Guardians of the Data

Ward Balcerzak

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

Episodes

  1. Why the 'Why' is More Important than the 'What’ - Derek Fisher - Guardians of the Data - Episode #7

    4D AGO

    Why the 'Why' is More Important than the 'What’ - Derek Fisher - Guardians of the Data - Episode #7

    What’s the meaning behind the data your team is collecting? Derek Fisher, Director of the Cybersecurity Defense and Information Assurance Program at Temple University, joins Ward to hash out the ‘why’ behind data security. Derek emphasizes the importance of understanding the integrity and proper usage of data, especially in scenarios like healthcare and financial services. The conversation also explores the differences in data security practices across various industries such as healthcare, financial services, and higher education. Derek shares insights on teaching the next generation of cybersecurity professionals and the relevance of the NIST NICE framework in aligning education and job roles. The episode offers practical advice for aspiring and current cybersecurity professionals on staying curious, demonstrating skills, and the importance of understanding the broader ecosystem of data security.   Takeaways: Question Every Data Collection: Before collecting any data, ask yourself if you truly need it. If the answer is no, don’t collect it. This reduces your responsibility to protect unnecessary information and minimizes risk.Show Your Work and Stand Out: Document and share your work, especially if you’re entering a new field like cybersecurity. Demonstrating your process and achievements helps you differentiate yourself from others.Data Minimization for Security: Avoid collecting data just because you might need it in the future. Every piece of data you store increases your attack surface. Only collect what is essential to reduce potential vulnerabilities.Use the NIST NICE Framework for Career Growth: Leverage frameworks like NIST NICE to understand the skills and knowledge required for specific roles. This can help you target your learning and career development more effectively.Stay Curious and Threat Model: Maintain a curious mindset and always think like an attacker. Regularly ask, “What can go wrong?” and “What will we do about it?” Practicing basic threat modeling is a critical skill for navigating today’s security landscape.Risk-Based Approach to Data Decryption: When deciding whether to decrypt data, use a risk-based approach. Work with legal and HR teams to set clear guidelines and avoid decrypting sensitive categories like healthcare unless necessary.Quote of the Show: “ For me, teaching this next generation of cyber individuals or technologists, it's about showing them sort of the entire picture.” - Derek FisherLinks: LinkedIn: https://www.linkedin.com/in/derek-fisher-sec-arch/ Website: https://www.securelybuilt.com/ Substack: https://substack.com/@securelybuiltWays to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    57 min
  2. Cybersecurity’s Weakest Link: Human Risk - Lisa Gunning - Guardians of the Data - Episode #6

    SEP 4

    Cybersecurity’s Weakest Link: Human Risk - Lisa Gunning - Guardians of the Data - Episode #6

    Human risk is the most unpredictable factor in cybersecurity and insider risk. Lisa Gunning, a counterintelligence and insider risk expert with over 18 years of experience in both the public and private sectors, joins Ward today to dive into human risk. Lisa shares her unique perspective on the human element in cybersecurity, the evolving landscape of insider threats, and the critical importance of building a strong security culture within organizations. The conversation covers the intersection of AI, human behavior, and data protection, offering practical advice for organizations of all sizes. She provides actionable recommendations and stories around her experiences that any listener can benefit from.   Takeaways: Recognize the Human Element: Understand that human behavior is often the biggest risk in data security. Both intentional and accidental actions by insiders can create vulnerabilities.Foster Security Culture: Build a culture where security is everyone’s responsibility. Encourage open conversations about risks and make security policies clear and rational.Partner Across Departments: Collaborate with stakeholders like HR, compliance, IT, and business leaders to address insider risk from multiple angles.Iterate Policies: Keep security and data policies up to date. Make them flexible enough to adapt to new technologies and edge cases, rather than relying on rigid, outdated rules.Monitor for Insider Threats: Identify high-risk individuals and roles, not just executives or IT admins, but anyone with access to sensitive data or mission-critical processes.Leverage Counterintelligence Tactics: Use counterintelligence strategies to understand what assets are valuable to adversaries and how your organization might be targeted.Be Transparent About AI Tools: Set clear guidelines for the use of AI note-takers and other digital assistants, especially in confidential meetings.Quote of the Show: “Human behavior is the biggest risk. We are an unpredictable, ever-evolving group, and as a very wise colleague of mine once said, humans are gonna human.” - Lisa GunningLinks: LinkedIn: https://www.linkedin.com/in/lisa-gunning/ Website: https://www.vaillancegroup.com/ Substack: https://lotstounpackthere.substack.com/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    55 min
  3. The Data Dilemma: Governance vs. Stewardship - Lance Fischer- Guardians of the Data - Episode #5

