On CISO Tradecraft, host G Mark Hardy welcomes back JP Bourgeet to discuss what “AI readiness” means for organizations, framing it as both a data governance challenge and a change-management problem. JP defines readiness for CISOs as strong threat protection, data security/governance, and device management, with the biggest gaps typically in labeling, DLP/DSPM, and poor information architecture (e.g., commingled data in SharePoint/Drive). They cover re-architecting past and future data into role-based structures so Copilot can honor permissions and sensitivity labels, plus the value of visibility, auditability, and insider-risk alerting for file access and LLM prompts. JP also discusses agentic systems and upcoming identity challenges for AI agents, compares AI readiness to platform engineering, emphasizes use-case-driven adoption (lunch-and-learns and ROI tracking), and highlights Daniel Miessler’s personal AI infrastructure work and a future shift toward AI-driven security products.

JP Bourget's Website https://www.bluecycle.net/

JP Bourget's Linkedin https://www.linkedin.com/in/jpbourget/

SaltCon- https://naclcon.com/