Guardians of the Data

Ward Balcerzak
  • 5.0 (3)
  • TECHNOLOGY

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

  1. AI: The New Era of Cyber Threats - Dr. Sergio Sanchez - Guardians of the Data - Episode #18

    4D AGO

    AI: The New Era of Cyber Threats - Dr. Sergio Sanchez - Guardians of the Data - Episode #18

    Are your cybersecurity practices ready for the new era of AI-generated phishing, social engineering, and real-time deepfake attacks? In this episode of Guardians of the Data, Dr. Sergio Sanchez, CIO of Coleman Health Services and former medical turned cybersecurity leader, breaks down the rapidly evolving world of AI-driven cyber threats. With more than 25 years in IT and security, Sergio brings a rare blend of technical insight, human understanding, and real-world experience. He digs into how AI is reshaping the attacker landscape, why non-technical employees are now prime targets, and what leaders must do today to prepare their organizations for the next wave of threats: from voice cloning and deepfake videos to hyper-personalized social engineering attacks. Sergio also shares his incredible personal journey from operating rooms in Mexico to managing technology for the Catholic Church across 50 states, to now securing one of the most mission-critical environments in healthcare. Takeaways: Train Everyone, Not Just Leadership: Security awareness and training should include all employees, not just executives. Threat actors often target those with less technical knowledge.Emphasize Caution Before Clicking: Encourage a culture of "think before you click"; whether it’s a link in an email, a text, or a message from a familiar contact.Adopt Multi-Factor Authentication (MFA): Use MFA wherever possible, and educate users on alternatives if they don’t have access to a cell phone (e.g., voice call authentication).Verify Unusual Requests: Establish code words or secondary verification steps for sensitive requests, especially those involving money or confidential information even if the request appears to come from a trusted source.Recognize the Blending of Digital and Real Life: Remind everyone that even if they don’t use social media, their digital footprint (e.g., online banking, email) can still make them a target.Support Those Afraid of Technology: Offer extra help and patience to those who are “allergic to technology.” Their lack of comfort can make them prime targets. Quote of the Show: “We are creating a monster that we are now giving the tools to destroy us.” - Dr. Sergio Sanchez Links: LinkedIn: https://www.linkedin.com/in/dr-sergio-e-sanchez/ Website: https://www.colemanservices.org/ Podcast: https://podcasts.apple.com/us/podcast/behind-the-digital-curtain/id1829054726   Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    48 min
  2. Know Your Crown Jewels: Discovery at the Heart - Bryan DeLuca - Guardians of the Data - Episode #17

    NOV 20

    Know Your Crown Jewels: Discovery at the Heart - Bryan DeLuca - Guardians of the Data - Episode #17

    Do you really know what your organization’s “crown jewels” are? Or how to protect them? Bryan DeLuca, Principal Cybersecurity Engineer and self-proclaimed “Swiss Army knife” for data security programs, shares why every great security strategy starts with understanding your data. With over 25 years of IT and cybersecurity experience across a variety of industries, Bryan dives into what it really means to know your “crown jewels”, the data that would stop your business cold if it were compromised. He also discusses the critical role of trust and mental health in fostering a productive and secure work environment. Additionally, Bryan offers practical advice on data protection strategies, the significance of process-driven approaches, and how to effectively implement data lineage and insider threat management. Takeaways: Know Your Data: Start by identifying what your organization's most sensitive and valuable data is. This varies by industry, so tailor your approach accordingly.Engage with the Business: Build relationships with business stakeholders (like a business information security officer) to understand what data is truly critical and why.Think Like an Attacker: Consult with ethical hackers or your red team to understand what data would be most attractive to adversaries and how it might be targeted.Do Your Own Reconnaissance: Proactively research what information about your organization is available on the dark web or in hacker forums. Don’t rely solely on automated tools, get hands-on.Develop and Practice Incident Response: Go beyond compliance checklists. Create tailored incident response plans for different types of sensitive data and run realistic, unannounced tabletop exercises to test your readiness.Map and Monitor Sensitive Data: Build a data catalog or index to track where sensitive data lives, how it moves, and who accesses it. Use tagging and alerting to prioritize responses to incidents involving critical data. Quote of the Show: “We gotta get faster. And the way to do that is knowing where your sensitive data lives on your network.” - Bryan DeLuca Links: LinkedIn: https://www.linkedin.com/in/bdll/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    47 min
  3. Building an Effective Data Security Program - Matthew Gonzales - Guardians of the Data - Episode #16