    AUG 28

    The Data Dilemma: Governance vs. Stewardship - Lance Fischer- Guardians of the Data - Episode #5

    What’s the balance between data governance and data stewardship? Lance Fischer, Principal Security Architect at Guidepoint Security, joins the show today and dives into the complexities of data security, highlighting the differences between data governance and data stewardship. He emphasizes the significance of visibility and collaboration among stakeholders in maintaining robust data security frameworks. Lance shares insights from his extensive career, revealing the practical challenges and strategies in improving data security through governance, tool rationalization, and pragmatic approaches. The discussion also touches on the evolving landscape of AI, APIs, and the critical importance of securing sensitive data. This episode provides a comprehensive look into the foundational aspects of data security and offers practical advice for organizations to enhance their data protection efforts.   Takeaways: Prioritize Visibility First: Before implementing controls or buying tools, ensure you have a clear understanding of what data you have, where it resides, and how it flows within your organization.Clarify Data Governance vs. Data Stewardship: Define clear roles. Governance sets the policies and rules; stewardship ensures those rules are applied consistently. Foster communication and cooperation between these groups.Start Small and Scale: Don’t try to solve everything at once. Tackle visibility and controls in manageable pieces. Focus on a subset of data or a specific business unit to build momentum.Engage Stakeholders Across the Business: Involve HR, Legal, IT, and business units early to ensure policies are practical and have buy-in. Encourage open dialogue rather than top-down mandates.Understand and Plan for Resource Needs: Assess the people, time, and budget required for data security initiatives before launching. Avoid overburdening staff with too many roles; dedicate resources where possible.Document Decisions and Processes: Track inputs and outputs from governance meetings and policy changes for audit and continuous improvement.Anticipate and Manage Tool Sprawl: Regularly review existing tools for effectiveness and eliminate redundant or unused solutions. Don’t assume swapping tools will solve underlying process or visibility issues.Quote of the Show: “What we're talking about here is not visibility, just from putting in a DLP tool. We're also talking about business: having those conversations between real humans to get a sense for what's going on.” - Lance FischerLinks: LinkedIn: https://www.linkedin.com/in/lance-fischer-a0301219/ Website: https://www.guidepointsecurity.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  4. The 5 Pillars of Data Protection - Trevor Dolan - Guardians of the Data - Episode #4

    AUG 21

    The 5 Pillars of Data Protection - Trevor Dolan - Guardians of the Data - Episode #4

    How can cybersecurity professionals balance both the regulatory requirements and the fundamentals of data protection? Today, Trevor Dolan, Cyber Security Executive Advisor at NinjaJobs, shares insights on balancing regulatory compliance with the fundamentals of data protection, designing holistic data protection programs, and the importance of strategic planning. He delves into the five main areas of developing data protection organizations: governance and leadership, risk assessment, policies and procedures, training and awareness, and team and organizational structure. Trevor also offers practical advice for young professionals starting in the field and discusses the significance of building trustworthy relationships with stakeholders. For organizations facing budget and hiring challenges, he suggests prioritizing top-risk areas and leveraging existing resources effectively. The episode concludes with Trevor reflecting on his career journey and sharing his contact information for further connection.   Takeaways: Establish Strong Governance and Leadership: Build a solid foundation by defining the scope of your data protection program.Conduct a Comprehensive Risk Assessment: Use frameworks like NIST CSF or CIS Controls to assess your current state and maturity. Be honest about gaps and deficiencies; use data to drive consensus and prioritize improvements.Develop and Maintain Clear Policies and Procedures: Ensure policies map directly to regulatory, legal, and contractual requirements. Create a hierarchy: policies, procedures, standards, and control implementation patterns.Invest in Targeted Training and Awareness: Go beyond generic security training; provide specific modules for privacy, incident management, and data protection. Reinforce training with assessments that encourage critical thinking, not just box-checking.Be Flexible and Resourceful with Budget and Staffing: If faced with budget or hiring freezes, focus on top-priority risks and use available tools creatively (“gold, silver, bronze” approach).Use Data to Drive Decisions and Build Consensus: Bring objective data to stakeholder discussions to resolve disagreements and focus on solving real problems.Continuously Improve and Adapt: Treat your data protection program as a living, evolving effort. Regularly revisit your risk assessments, policies, and training to ensure they remain effective and aligned with business objectives.Quote of the Show: “Make sure that those expectations are well communicated, but do it in a way that helps them to really incorporate that in their day-to-day so that they feel empowered as far as protecting the organization's data, and they feel part of the mission.” - Trevor DolanLinks: LinkedIn: https://www.linkedin.com/in/trevor-dolan-91a1ab12/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    1 hr
  5. From Tech to Team: People, Culture, Technology - Rick McElroy - Guardians of the Data - Episode #3

    AUG 14

    From Tech to Team: People, Culture, Technology - Rick McElroy - Guardians of the Data - Episode #3

    What are the people concerns when it comes to cybersecurity? Today Ward welcomes seasoned security veteran and CEO of Nexasure, Rick McElroy. Rick, with over 25 years of experience in cybersecurity, shares his insights on the primary challenges organizations face in data security, focusing on the often-overlooked human and cultural elements. He emphasizes the importance of education, awareness, and the need for a balanced investment between technology and people. Rick also delves into the dynamics of cross-generational training and the impact of organizational culture on security programs. Additionally, he shares his personal journey in cybersecurity, discusses the significance of continuous learning and volunteering, and offers advice for individuals looking to enter or advance in the field. The episode highlights the need for a holistic approach to data security that includes both technological solutions and human factors.   Takeaways: Prioritize People and Culture in Security: Invest in security awareness and education at all levels of the organization, not just in technology.Engage Leadership Early: Start security conversations at the highest levels (C-suite) to ensure buy-in and proper governance. Clarify who is responsible for risk and ensure decision-makers are educated on security issues.Balance Technology with Human Factors: Don’t rely solely on technical solutions; consider how changes impact people and workflows. Design security controls and processes with end users in mind to minimize friction and maximize adoption.Invest in Prevention and Smart Tooling: Focus on effective, well-managed controls rather than constantly switching tools. Choose vendors and solutions that can scale with your organization and minimize switching costs.Tailor Security Training to Your Audience: Use multimodal training approaches (video, experiential, written) to reach different generations and learning styles.Support Career Growth and Entry into Cybersecurity: Take advantage of free vendor training and volunteer opportunities to gain experience.Quote of the Show: “What I'm actually interested in is a change in behavior to the positive, even if that's a tiny thing that one user does that's more secure than it was yesterday.” - Rick McElroyLinks: LinkedIn: https://www.linkedin.com/in/rickdecrypts/ Website: https://nexasure.ai/ Ways to Tune In: Transistor: https://guardiansofthedata.show/ Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  6. Ensuring Business Alignment in Data Security - Rick DeLoach - Guardians of the Data - Episode #2

    AUG 7

    Ensuring Business Alignment in Data Security - Rick DeLoach - Guardians of the Data - Episode #2

