AI agents are moving fast, and security teams are scrambling to keep up.

Join us as Heather Ceylan, SVP & Chief Information Security Officer at Box, who has spent the last several years leading security teams through rapid change from the explosive growth years at Zoom to her current work shaping Box’s AI posture.

Heather shares what it actually feels like to run security at a time when agents can be created in minutes, permissions matter more than ever, and governance committees are struggling to keep pace. She explains why treating agents as identities fundamentally changes the model, how MCP servers introduce new exposure points, and why her team is embedding AI directly into SOC work, design reviews, and vulnerability remediation.

It’s a grounded look at how a CISO makes sense of AI while everything around the role continues to shift.

In this episode, you’ll learn:

• Why agents need their own identities and permissions rather than inheriting access from the people who create them

• How SOC teams can shift from constant alert triage to real threat hunting with the help of AI agents

• How AI can speed up vulnerability remediation by creating pull requests that engineers only need to review and merge

Things to listen for: 

(00:00) Meet Heather Ceylan

(00:58) Career path from healthcare to Zoom to Box

(03:58) Risks of AI agents accessing unstructured content

(05:18) Why agent identity and permissions are the new priority

(06:50) The challenge of discovering and governing ephemeral agents

(08:16) How sandboxes and policies support safe experimentation

(09:20) AI governance gaps and the need for dedicated ownership

(13:10) Defining AI governance across technical and legal domains

(16:17) The rise of MCP servers and new exposure points

(18:05) Four AI bets transforming Box’s SOC and security workflows

(23:31) KPIs and measuring AI’s impact on security teams

(25:27) Resource trade-offs when adopting AI in security

(27:58) Managing the complexity of model selection and trust

(29:58) Should companies form dedicated AI security teams?

Security and privacy leaders are under pressure to sign off on AI, manage data risk, and answer regulators’ questions while the rules are still taking shape and the data keeps moving.

 On this episode of Ctrl + Alt + AI, host Dimitri Sirota sits down with Trevor Hughes, President & CEO of the IAPP, to unpack how decades of privacy practice can anchor AI governance, why the shift from consent to data stewardship changes the game, and what it really means to “know your AI” by knowing your data. 

Together, they break down how CISOs, privacy leaders, and risk teams can work from a shared playbook to assess AI risk, apply practical controls to data, and get ahead of emerging regulation without stalling progress.

In this episode, you’ll learn:

• Why privacy teams already have methods that can be adapted to oversee AI systems

• Boards and executives want simple, defensible stories about risk from AI use

• The strongest programs integrate privacy, security, and ethics into a single strategy

  
  

Things to listen for: 

(00:00) Meet Trevor Hughes

(01:39) The IAPP’s mission and global privacy community

(03:45) What AI governance means for security leaders

(05:56) Responsible AI and real-world risk tradeoffs

(08:47) Aligning privacy, security, and AI programs

(15:20) Early lessons from emerging AI regulations

(18:57) Know your AI by knowing your data

(22:13) Rethinking consent and data stewardship

(28:05) Vendor responsibility for AI and data risk

(31:26) Closing thoughts and how to find the IAPP

AI agents are becoming part of everyday business, but building ones that reason and adapt is still a challenge.

On this episode of Ctrl + Alt + AI, host Dimitri Sirota sits down with Joe Miller, Chief AI Officer of Vivun, to explore how enterprises are creating agents that move beyond simple automation. Joe shares what it takes to design systems that can model knowledge, fit into company culture, and genuinely support teams in their work.

We examined where current approaches fall short, explored what’s possible as AI matures, and discussed how leaders can prepare for the next stage of intelligent agents in security and enterprise environments.

In this episode, you’ll learn:

• How reasoning and knowledge representation shape the future of AI agents

• Why cultural fit matters for the successful adoption of intelligent assistants

• What enterprises should expect as agent technology matures

  
  

Things to listen for: 

(00:00) Meet Joe Miller

(01:42) Physics background shaping an AI career

(04:44) Why presales roles inspired Vivun’s creation

(05:29) GPT-3 surprises and the UX breakthrough

(08:37) GPT-5’s plateau and persistent hallucinations

(12:32) Moving from a small pond to a big ocean

(15:08) How Ava supports the full pipeline

(21:38) Culture as the differentiator for AI agents

(28:21) Should AI agents specialize or do everything?

Everyone has questions about AI and security, but not everyone hears from the people shaping the future.

Hosted by Dimitri Sirota, Ctrl + Alt + AI brings conversations with the leaders defining data protection, governance, and compliance in an AI-driven world. Listeners will hear insights from CISOs, privacy experts, and innovators who are navigating the risks and opportunities that come with rapid change.

Together, we’ll examine the challenges and opportunities ahead and explore what it takes to stay informed, resilient, and prepared in the evolving landscape of security and AI.

In this episode, we're joined by Eugene Tunik, Director, AI + Health at The Institute for Experiential AI, to discuss ML & AI in the neurologic system, modeling based on human movement data, social robotics, and more.

Joe Dery, Dean of Data Analytics, Computer Science, & SW at WGU, joins the podcast to talk about AI governance, how to bring people, process, and technology together to make AI projects successful, the importance of user experience and AI fluency, and more.

Dr. Anmol Agarwal, Senior Security Researcher at Nokia specializing in AI and Machine Learning security in 5G and 6G, joins us on BigIDeas on the Go to talk about today's security concerns with AI including insider risk, security data at rest and in transit, understanding your use case for AI, and more.

In this episode, Beatriz Ruiz-Beato, Head of Global Data Privacy at NEC Corporation, joins us to discuss about how AI technologies can be used responsibly, how privacy requirements come into play with AI frameworks, the new AI regulation in the EU, and more.

To kick off season 4 of the podcast, Joseph Gridley, the Chief Privacy Officer at University of Maryland, joins us to talk about securing sensitive data in higher education, the impact and evolution of AI, and more.

Bjørn Watne, Senior Vice President and Chief Security Officer (CSO) of Telenor based out of Norway, joins the podcast to discuss the evolution of data security and the role of the CISO, data integrity and resilience in the midst of digital transformation and cloud migrations, data regulations in Europe and Norway, and more.