Sign up to save your podcasts
Or
Share Who Owns Your AI Security Policy? with Chris Cochran
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Who Owns Your AI Security Policy? with Chris Cochran
Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question?
Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions.
They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between.
Impactful Moments
00:00 - Introduction
03:00 - Chris Cochran: from Co-Founder to SANS Field CISO
04:20 - Your board is pushing AI before security is ready
06:00 - Tiers of AI uses: summarization to full automation
07:50 - When AI shouldn't make the final call
10:10 - Bite-sized AI: starting small in the enterprise
11:45 - Introducing the SANS AI Security Maturity Model
13:20 - You can no longer afford to be an AI skeptic
16:30 - Three buckets: utilize, protect, and govern AI
18:50 - Fact or Cap: what level of maturity is your enterprise?
21:00 - Retroactive vendor risk and the AI explosion
23:05 - Agentic Identity: workforce, non-human, and beyond
25:00 - What works in the agentic identity space?
27:05 - Blockchain for agent identity: promising or hype?
29:00 - A Message for the next generation of practitioners
31:30 - Ron's closing take: who owns your AI policy?
Links
Connect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/
Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
View all episodes
By Hacker Valley Media
4.7
6060 ratings
Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question?
Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions.
They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between.
Impactful Moments
00:00 - Introduction
03:00 - Chris Cochran: from Co-Founder to SANS Field CISO
04:20 - Your board is pushing AI before security is ready
06:00 - Tiers of AI uses: summarization to full automation
07:50 - When AI shouldn't make the final call
10:10 - Bite-sized AI: starting small in the enterprise
11:45 - Introducing the SANS AI Security Maturity Model
13:20 - You can no longer afford to be an AI skeptic
16:30 - Three buckets: utilize, protect, and govern AI
18:50 - Fact or Cap: what level of maturity is your enterprise?
21:00 - Retroactive vendor risk and the AI explosion
23:05 - Agentic Identity: workforce, non-human, and beyond
25:00 - What works in the agentic identity space?
27:05 - Blockchain for agent identity: promising or hype?
29:00 - A Message for the next generation of practitioners
31:30 - Ron's closing take: who owns your AI policy?
Links
Connect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/
Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
More shows like Hacker Valley Studio
View all
Hacked
188 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
368 Listeners
Risky Business
376 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
649 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
316 Listeners
Click Here
420 Listeners
Darknet Diaries
8,051 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
192 Listeners
Defense in Depth
73 Listeners
My First Million
2,675 Listeners
Cybersecurity Headlines
136 Listeners
Hacker And The Fed
167 Listeners