    NOV 13

    Building an Effective Data Security Program - Matthew Gonzales - Guardians of the Data - Episode #16

    Are you building a data security program that truly works or just checking the boxes for compliance?  In this episode of Guardians of the Data, Matthew Gonzales, Director of Data Security Engineering, shares what it really takes to build and sustain an effective data security program. Drawing from his 20 years of experience, Matthew stresses the importance of having a structured data security strategy, incorporating business objectives, control frameworks, and operating models. The conversation dives into the nuances of stakeholder engagement, effective communication, and proactive governance. Matthew also shares insights from his own journey in the industry, emphasizing the need to align data security practices with evolving technologies like AI. This episode serves as a comprehensive guide for organizations looking to fortify their data security frameworks. Takeaways: Define a Clear Vision and Mission for Data Security: Start by establishing a vision and mission that aligns with your organization’s broader goals. This sets the tone and direction for your data security program.Set Specific Business Objectives: Identify concrete goals, such as global deployment of DLP or minimizing friction for end users, to guide your program’s efforts.Establish a Control/Capabilities Framework: Clearly outline what is in scope for your data security program to avoid overlap and friction with other teams (e.g., cloud security, IAM, networking).Develop a Robust Operating Model: Map out how your program will operate, including who needs to be involved (cybersecurity peers, legal, HR, privacy, infrastructure, etc.). Use tools like RACI matrices to clarify roles and responsibilities.Engage Stakeholders Early and Often: Identify key stakeholders, blockers, and influencers. Bring them together to present your strategy, gather feedback, and secure buy-in.Maintain and Update Your Operating Model Regularly: Don’t let your operating model get stale. Update it proactively (ideally monthly or quarterly) to reflect organizational and technological changes.Foster a Culture of Self-Service and Openness: Encourage employees to ask questions and seek guidance on data handling. Success is when people proactively reach out for advice. Quote of the Show: “Without a good program, you’re kind of lost in the dark, fumbling around trying to find a light switch.” - Matthew Gonzales Links: LinkedIn: https://www.linkedin.com/in/matthew-c-gonzales-64012a8/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  4. How to Make DLP Work in the Real World - Tobias Simpson - Guardians of the Data - Episode #15

    NOV 6

    How to Make DLP Work in the Real World - Tobias Simpson - Guardians of the Data - Episode #15

    In this episode of Guardians of the Data, Ward sits down with Tobias Simpson, Director of Data Security and Security Awareness at Kennesaw State University, to unpack the realities of data classification, governance, and loss prevention in complex organizations. With over 25 years in IT and cybersecurity, Tobias shares hard-earned lessons on building a data-first culture, getting executive buy-in, and using tools like Microsoft Purview to make DLP actually work, without breaking the business. Tobias also highlights the significance of tabletop exercises with departmental cooperation, implementing document matrices, and maintaining strong relationships with technology providers. The conversation concludes with Tobias reflecting on his career journey from help desk roles to cybersecurity leadership, and offering advice for professionals entering or advancing in the field. Takeaways: Start with Data Classification Tabletop Exercises: Conduct tabletop exercises to classify and understand your organization’s data.Involve the Right People: Assign data stewards and involve all key stakeholders in data initiatives.Don’t Fear DLP “Prevention” Mode: Move beyond just monitoring to actively preventing data loss, but do so with proper support systems and communication in place.Leverage Vendor Relationships: Build strong partnerships with your technology providers to navigate platform changes and challenges.Establish Ongoing Support and Feedback Loops: Set up regular check-ins (e.g., quarterly meetings) with departments to review DLP effectiveness and address issues.Communicate and Build Awareness: Regularly communicate with high-risk departments (finance, HR, logistics) about DLP and data security. Use newsletters, training, and ongoing discussions to keep data protection top of mind.Quote of the Show: “You should have a strong relationship with those stakeholders and constantly talk about data loss prevention around those people.” - Tobias SimpsonLinks: LinkedIn: https://www.linkedin.com/in/tobias-simpson-706b57a8/ Website: https://www.kennesaw.edu/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  5. Building Resilient Security Champions - Christian Ghigliotty - Guardians of the Data - Episode #14

