Sign up to save your podcasts
Or
Share Classify First, Secure Everything Else - Cory Zaner - Guardians of the Data
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Classify First, Secure Everything Else - Cory Zaner - Guardians of the Data
What's your biggest data security blind spot?
Today's guest, Cory Zaner, Senior Enterprise Architect for critical infrastructure and trusted advisor to executive leaders, joins Ward to discuss why organizations continue to struggle with data security fundamentals, and what it actually takes to fix them.
With over 20 years of experience across energy, manufacturing, and defense industries, Cory draws on his military background, time at Raytheon, and hands-on work in OT/ICS environments to break down the data security challenges most organizations are still getting wrong.
Takeaways:
- Start with Data Classification, Not Tools: Before reaching for the latest shiny object, organizations need to define their data tiers. Cory recommends aligning to an established framework like NIST, then mapping your tiers to a simple color-coded system,red, yellow, green, so users can actually act on it.
- Keep It Simple: Over-complicated classification schemes with 10–20 tags and sub-tags are a recipe for failure. If your users need a secret decoder ring to understand how to classify data, the program has already failed.
- The Data Owner Classifies the Data: Not IT. Not the tool. The person who knows what the data is worth is the one who should be tagging it. Technology can assist, but it can't make that judgment call for you.
- Align to a Framework, Then Scope It: Whether it's NIST, ISO, or another standard, anchoring your program to an established framework takes the argument off the security team's plate. You're not asking people to trust your ideas; you're pointing to an industry consensus.
- Start with Unstructured Data First: Cory recommends beginning with your M365 or G Suite environment, where user-generated content lives, before tackling structured data like SQL databases. That's where the real user behavior risk is.
- Build the Right Committee: Data classification can't live in a security silo. Legal, privacy, and HR are essential early partners. Build a governance committee with real ownership, not just initial enthusiasm that fades after the first few meetings.
Quote of the Show:
"Garbage in, garbage out. AI can make things prettier, but we cannot change the mindset of people with technology.” - Cory Zaner
Links:
- LinkedIn: https://www.linkedin.com/in/cory-zaner/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
View all episodes
By Ward BalcerzakWhat's your biggest data security blind spot?
Today's guest, Cory Zaner, Senior Enterprise Architect for critical infrastructure and trusted advisor to executive leaders, joins Ward to discuss why organizations continue to struggle with data security fundamentals, and what it actually takes to fix them.
With over 20 years of experience across energy, manufacturing, and defense industries, Cory draws on his military background, time at Raytheon, and hands-on work in OT/ICS environments to break down the data security challenges most organizations are still getting wrong.
Takeaways:
- Start with Data Classification, Not Tools: Before reaching for the latest shiny object, organizations need to define their data tiers. Cory recommends aligning to an established framework like NIST, then mapping your tiers to a simple color-coded system,red, yellow, green, so users can actually act on it.
- Keep It Simple: Over-complicated classification schemes with 10–20 tags and sub-tags are a recipe for failure. If your users need a secret decoder ring to understand how to classify data, the program has already failed.
- The Data Owner Classifies the Data: Not IT. Not the tool. The person who knows what the data is worth is the one who should be tagging it. Technology can assist, but it can't make that judgment call for you.
- Align to a Framework, Then Scope It: Whether it's NIST, ISO, or another standard, anchoring your program to an established framework takes the argument off the security team's plate. You're not asking people to trust your ideas; you're pointing to an industry consensus.
- Start with Unstructured Data First: Cory recommends beginning with your M365 or G Suite environment, where user-generated content lives, before tackling structured data like SQL databases. That's where the real user behavior risk is.
- Build the Right Committee: Data classification can't live in a security silo. Legal, privacy, and HR are essential early partners. Build a governance committee with real ownership, not just initial enthusiasm that fades after the first few meetings.
Quote of the Show:
"Garbage in, garbage out. AI can make things prettier, but we cannot change the mindset of people with technology.” - Cory Zaner
Links:
- LinkedIn: https://www.linkedin.com/in/cory-zaner/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod