Guardians of the Data

Ward Balcerzak

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

  1. Where Are Your Crown Jewels? - Tony Schimizzi - Guardians of the Data - Episode #45

    1d ago

    Where Are Your Crown Jewels? - Tony Schimizzi - Guardians of the Data - Episode #45

    What if someone asked you right now where your most sensitive data lives? Most organizations would struggle to give a confident answer. In this episode, Tony Schimizzi draws on years of consulting experience to make a point that cuts to the core of modern data security: this is no longer just a cybersecurity problem. It has become a large-scale business operations and governance challenge. Tony breaks down why data sprawl across SaaS products, cloud apps, and collaboration tools has made it nearly impossible for most companies to know where their data is, let alone where the crown jewels are and how well they are protected. Takeaways:~ Do the Fundamentals First: Asset management, visibility, access control, data classification. These have not changed, and they will not. Most breaches happen because the basics were not in place.~ Security Is a Double Negative: IT can point to uptime as value. Security cannot point to revenue. Understanding that dynamic and learning to communicate in KPIs and measurable outcomes is how security teams earn their seat at the table.~ Say Yes, And: The most effective security professionals are not the ones saying no. They find the compensating control that lets the business move forward safely. Never no, but. Always yes, and.~ Build a Risk Council: Instead of having security engineers fight business decisions above their pay grade, bring the right leaders together: CISO, IT, HR, marketing, legal. Let them hash it out. Decisions made there carry weight decisions made at the engineer level never will.~ If It Matters, It Should Be Measurable: KPIs taken to the board quarterly, along with examples of incidents that did not escalate because controls were in place, are how security teams demonstrate value without a direct revenue line.~ Understand How the Business Makes Money: Before you can evaluate risk, you need to know what the business actually runs on. If your initiative would slow down the revenue engine, you need to know that going in.~ Take Risks When You Are Young: Professionally and personally, the window to experiment, grind, and separate yourself is in your 20s. It is easier to course correct early than to try to change direction later. Quote of the Show:"Companies no longer fully understand or control identity, access, and the data movement across their environments." Tony Schimizzi Links:~ LinkedIn:https://www.linkedin.com/in/anthony-schimizzi-cissp-ccsp-cism-issap-045b7a82/ Ways to Tune In:~ Transistor: https://guardiansofthedata.show/  ~ Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ ~ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 ~ Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data~ iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/~ YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    45 min
  2. Classify First, Secure Everything Else - Cory Zaner - Guardians of the Data

    May 28

    Classify First, Secure Everything Else - Cory Zaner - Guardians of the Data

    What's your biggest data security blind spot? Today's guest, Cory Zaner, Senior Enterprise Architect for critical infrastructure and trusted advisor to executive leaders, joins Ward to discuss why organizations continue to struggle with data security fundamentals, and what it actually takes to fix them. With over 20 years of experience across energy, manufacturing, and defense industries, Cory draws on his military background, time at Raytheon, and hands-on work in OT/ICS environments to break down the data security challenges most organizations are still getting wrong. Takeaways: Start with Data Classification, Not Tools: Before reaching for the latest shiny object, organizations need to define their data tiers. Cory recommends aligning to an established framework like NIST, then mapping your tiers to a simple color-coded system,red, yellow, green, so users can actually act on it.Keep It Simple: Over-complicated classification schemes with 10–20 tags and sub-tags are a recipe for failure. If your users need a secret decoder ring to understand how to classify data, the program has already failed.The Data Owner Classifies the Data: Not IT. Not the tool. The person who knows what the data is worth is the one who should be tagging it. Technology can assist, but it can't make that judgment call for you.Align to a Framework, Then Scope It: Whether it's NIST, ISO, or another standard, anchoring your program to an established framework takes the argument off the security team's plate. You're not asking people to trust your ideas; you're pointing to an industry consensus.Start with Unstructured Data First: Cory recommends beginning with your M365 or G Suite environment, where user-generated content lives, before tackling structured data like SQL databases. That's where the real user behavior risk is.Build the Right Committee: Data classification can't live in a security silo. Legal, privacy, and HR are essential early partners. Build a governance committee with real ownership, not just initial enthusiasm that fades after the first few meetings.Quote of the Show:"Garbage in, garbage out. AI can make things prettier, but we cannot change the mindset of people with technology.” - Cory Zaner Links: LinkedIn: https://www.linkedin.com/in/cory-zaner/Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    36 min
  3. Navigating the Data Maze - Brian Cherry - Guardians of the Data - Episode # 43

    May 21

    Navigating the Data Maze - Brian Cherry - Guardians of the Data - Episode # 43

    What data do you have, where does it live, and who has access to it? These three questions sit at the heart of every data security challenge and according to Brian Cherry, most organizations still can't answer them.  In this episode, Brian, a Global Director of Information Security with over 20 years in cybersecurity, joins Ward to dig into the sprawling reality of data security: why data never stays where you think it does, how shadow IT and bad governance quietly create massive exposure, and why AI is raising the stakes on all of it.  Brian also shares how curiosity, mentorship, and asking the right questions shaped his entire career and why those same instincts are the most powerful tools any security professional can have.   Takeaways: Know your data before you protect it. You can't secure what you can't find. Start by asking four foundational questions: What data needs protection? Where does it live? Have you truly looked everywhere? And who has access and how did they get it? These questions sound simple, but most organizations haven't fully answered any of them.Act like an investigative journalist when talking to the business. Going into stakeholder conversations without pretending to have all the answers actually gets you further. When people feel like they're teaching you, they open up and that's when you learn where the real data risks are hiding.Governance isn't sexy, but it's where the real power is. Red team exercises find problems, but governance is what actually prevents them. Policies, controls, and proper data classification programs are what keep businesses from accidentally creating their own worst security incidents.AI is amplifying your existing data problems, not creating new ones. If sensitive data is scattered in shared directories, staging environments, or forgotten backups, any AI tool with access to it becomes a liability. Getting AI-ready means solving the fundamentals first classification, access control, and visibility.Find a mentor, and be one. A mentor who pushes you to understand the business side of security, not just the technical side, can completely change your trajectory. And when you've made it, look back. The best investment you can make in the profession is helping someone else ask the next question.Quote of the Show: "If you don't ask questions, you're never going to know the answer. That's where my career started, and it's still the most powerful tool I have." - Brian CherryLinks: LinkedIn: https://www.linkedin.com/in/cherrybrian/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    47 min
  4. Fighting AI Risk with AI - Kevin Feck - Guardians of the Data - Ep #42

    May 14

    Fighting AI Risk with AI - Kevin Feck - Guardians of the Data - Ep #42

    What would happen if your AI searched all your data right now? Today’s guest, Kevin Feck, Director of Data Protection and Security Architect, joins Ward to unpack how AI is reshaping the data security landscape. With over two decades in cybersecurity, Kevin shares why the industry’s long-standing challenges of data classification, access control, and visibility have suddenly become urgent in the age of AI. From the risks of copilots and LLMs to the reality of “AI readiness,” this conversation dives into what organizations are getting wrong and how to fix it. Kevin also breaks down why trying to “boil the ocean” with data security initiatives often fails, how to scope efforts effectively, and why security teams must evolve from perceived roadblocks to true business enablers.   Takeaways: Classify Your Data Before Connecting AI to It: AI tools like Copilot can instantly surface sensitive data that used to take weeks to find manually. Granular, contextual data classification is the foundation.Correlate Sensitive Data With Permissions: Knowing where your sensitive data lives isn't enough. Lock it down to authorized users so AI agents can only access what they should.Fight AI with AI: Regex based DLP tools are no longer sufficient. Invest in AI powered data security that can understand context, not just patterns.Build an AI Governance Program: Get lawyers, procurement, security, and technical staff aligned on what "AI" actually means in each vendor contract. Not all "AI" is equal.Treat User Education as a Core Security Control: No tool is 100% effective without trained users. Ongoing security awareness training is essential to make data classification stick culturally.Prioritize "Better Together" over a single pane of glass fantasy: No one tool covers every environment perfectly. Integrated tooling with shared intelligence is more effective than waiting for a perfect unified solution.Hire For Passion, Not Just Credentials: In a field evolving daily, someone deeply motivated to do the right thing will outperform a technically skilled person who is just checking boxes.Quote of the Show:“It’s always been about the data. Tell me what that data is and I’ll tell you how much I have to care about it.” - Kevin Feck Links: LinkedIn: https://www.linkedin.com/in/kevin-feck-756ab91/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    44 min
  5. AI Governance: Navigating the Speed of Change - Sweeney Williams - Guardians of the Data - Ep #41

    May 7

    AI Governance: Navigating the Speed of Change - Sweeney Williams - Guardians of the Data - Ep #41

    How can organizations govern AI responsibly when the technology (and the risks) are evolving faster than ever? In this episode of Guardians of the Data, Ward sits down with Sweeney Williams, Head of Responsible AI, to unpack the biggest challenge facing data security today ... speed. With over 20 years of experience spanning cybersecurity, privacy, and AI governance, Sweeney shares how the rapid acceleration of AI is reshaping everything from geopolitical competition to regulatory approaches and security threats. What once felt like a manageable evolution now demands constant adaptation, forcing organizations to rethink how they govern, secure, and deploy AI in real time. The conversation explores why traditional approaches to regulation and risk management are struggling to keep up, how bad actors are leveraging AI to scale attacks, and why organizations can’t afford to wait for clarity before taking action. Sweeney also outlines practical steps for building a strong AI governance foundation, emphasizing the importance of fundamentals like data governance, transparency, and cross-functional collaboration.   Takeaways: Speed is the Defining Challenge of AI. AI isn’t just evolving quickly. It’s forcing rapid change across regulation, geopolitics, and security. Organizations are struggling to keep pace with constant shifts in capabilities and expectations.Regulation is Lagging and May Stay That Way. Global attitudes toward AI regulation have shifted dramatically, with many regions prioritizing innovation and competitiveness over strict governance.AI is Amplifying Security Risks. Bad actors are using AI to launch more sophisticated and scalable attacks, lowering the barrier to entry and increasing the pressure on security teams.Fundamentals Still Matter! Strong data governance, transparency, access controls, and bias mitigation remain essential, even as the technology evolves.You Can’t Wait for Clarity! Organizations that delay action until regulations stabilize risk falling behind. The best time to build AI governance is now.Third party AI Risk is a Growing Blind Spot. Vendors are rapidly embedding AI into their products, often without clear visibility, making third party risk management more complex than ever. Quote of the Show: “The best time to plant your AI governance tree… is right now.” - Sweeney WilliamsLinks: LinkedIn: https://www.linkedin.com/in/sweeney-williams-00762564/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    38 min
  6. AI Is a Tsunami: Why Teams Are Playing Catch-Up - Ben Rothke - Guardians of the Data - Episode #40

    Apr 30

    AI Is a Tsunami: Why Teams Are Playing Catch-Up - Ben Rothke - Guardians of the Data - Episode #40

    Are security teams already behind on AI? And what does it take to catch up? In this episode of Guardians of the Data, Ben Rothke joins the show to break down the biggest data security challenges facing organizations today and why many of them are harder to solve than ever before. With over 30 years in cybersecurity, Ben shares a grounded perspective on how the landscape has evolved from simpler perimeter-based models to today’s world of data sprawl, AI-driven threats, and overwhelming complexity. He explains why AI isn’t just another trend, but a “tsunami” that’s fundamentally changing how both attackers and defenders operate. The conversation dives into why so many organizations are playing catch-up, how shadow IT and poor foundations create long-term risk, and why the most dangerous security problems can’t be solved with a single tool or quick fix. Ben also offers practical guidance on how teams can approach AI more responsibly, starting with clear use cases, strong guardrails, and embedding security from the very beginning.   Takeaways: Get Security Involved From the Start: Before deploying any new technology, especially AI, loop in information security from day one. Don't retrofit security after the fact; it's far more costly and risky.Define Your Use Case Before Buying Tools: Ask "What is my problem, and how will this tool solve it?" Don't buy enterprise AI or security tools because they're on the Gartner Hype Cycle. Start with a clearly defined use case.Create AI Policies and Guardrails Now: If your organization hasn't done it yet, immediately establish policies and processes governing how AI tools can be used: what data can be entered, by whom, and under what conditions.Document Before You Deploy: Create detailed design documents for any AI or IT system before rollout, covering use cases, security controls, privacy controls, and support plans. Undocumented "shadow IT" becomes tomorrow's critical vulnerability.Address Data Sprawl Proactively: Inventory where your data lives across servers, cloud, mobile, and third-party vendors. You can't protect what you don't know you have.Take Third-Party Supply Chain Risk Seriously: Even a single weak vendor can expose massive amounts of data. Vet your software supply chain rigorously.Quote of the Show: “In the last year and change, the challenge of AI has just been a tsunami.” - Ben RothkeLinks: LinkedIn: https://www.linkedin.com/in/benrothke/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    42 min
  7. The Unstructured Data Problem Not Yet Solved - Brent Bigelow - Guardians of the Data - Episode #39

    Apr 23

    The Unstructured Data Problem Not Yet Solved - Brent Bigelow - Guardians of the Data - Episode #39