    How can you protect your data if you don’t know where it is? The answer is you can’t. Rick DeLoach, Deputy CISO at ADT, joins Ward on this week’s episode to discuss the crucial aspects of data security and governance. Rick shares his two decades of experience in the field, emphasizing the importance of data discovery, classification, and the implementation of structured programs involving process, policy, and technology. The conversation also covers the challenges of integrating AI technologies within organizations and the significance of ongoing business alignment to enhance security practices. Lastly, Rick's journey from finance student to cybersecurity leader offers valuable insights and advice for aspiring professionals in the field.   Takeaways: Start with Data Discovery and Classification: You can't protect what you don't know you have. Begin by inventorying and classifying your data assets.Establish Strong Governance and Policy Frameworks: Before investing in technology, ensure you have clear, organization-wide policies and processes for data handling and security.Align Security with Business Needs: Engage business stakeholders to understand what data is most critical, why it matters, and the impact if it’s lost or exposed.Educate and Partner with Business Users: Move from being the “department of no” to a partner that educates and collaborates with business units on secure data practices.Be Proactive, Not Reactive: Build and maintain a data inventory to enable rapid response and assessment in the event of a breach or incident.Balance Innovation and Security: Embrace new technologies like AI, but ensure their use is governed by clear policies and risk assessments.Stay Adaptable: The security landscape changes rapidly—be ready to adjust your approach as new challenges and technologies emerge.Quote of the Show: “You don't know how to protect something if you don't know what it is and where it's at.” - Rick DeLoachLinks: LinkedIn: https://www.linkedin.com/in/rdeloach/ Website: https://www.adt.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/ Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    42 min
  7. The Human Element of Data Security - Luis Valenzuela - Guardians of the Data - Episode #1

    JUL 31

    The Human Element of Data Security - Luis Valenzuela - Guardians of the Data - Episode #1

    How can simplifying your data governance strategy revolutionize your security posture? In the inaugural episode of Guardians of the Data, host Ward Balcerzak sits down with Luis Valenzuela, Director of Data Governance and Data Loss Prevention at InComm Payments. Luis, who brings two decades of cybersecurity experience, dives into the often-overlooked fundamentals of data security. Discover why understanding and categorizing your most critical data is paramount, how robust governance can transform your approach, and the strategic role of tools in a well-defined process. Luis also shares his inspiring journey from Colombia to becoming a cybersecurity leader, highlighting the power of hard work, resilience, and cultivating strong relationships and processes. Takeaways: Prioritize Data Governance: Establish clear data governance frameworks that are practical and actionable. Avoid lengthy, complicated documents that no one will read.Simplify Data Classifications: Reduce complex data categories into a smaller number of easily understandable types. This helps with better adherence across the organization.Combine Tools with Processes: Utilize both technological tools and well-defined processes to manage data security effectively. Tools should complement your strategic planning and governance efforts.Training and Awareness: Regularly educate and train employees about data security policies and procedures. Tailor this training to specific departments to make it relevant and practical.Document Sensitivity: Label and classify data accurately to ensure that sensitive information is appropriately protected according to its level of sensitivity.Foster Trust: Collaborate with different teams and leaders to build trust. This eases the implementation of security measures and reduces the typical friction between security teams and business units.Focus on People and Relationships: Invest time in understanding the needs and operations of different departments. Effective data security is as much about relationship management as it is about technical measures.Quote of the Show: “The emphasis is on process. The more I work in cyber, I realize that's what we need to work more on.” - Luis ValenzuelaLinks: LinkedIn: https://www.linkedin.com/in/luisvalenzuela28323623/ Website: https://www.incomm.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/ Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
  8. Guardians of the Data Trailer!

    JUL 15

    Guardians of the Data Trailer!

    Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

    26 sec

Trailer

Ratings & Reviews

5
out of 5
3 Ratings

About

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

Information

  • Creator
    Ward Balcerzak
  • Years Active
    2K
  • Episodes
    8
  • Rating
    Clean
  • Copyright
    © 2025 Ward Balcerzak
  • Show Website
    Guardians of the Data