    OCT 30

    Building Resilient Security Champions - Christian Ghigliotty - Guardians of the Data - Episode #14

    What if the key to stronger data security isn’t technology… but curiosity? In this episode, Christian Ghigliotty, Head of Enterprise Security Engineering, joins us to unpack what it really takes to build a security-first culture in today’s AI-driven world. From champion programs to collaboration councils, Christian shares how curiosity, communication, and connection are redefining how modern teams protect data. He also opens up about his unconventional career path and why he believes writing and relationship-building are two of the most underrated skills in tech. Whether you’re leading enterprise security or just getting started in data protection, this conversation will leave you thinking differently about how trust, empathy, and engagement fuel resilience.   Takeaways: Identify and Empower Champions: Find individuals passionate about data security within your organization and empower them to act as liaisons or "champions" to bridge gaps between teams.Create a Council or Working Group: Bring together your champions or stakeholders regularly, not just for updates but for active participation, problem-solving, and sharing ownership of outcomes.Leverage Awareness Opportunities: Use events like Cybersecurity Awareness Month to elevate champions, share success stories, and recruit new advocates.Apply Your Unique Skills: Leverage your background and strengths (e.g., communication, writing, teaching) to add value in security roles, even if you come from a non-technical background.Gamify Security Initiatives: Consider using gamification (leaderboards, rewards, or friendly competition) to incentivize good security practices and increase engagement.Document and Share Successes: Regularly communicate wins and lessons learned to maintain momentum and encourage broader participation.Don’t Wait for the “Right” Time: Security awareness and improvement should be ongoing, not just tied to special months or events. Quote of the Show: “Cybersecurity doesn't always have to wait till October. Of course, we love to highlight cybersecurity awareness month, but every month we're working together on these things.” - Christian GhigliottyLinks: LinkedIn: https://www.linkedin.com/in/ghigliottyc/Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  6. How AI Is Reshaping Data Security - Adrian Guevara - Guardians of the Data - Episode #13

    OCT 23

    How AI Is Reshaping Data Security - Adrian Guevara - Guardians of the Data - Episode #13

    What happens when AI adoption moves faster than your security strategy? Today, Ward sits down with Adrian Guevara, Chief Information Security Officer at TELUS Digital Solutions, to unpack one of the biggest challenges facing organizations today: how to secure your business in an AI-driven world. Adrian brings over two decades of IT and cybersecurity experience and a refreshingly candid take on what it really takes to lead through massive change. Adrian shares insights on the impact of AI on businesses, the importance of understanding and tinkering with technology, and the crucial role of building trust and relationships within an organization. He emphasizes the need for a culture of continuous feedback and collaboration, especially in rapidly growing and technologically evolving environments. The episode also delves into Adrian's fascinating career journey from an IT director who was voluntold to be a security officer to his current role as a CISO, highlighting key strategies for navigating the ever-changing landscape of data security.   Takeaways: Ask “Can We Do It Better?”: Regularly question existing processes and tools. Encourage feedback from your team to drive continuous improvement.Create a Path of Least Resistance: Make secure, approved tools and processes as easy to use as possible to reduce the temptation for employees to circumvent security.Build a Culture of Trust and Approachability: Be visible, approachable, and responsive. Building trust makes it easier to implement change and get buy-in.Leverage Feedback for Better Security: Involve your team in decision-making, listen to their feedback, and let them help shape security policies and tool choices.Invest in Tools that Support Security: Provide employees with tools like password managers to make secure practices easier to follow.Build Relationships: Strong professional relationships help you navigate change, get buy-in, and create a more fulfilling work environment.Be Transparent and Communicate the “Why”: When implementing new policies or changes, explain the reasoning and how it benefits the team and organization.Quote of the Show: “ You gotta love what you're doing because there's gonna be hard times and there's gonna be times you have to learn things on your own. Without that love, it just makes it much harder to do.” - Adrian GuevaraLinks: LinkedIn: https://www.linkedin.com/in/adrian-guevara17/ Website: https://www.telusdigital.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  7. Securing AI and Reclaiming Control of Access - Kraig Faulkner - Guardians of the Data - Episode #12

    OCT 16

    Securing AI and Reclaiming Control of Access - Kraig Faulkner - Guardians of the Data - Episode #12