    How much of your company’s data is completely unknown? And what risk is it creating? In this episode, Ward sits down with Brent Bigelow: security consultant, President of the Charlotte ISSA, and a cybersecurity veteran with nearly four decades of experience. They unpack one of the most persistent and overlooked challenges in data security: unstructured data. Brent shares why unstructured data remains the “wild west” of security, how it quietly grows through everyday business operations, and why most organizations still struggle to get their arms around it, especially in the context of mergers and acquisitions. The conversation explores how “shadow business” contributes to data sprawl, why traditional approaches like classification and DLP fall short, and how the rise of AI is accelerating both the risk and complexity of managing unknown data. Brent also reflects on his career journey from the pre-internet era to today’s AI-driven landscape, offering hard-earned lessons on sustainability, leadership, and staying curious in a rapidly evolving field.   Takeaways: Audit Your Unstructured Data: You can't protect what you don't know you have. Dedicate a formal project to discovering, cataloging, and classifying unstructured data across your organization, especially after mergers and acquisitions.Establish and Enforce a Data Governance Policy: Policy is the "stake in the sand." Define where data should live, in what formats, and who owns it. Without written policy, you have nothing to point to when a breach or compliance issue surfaces.Watch Out For "Shadow Business," Not Just Shadow IT: Business units are storing data in unauthorized places just as often as rogue IT does. Extend your data governance conversations beyond IT to include business unit leaders.Control Privilege and Access as People Leave: When employees move on, they often take data access, or even the data itself, with them. Enforce least-privilege and revoke access promptly at offboarding.Treat AI Ingestion of Unstructured Data as a Risk: If your organization is deploying Copilot, generative AI, or any LLM that touches internal data, understand what unstructured data it's consuming. Garbage in, garbage out, and the "garbage" could be sensitive or regulated data.Don't Let Duplicate Data Pollute Your AI Models: Version control and de-duplication matter more now than ever. Unmanaged duplicates degrade AI output quality and can introduce conflicting or outdated information into critical workflows.Know Your Data Classification Framework and Actually Use It: Internal use, confidential, public. Make sure employees understand how to label data and where each classification belongs. Quote of the Show: “Unstructured data is no different than the ocean: it just keeps rising.” - Brent Bigelow Links: LinkedIn: https://www.linkedin.com/in/brent-bigelow-02b7791/ Website: https://www.charlotteissa.org/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    45 min
  8. Using AI to Solve the Data Visibility Problem - Andrew Wilder - Guardians of the Data - Episode #38

    Apr 16

    Using AI to Solve the Data Visibility Problem - Andrew Wilder - Guardians of the Data - Episode #38

    What if your DLP tool is slowing your business down instead of protecting it? In this episode, Andrew Wilder shares why traditional data loss prevention (DLP) programs have struggled to deliver real value, and what needs to change in an AI-driven world. Drawing from decades of experience leading security programs at global organizations, he breaks down the core challenge most teams still face: relying on humans to classify and manage massive volumes of data simply doesn’t scale. The conversation explores how AI is reshaping data security, from automatically identifying sensitive data to reducing false positives and improving visibility across the organization. Andrew also explains why security should act as an enabler, not a blocker, and how CISOs can prioritize the right investments while balancing risk and business needs. If you’re rethinking your approach to data security, AI, or DLP, this episode offers a practical look at what’s working, what isn’t, and where the future is headed.   Takeaways: Stop Relying on Humans to Classify Your Data: Manual data classification fails at scale. Invest in AI-powered DSPM tools that automatically crawl, catalog, and classify sensitive data across your environment.Use Just-In-Time Popups to Change User Behavior: Real-time prompts asking users to justify unusual data movement are more effective than blocking controls. They create accountability, generate valuable intel, and shift culture without requiring a large team to chase false positives.Think of Security as an Enabler, Not a Blocker: Present risks with options and let the business decide their risk appetite. Your job is to inform, not to dictate. Frame security like brakes on a Formula 1 car: they let you go faster safely.Look at AI From Three Angles: How is the business using it (and how do you secure that)? How are attackers using it? How can your security team use AI agents to do more with finite resources?Build a Team of "Bot Masters": Use AI agents to automate repetitive tasks (SOC L1 triage, GRC forms, legacy account cleanup, third-party risk). Free your human talent for higher-value, strategic work.Reassess Your Security Posture At Least Every 90 Days: The risk landscape changes fast (new AI models, zero-days, etc.). Your 3-year roadmap should be a living document, not a static plan. Quote of the Show: “Your job as a CISO is to be kind of a ruthless prioritizer.” - Andrew Wilder Links: LinkedIn: https://www.linkedin.com/in/apwilder/ Website: https://cybersecurityintheboardroom.com/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    39 min
See All (46)

Trailer

Ratings & Reviews

5
out of 5
3 Ratings

About

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

Information

  • Creator
    Ward Balcerzak
  • Years Active
    2025 - 2026
  • Episodes
    46
  • Rating
    Clean
  • Copyright
    © 2026 Ward Balcerzak
  • Show Website
    Guardians of the Data