Future of Data Security

• Ask Jean – How Does Data Visibility Transform Crisis into Calm?

  Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses how data visibility can turn crisis into calm.  Would you like to have Jean answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer!

  --------  

  2:22

  --------

  2:22
• EP 18 — GW Law’s Robert Kang on Why Moving Too Slow With AI Creates Shadow Adoption

  Robert Kang, Professorial Lecturer of Cybersecurity & National Security, The George Washington University Law School, has been building enterprise cybersecurity programs since 2009, making him one of the “OG” practitioners when most organizations didn't even have dedicated cyber counsel. His unique perspective comes from protecting both critical infrastructure and social media platforms, highlighting how the same governance, risk management, and compliance framework applies across radically different threat landscapes.    In his conversation with Jean, he shares why organizations face equal risks from implementing AI too quickly or prohibiting it entirely, and how complete AI prohibition drives employees to use personal accounts for business purposes, eliminating organizational oversight entirely. Robert's systematic approach to building relationships with law enforcement agencies before crisis situations emerge provides a practical framework most organizations ignore. From free services like InfraGard to subscription-based programs like the National Cyber Forensics Training Alliance, these partnerships deliver both threat intelligence and confidential channels for sharing information with federal agencies.     Topics discussed:   The fundamental differences between protecting critical infrastructure versus social media platforms while using identical governance, risk management, and compliance frameworks. Why complete AI prohibition creates shadow adoption risks where employees use personal accounts for business purposes, eliminating organizational oversight and control. Building systematic relationships with law enforcement agencies through programs like InfraGard and the National Cyber Forensics Training Alliance before crisis situations emerge. The evolution of enterprise cybersecurity legal programs from non-existent in 2009 to essential business functions requiring dedicated counsel and executive sponsorship. How anticipating technology trends years in advance, rather than reacting to current adoption, positions cybersecurity professionals ahead of emerging threats. Training methodologies for technology lawyers that combine legal knowledge with technical understanding of AI, cybersecurity, and privacy frameworks. Essential certification pathways for legal professionals entering technology risk management including CC, CIPP, and AIGP credentials. Government threat-intelligence-sharing programs ranging from free public services to subscription-based personalized assistance for specific industries. Why law schools must teach both the law of AI and the technology of AI to prepare students for the transformed legal profession.

  --------  

  29:16

  --------

  29:16
• EP 17 — Modern Health’s Michael Hensley on Healthcare Security Beyond HIPAA Compliance Checkboxes

  The healthcare industry's digital transformation has created unprecedented opportunities for patient care delivery, but it's also introduced complex security challenges that extend far beyond traditional compliance frameworks. Michael Hensley, Director of Cyber Security at Modern Health, brings a unique perspective to protecting private — and heavily regulated — health data while maintaining the innovation velocity essential for startup success. Healthcare security teams must balance regulatory requirements with business agility, creating frameworks that protect patients without stifling innovation.    Michael's journey from professional musician to software engineer to cybersecurity leader shaped his understanding that effective security programs prioritize people and processes alongside technology investments. His approach demonstrates how healthcare organizations can build security frameworks that enable rather than restrict innovation, creating speedy review processes for new technologies while maintaining rigorous patient data protection standards. His conversation with Jean also explores the evolving landscape of healthcare cybersecurity, from shadow AI risks to the misconceptions surrounding HIPAA compliance.   Topics discussed:   The fundamental difference between healthcare cybersecurity and other industries, focusing on real-world patient impact rather than just financial or reputational damage from data breaches. Common misconceptions about HIPAA compliance, including the regulation's flexibility and how organizations must interpret general requirements based on their specific business models and patient populations. How telehealth expansion created new security paradigms, enabling rapid service deployment through cloud-native platforms while introducing risks from easy misconfigurations and third-party integrations. Shadow AI emergence in healthcare environments where employees seek productivity gains through unauthorized AI tools, potentially exposing patient data to non-compliant platforms without understanding regulatory implications. Organizational strategies for safe AI adoption in regulated industries, including dedicated review processes, governance committees, and internal tool development that unlocks productivity while maintaining compliance. The evolution from traditional on-premises healthcare security models to cloud-native architectures where services can be deployed with minimal friction but require sophisticated guardrails to prevent data exposure. Advanced approaches to vendor risk management in healthcare technology, balancing the need for third-party integrations with rigorous security and compliance vetting processes. Why effective cybersecurity programs treat people and processes as equally important to technology investments, focusing on ownership models and operational sustainability rather than just tool deployment. Building security teams that enable business objectives through speedy review processes and treating compliance requests as first-class problems rather than obstacles to innovation.

  --------  

  26:29

  --------

  26:29
• Ask Jean - How Does GenAI Reshape Data Security Risk?

  Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses how GenAI is reshaping data security risk.  Would you like to have Jean answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Jean Le Bouthillier:  LinkedIn  Listen to more episodes of Future of Data Security:  Apple  Spotify YouTube 

  --------  

  2:38

  --------

  2:38

Más podcasts de Tecnología

Podcasts a la moda de Tecnología

Acerca de Future of Data Security