data discovery, visit: https://www.sentra.io/product/data-discovery-and-classification

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/ 
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod 

In the inaugural episode of Guardians of the Data, host Ward Balcerzak sits down with Luis Valenzuela, Director of Data Governance and Data Loss Prevention at InComm Payments. Luis, who brings two decades of cybersecurity experience, dives into the often-overlooked fundamentals of data security. Discover why understanding and categorizing your most critical data is paramount, how robust governance can transform your approach, and the strategic role of tools in a well-defined process. Luis also shares his inspiring journey from Colombia to becoming a cybersecurity leader, highlighting the power of hard work, resilience, and cultivating strong relationships and processes.

Takeaways:

• Prioritize Data Governance: Establish clear data governance frameworks that are practical and actionable. Avoid lengthy, complicated documents that no one will read.
• Simplify Data Classifications: Reduce complex data categories into a smaller number of easily understandable types. This helps with better adherence across the organization.
• Combine Tools with Processes: Utilize both technological tools and well-defined processes to manage data security effectively. Tools should complement your strategic planning and governance efforts.
• Training and Awareness: Regularly educate and train employees about data security policies and procedures. Tailor this training to specific departments to make it relevant and practical.
• Document Sensitivity: Label and classify data accurately to ensure that sensitive information is appropriately protected according to its level of sensitivity.
• Foster Trust: Collaborate with different teams and leaders to build trust. This eases the implementation of security measures and reduces the typical friction between security teams and business units.
• Focus on People and Relationships: Invest time in understanding the needs and operations of different departments. Effective data security is as much about relationship management as it is about technical measures.

Quote of the Show:

• “The emphasis is on process. The more I work in cyber, I realize that's what we need to work more on.” - Luis Valenzuela

Links:

• LinkedIn: https://www.linkedin.com/in/luisvalenzuela28323623/ 
• Website: https://www.incomm.com/ 

For more insights on data overexposure, visit: https://www.sentra.io/product/least-privilege-access-control

Ways to Tune In:

• Transistor: https://guardiansofthedata.show/ 
• Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ 
• Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 
• Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
• iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
• YouTube: https://www.youtube.com/@GuardiansoftheDataPod