    Are we so obsessed with new AI tools that we’ve forgotten the basics of security? Kraig Faulkner, Field CTO at Infolock, joins the show to discuss the pressing challenges and solutions around data security, particularly focusing on AI and access control. Kraig elaborates on the importance of understanding business data, securing AI access, and the necessary steps organizations need to take to prevent data exfiltration. He shares his professional journey and thoughts on the future trends in data security, including a potential shift back to on-prem solutions and the integration of AI into larger security portfolios. The episode highlights key strategies for implementing and securing AI within organizations, making it a must-listen for security leaders.   Takeaways: Start Small, Don’t Boil the Ocean: Begin with a manageable subset of data or a pilot group rather than trying to secure everything at once.Audit Access Regularly: Conduct regular audits to determine who has access to what data, why they have access, and whether that access is still appropriate.Implement Role-Based Access Controls (RBAC): Use RBAC to ensure only the right people have access to sensitive data, and review these controls periodically.Control AI and Tool Access: Roll out generative AI and other new tools methodically. Test with small, trusted groups before wider deployment, and avoid unsanctioned tools.Validate AI Outputs: Always verify the accuracy and appropriateness of AI-generated outputs before acting on them or sharing them.Involve HR in Identity Management: Ensure HR processes are integrated with IT to manage onboarding, offboarding, and changes in access as roles evolve.Prepare for Ongoing Change: Recognize that securing data and managing access is an ongoing process. Regularly revisit policies, tools, and practices as technology and business needs evolve.Quote of the Show: “We have gotten so fascinated with what's new, what's hot, what's moving the needle, right? And we forget about some of the basics.” - Kraig FaulknerLinks: LinkedIn: https://www.linkedin.com/in/kraigfaulkner/ Website: https://www.infolock.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    51 min
  8. From Data Chaos to Clarity - Hans Vargas - Guardians of the Data - Episode #11

    OCT 9

    From Data Chaos to Clarity - Hans Vargas - Guardians of the Data - Episode #11

    What happens when your organization doesn’t know what it needs to protect? Today Ward welcomes Hans Vargas, Enterprise Data Protection Lead at Marathon Petroleum Corporation, who brings over two decades of experience in cybersecurity. Hans shares insights on the importance of understanding what data needs to be protected, and the challenges organizations face in this area, especially with the adoption of cloud services. He discusses the significance of communicating the value of data protection to business leaders and data owners, and offers practical advice on data discovery, retention, and governance. Hans emphasizes the necessity of including data security considerations in the early stages of application development and innovation. He also shares his personal journey from Peru to a successful career in the U.S., highlighting the importance of mentorship, continuous learning, and proactive problem-solving in cybersecurity. This episode provides valuable strategies for integrating data security into organizational processes and fostering collaboration between cybersecurity professionals and business stakeholders.   Takeaways: Know What You Need to Protect: Start with data discovery and identify what data you have, where it is, and what is sensitive. You can't protect what you don't know exists.Engage Data Owners Directly: Build relationships with data owners, not just stakeholders. Have open conversations to understand what is truly sensitive and important to the business.Communicate the Value of Data Protection: Clearly explain to business units why data protection matters, using relatable analogies if needed (e.g., moving houses, hoarding).Establish and Strengthen Data Governance: Ensure your organization has clear data governance policies covering the entire data lifecycle from creation to disposition.Collaborate Across Teams: Work closely with data governance, legal, and business units. Data security is a two-way street; share discoveries and insights to improve overall protection.Don’t Rely Solely on Tools: Deploying a tool is not enough. Make sure processes and responsibilities are in place before or alongside technology adoption.Consider the Full CIA Triad: Don’t focus only on confidentiality. Ensure data integrity and availability are also prioritized to keep the business running smoothly.Quote of the Show: “If you don't know what you need to protect, that's a problem.” - Hans VargasLinks: LinkedIn: https://www.linkedin.com/in/hansvargas/ Website: https://www.marathonpetroleum.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    52 min
See All (19)

Trailer

Ratings & Reviews

5
out of 5
3 Ratings

About

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

Information

  • Creator
    Ward Balcerzak
  • Years Active
    2K
  • Episodes
    19
  • Rating
    Clean
  • Copyright
    © 2025 Ward Balcerzak
  • Show Website
    Guardians of the Data