The world of data security has fundamentally changed, yet many organizations still approach it as a one-time project rather than an ongoing journey. In this episode of The Future of Data Security, Orson Lucas, Principal at KPMG, draws on his 20+ years of experience to challenge the "one-and-done" approach that dooms many security initiatives. After witnessing the evolution from obscure privacy regulations to strategic business differentiators, Orson walks Jean through why even the most sophisticated organizations struggle with fundamental data governance and how the rise of AI assistants is creating unprecedented new risks.

Orson discusses why privacy is fundamentally a data governance problem, how to balance comprehensive security with practical investment limits, and why the most effective security strategies build on existing technology ecosystems rather than creating parallel systems. He also shares candid insights about how AI assistants like Microsoft Copilot are changing the risk equation by inheriting user permissions to access sensitive data that humans would never realistically browse through.

Topics discussed:

The security landscape has radically shifted from "if you get breached" to "when you get breached" — and Morgan Stanley's approach to data protection reflects this fundamental change in mindset. In this episode of The Future of Data Security, Faith Rotimi-Ajayi, AVP of Operational Risk, discusses how sophisticated attackers are now researching and targeting specific financial institutions rather than relying on opportunistic attacks. 

Faith tells Jean why social engineering attacks have evolved to target entire family units, including compromising newborns' Social Security numbers for future fraud, and why third-party risk management demands rigorous new approaches as vendors increasingly implement AI without adequate security governance. She also shares her experience implementing dedicated AI governance committees, using risk-based authentication that adjusts friction based on user behavior analysis, and how the pandemic accelerated zero trust implementation by eliminating location-based security models.

Topics discussed:

"If you aren't investing in penetration testing, if you aren't investing in having external auditing and third party reporting like gray and black box type testing, you're leaving your program extremely exploitable because you're just admiring the beauty of your own ideas." This blunt assessment from George Al-Koura, CISO at ruby, encapsulates his refreshingly practical approach to data security. 

In this episode of The Future of Data Security, George challenges conventional wisdom by predicting a major shift back to controlled data centers as organizations struggle with securing AI implementations in the cloud. He reflects on why no one has successfully created secure LLMs that can safely communicate with the open web, exposes the growing threat of "force-enabled" AI tools being integrated without proper consent, and explains why technical skills are actually the easiest part of building an effective security team. With threat actors now operating with enterprise-level organization and sophistication," George also shares battle-tested strategies for communicating risk effectively to boards and establishing security programs that can withstand sophisticated attacks.

Topics discussed:

In this insightful episode of The Future of Data Security, Jean Le Bouthillier speaks with Daniel Maynard, VP of Privacy and Data Risk Management & CPO at Early Warning, shares his journey from law to privacy and offers a practical framework for assessing AI implementation risks — distinguishing between controllable technical risks and more complex model provenance concerns. 

Daniel tells Jean about the critical challenges facing financial institutions, including data quality issues, AI ethics considerations, and the paradox of balancing fraud prevention with privacy protection. Daniel provides actionable governance strategies for managing shadow AI, addresses emerging threats from AI-powered fraud, and offers valuable insights on the evolving regulatory landscape. His balanced approach emphasizes documented risk assessment processes while acknowledging varying organizational risk tolerances.

Topics discussed:

Within just four hours of implementing controls at one healthcare organization, Patrick Carter, Sr. Practice Director at Cyderes, and his team caught an employee secretly selling sensitive patient data. Patrick doesn't just tell Jean his war stories, however — he provides a practical framework for quantifying security risks using the FAIR model and sounds the alarm on shadow AI becoming the single biggest threat to data security. From discovering that 10% of AI-generated code contains vulnerabilities to developing detection tools for unauthorized AI usage, Patrick offers a masterclass in navigating both the dangers and opportunities of AI for security leaders.

Topics discussed:

The cybersecurity landscape is entering an AI arms race, and Kevin Kirkwood, CISO at Exabeam, is on the frontlines building defenses that can match the speed of machine-powered threats. As Exabeam's "Customer Zero," Kevin shares candid insights from transitioning through three platform generations in three years, reflecting on how each migration exposed previously undetected attack patterns in Microsoft environments. 

His experience leading the rapid adoption of 700+ UEBA rules simultaneously (against recommended practice) offers valuable lessons for security leaders pushing the boundaries of detection capabilities. Kevin envisions a future where AI-assisted systems can propose new detection rules for zero-days within minutes, while grappling with immediate challenges — like the day Microsoft Edge suddenly claimed his company had authorized Copilot without CISO approval — highlighting the complex reality of managing AI tool permissions in enterprise environments.

Topics discussed:

Drawing on his unique background in high-energy physics experimentation, Robert Roser, CISO & Director of Cyber Security at Idaho National Laboratory, offers valuable insights into the parallels between managing complex scientific detectors and securing critical national research infrastructure. He explores the evolving landscape of scientific computing security, from the open science environment of Fermilab to the classified research world of nuclear energy. 

Rob's practical experience implementing zero-trust architecture, managing international collaborations, and navigating federal compliance requirements provides a comprehensive view of modern cybersecurity challenges in sensitive research environments. His candid discussion of AI's impact on both security threats and solutions, particularly in the context of high-performance computing and shadow AI risks, also offers valuable perspective on the future of data protection in scientific research.  

Topics discussed:

Drawing from his diverse background in both private and public sectors, Chris Pahl, CPO of the County Executive Office of the County of Santa Clara, tells Jean how organizations can transform privacy from a compliance burden into a strategic asset on this episode of The Future of Data Security Show. 

Chris’s "U R IT" framework emphasizes the crucial role of employees in data protection, and his practical approach to managing AI risks and surveillance technologies offers a blueprint for modern privacy leadership. He demonstrates how to build privacy programs from the ground up, foster cross-departmental collaboration, and navigate the evolving landscape of data governance in an AI-driven world, all while maintaining a human-centric approach that puts trust and transparency first. 

Topics discussed:

In this episode of The Future of Data Security Show, Jean speaks with Orrie Dinstein, Global Chief Privacy Officer at Marsh McLennan. Orrie shares his extensive experience in data privacy, highlighting the shift from compliance-focused programs to a more integrated approach that encompasses information governance. 

Orrie also sheds light on the misconception of data ownership among executives, the complexities of navigating global privacy laws, and the critical need for collaboration between privacy and security teams. He also offers his strategies for how organizations can effectively manage data protection while fostering innovation. 

Topics discussed:

In this episode of The Future of Data Security Show, Jean speaks with Hugo Teufel, VP; Deputy General Counsel for Cyber, Privacy, Records; & Chief Privacy Officer at Lumen Technologies. Hugo shares his expertise on the evolving landscape of data privacy and security, such as the significant impact of AI on data security, emphasizing the need for organizations to understand various AI use cases and implement robust governance frameworks. 

Hugo also highlights the importance of employee training in mitigating risks, noting that human error remains a critical vulnerability. Additionally, he explores the complexities of navigating global data privacy regulations and the necessity of aligning privacy strategies with organizational risk appetites. Tune in for valuable insights! 

Topics discussed: