Guardians of the Data

Ward Balcerzak
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED WEEKLY

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

  1. Why Least Privilege Fails (And How to Fix It) - Sanjeev Kumar - Guardians of the Data - Episode #30

    17H AGO

    Why Least Privilege Fails (And How to Fix It) - Sanjeev Kumar - Guardians of the Data - Episode #30

    What happens when your AI system has more access to your data than your employees (and you don’t even know it)? Sanjeev Kumar, Senior Global AI & Data Protection Lead at Amazon Web Services, joins Ward on the podcast today for a deep dive into the real risks organizations face as AI moves from experimentation to production. With more than 20 years of cybersecurity experience and a career that spans the rise of cloud computing to today’s AI transformation, Sanjeev shares what organizations consistently get wrong about data governance, ownership, least privilege, and AI deployment. This is not a high-level “AI is risky” discussion. It’s a tactical breakdown of what security leaders must implement now to avoid regulatory, reputational, and operational fallout.   Takeaways: Start with Data Classification and Inventory: Understand the types of data you have (sensitive, regulated, or intellectual property) and where they reside before implementing any controls.Establish Clear Data Ownership and Stewardship: Define who owns the data (business leaders), who manages it daily (data stewards), and who maintains the infrastructure (IT custodians). Everyone must understand their responsibilities.Never Let Temporary Become Permanent: When moving data to interim storage solutions, ensure proper controls are in place. Temporary shortcuts often become permanent security gaps.Always Experiment in Isolated Environments: Start with black-box environments using synthetic data first. Never expose experimental AI systems to production or public networks.Implement Dynamic, Behavior-Based Access Controls: Move beyond traditional RBAC to access controls that adapt based on actual behavior patterns, not just historical permissions.Understand Both Financial and Non-Financial Risks: Reputational damage, regulatory scrutiny, and loss of customer trust often outweigh direct financial penalties.Live in the Future: Anticipate what will matter in 4-5 years and start learning it today. Position yourself where the industry is heading, not where it is now. Quote of the Show: “Vendor can be replaced, trust cannot be.” - Sanjeev Kumar Links: LinkedIn: https://www.linkedin.com/in/trusted-ai-ciso/ Website: https://aws.amazon.com/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    53 min
  2. Stop Talking Tech and Start Talking Business - Joshua Copeland - Guardians of the Data - Episode #29

    FEB 12

    Stop Talking Tech and Start Talking Business - Joshua Copeland - Guardians of the Data - Episode #29

    Is leadership the real reason data security keeps breaking down? In this episode of Guardians of the Data, host Ward Balcerzak sits down with Joshua Copeland, Director of Cybersecurity at Crescendo. With more than 25 years of experience across IT, cybersecurity, and government, Joshua brings a refreshingly honest perspective: most security failures don’t come from bad tools; they come from misaligned leadership, misunderstood business risk, and security teams operating in a vacuum. Throughout the conversation, Joshua breaks down why cybersecurity professionals must stop speaking only in technical terms and start translating risk into real business impact, from revenue and operations to productivity and customer trust. The discussion also dives deep into AI and data security, where Joshua argues that AI hasn’t introduced new risk, but simply exposes the risks organizations have ignored for years. From shadow AI and data leakage to prompt engineering and governance, this episode offers practical guidance for security leaders trying to keep up with reality.   Takeaways: Learn to Speak Business, Not Just Tech: Cybersecurity professionals need to translate technical risks into business impact.Build Cross-Functional Relationships Early: Understand how your security decisions impact productivity and workflows. Talk to operations teams before implementing security controls.Avoid Building Solutions in a Vacuum: Don't create security controls based solely on frameworks or "best practices".Network Relentlessly: Attend local B-Sides and regional conferences (cheaper than RSA) and join local cyber clubs and professional chapters.Focus on What Actually Protects Your Business: Prioritize vulnerabilities based on your environment, not just severity scores. Understand your critical business processes and protect those first.Say Yes to New Opportunities: Joshua's career advice: volunteer for things outside your comfort zone. Non-traditional paths often lead to the most interesting opportunities.Quote of the Show: “ We're really, really good at technology. We really suck at business, and that's where we fall flat.” - Joshua CopelandLinks: LinkedIn: https://www.linkedin.com/in/joshuacopeland/ Website: https://www.crescendo.ai/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    41 min
  3. Future-Proofing Cybersecurity Talent - Marlene Dehart - Guardians of the Data - Episode #28

    FEB 5

    Future-Proofing Cybersecurity Talent - Marlene Dehart - Guardians of the Data - Episode #28

    Are we solving the cybersecurity talent problem the wrong way? The cybersecurity industry has no shortage of open roles, yet thousands of capable candidates still can’t land their first job. In this episode of Guardians of the Data, Ward Balcerzak sits down with Marlene DeHart, cybersecurity executive, advisor, and Air Force Reserve veteran, to explore why the problem isn’t a lack of interest or intelligence; it’s how the industry defines experience. Drawing on more than 20 years across enterprise security, internal audit, military cyber operations, and emerging technologies like Web3 and AI, Marlene argues that cybersecurity needs to be treated more like a trade: skills-first, mentor-led, and learned through real-world practice, not just certifications and degrees.   Takeaways: Seek Mentorship Actively: Find experienced professionals who can guide your career development and commit to mentoring others once you gain experience, creating a reciprocal learning ecosystem.Participate in Hands-On Challenges: Join hackathons, capture-the-flag events, and collaborative technical challenges to demonstrate real-world skills beyond what certifications alone can show.Build a Skills Portfolio: Create tangible demonstrations of your work that showcase your abilities to potential employers, moving beyond traditional resumes to include actual project examples and problem-solving evidence.Apply Fundamentals to New Technologies: Bridge your existing cybersecurity knowledge to emerging technologies like AI, blockchain, and Web3 by applying core principles you already understand to new contexts.Establish Reskilling Pathways: Companies should build structured programs to help existing employees transition when business direction or technology stacks change, rather than leaving team members behind.Gamify Learning Experiences: Make skills development engaging through scenario-based training, real-world simulations, and competitive challenges that mirror actual workplace situations. Quote of the Show: “ Once you're skilled, you have to keep reskilling. You have to upskill.” - Marlene DehartLinks: LinkedIn: https://www.linkedin.com/in/marleneveum/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    43 min
  4. Data Security in Critical Infrastructure - Arturo Santos - Guardians of the Data - Episode #27

    JAN 29

    Data Security in Critical Infrastructure - Arturo Santos - Guardians of the Data - Episode #27

    What happens when the systems that move people and power our world aren’t secure? In this episode of Guardians of the Data, host Ward Balcerzak sits down with Arturo Santos, Director of Cybersecurity Architecture at Amtrak, to explore the growing risks facing operational technology (OT), the realities of protecting critical infrastructure, and why data governance, AI, and industry collaboration are no longer optional. With more than 30 years of experience in IT and cybersecurity, Arturo shares real-world insights from the rail industry, discusses why legacy data retention practices are putting organizations at risk, and explains how modern cyber-physical systems are reshaping security priorities across transportation, energy, and other critical sectors. Takeaways: Implement Strict Data Retention Policies: Organizations must establish clear guidelines for data retention and storage. Develop retention schedules based on legal requirements, business needs, and industry best practices, then enforce them rigorously.Treat Employee Data with Equal Priority as Customer Data: Many organizations focus heavily on protecting customer information while overlooking employee data. Your employees deserve the same level of protection you provide to your customers.Adopt a Data Custodianship Mindset: Shift how your organization thinks about personal information. Always remember that the data belongs to the individual, and your organization is merely a temporary steward.Monitor Threats Across Your Entire Supply Chain: Your organization doesn't operate in a vacuum. Stay informed about security incidents, vulnerabilities, and attack patterns across your industry and related sectors.Engage with Industry Standards Development: Participate in the creation and refinement of security standards for your sector. Your expertise and real-world experience can help shape standards that are both effective and practical.Leverage Collaborative Threat Intelligence Sharing: A collaborative approach provides visibility into threats you might never see coming from your own network alone. The key is moving from isolated security operations to participating in a broader intelligence ecosystem.Quote of the Show: “ I started working in cybersecurity because I am passionate about protecting my data. I see it as a consumer .” - Arturo SantosLinks: LinkedIn: https://www.linkedin.com/in/-arturo-santos/ Website: https://www.amtrak.com/home Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    46 min
  5. Securing Data in the Age of AI - Frank Depaola - Guardians of the Data - Episode #26

    JAN 22

    Securing Data in the Age of AI - Frank Depaola - Guardians of the Data - Episode #26

    Is your data security strategy still focused on where your data lives, or have you evolved to protect it where it flows? Ward sits down with Frank DePaola, Vice President and CISO at EnPro and recipient of the 2025 Top Global CISO award. With over 25 years of experience in cybersecurity, Frank shares a masterclass on navigating the complexities of modern data security, from the "data sprawl" of the AI era to the unique challenges of maintaining security during aggressive M&A cycles.  The conversation dives deep into the realization that "data is the new currency of business," which has led organizations to accumulate petabytes of information that become increasingly difficult to manage. Frank explains why the state of your data directly impacts the success of AI initiatives and why security leaders must transition from a static mindset to one that secures data in motion, especially as it leaves the organization's physical purview through cloud services and subcontractors.   Takeaways: Build Or Update Your Data Retention Policy: Work collaboratively with business units to understand their actual needs and regulatory requirements, not arbitrary timeframes.Leverage Community Expertise: Reach out to industry peers or hire consultants who've implemented programs before; don't reinvent the wheel.Shift From Static to Dynamic Protection: Move beyond securing data only where it resides; focus on securing data in motion and throughout its lifecycle.Consolidate Your Tools: Look for comprehensive platforms that integrate DLP, DSPM, and AI governance rather than managing multiple point solutions.Gather Complete Requirements Upfront: Avoid point solution sprawl by thoroughly vetting all use cases before making technology investments.Build a Risk-Based Roadmap: Connect tactical initiatives directly to organizational strategic objectives, so teams understand how their work impacts the business.Quote of the Show: “Data is the new currency of business.” - Frank DepaolaLinks: LinkedIn: https://www.linkedin.com/in/frankdepaola/ Website: https://www.enpro.com/overview/default.aspx Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    41 min
  6. Addressing the Data Everywhere and No Map Issue - Antonio Taylor - Guardians of the Data - Ep #25

    JAN 15

    Addressing the Data Everywhere and No Map Issue - Antonio Taylor - Guardians of the Data - Ep #25

    What happens when security leaders stop talking tech and start speaking the language of the business? In this episode, author and VP of IT for Mission Healthcare, Antonio Taylor, reveals why modern security success has less to do with tools and everything to do with building trust, curiosity, and true business partnerships. Antonio brings 25+ years of experience in enterprise IT leadership, data security, and organizational transformation. He’s seen behind the curtain of data sprawl, shadow SaaS, M&A chaos, and the cultural friction that often exists between business units and cybersecurity teams. Antonio shares how security leaders can shift from “the department of no” to trusted business partners by staying curious, building relationships, and speaking the language of the business rather than the language of technology. Takeaways: Become a True Business Partner: Learn how your company makes money and frame security as an accelerator, not a barrier.Build Trust Before You Need It: When business units trust you, they'll involve you in decisions before purchasing tools or implementing solutions.Make Security Part of the Culture: Transform employees into your "biggest firewall" by making them security partners.Offer Alternatives: Instead of blocking tools, find secure alternatives that meet their needs (like suggesting Copilot instead of ChatGPT).Create a "Life Resume": Document all your accomplishments, not just job-related ones, to combat imposter syndrome and recognize your inherent skills.Embrace AI as an Enhancement Tool: Use AI to advance your capabilities, not replace them.Listen for Pain Points: Proactively identify business problems and propose secure solutions before they go rogue. Quote of the Show: “Security, we’re the bad people. We’re the ones who tell you no all the time, and I think that’s a myth that has to be shot down.” - Antonio Taylor Links: LinkedIn: https://www.linkedin.com/in/antoniodtaylor/ Website: https://www.homewithmission.com/ Book: https://a.co/d/127OwCr  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    55 min
  7. When Data Security Isn’t Yes or No - Jennifer Fite - Guardians of the Data - Episode #24

    JAN 8

    When Data Security Isn’t Yes or No - Jennifer Fite - Guardians of the Data - Episode #24

    How do you secure data when access isn’t binary? In this episode, host Ward Balcerzak sits down with Jennifer Fite, Principal Consultant on the Data Risk Management team at Trace3, to unpack the real-world challenges organizations face when trying to protect sensitive data in today’s cloud-first, integration-heavy environments. Jen shares why supply chain breaches have become one of the fastest-growing data security threats and why focusing solely on AI misses the bigger picture. As organizations move from on-prem infrastructure to sprawling cloud ecosystems, security teams are losing visibility into where data lives, who’s accessing it, and how it’s being used. Jen emphasizes a recurring theme: data security is contextual, not binary. Unlike traditional security controls, protecting data requires understanding business intent, user behavior, and downstream data usage, all of which can change over time. Takeaways: Harden Internal Data Security Practices: Focus on protecting data at rest, minimizing unnecessary data proliferation, and ensuring robust internal controls regardless of external integrations.Implement User Behavior Analytics: Establish monitoring to understand normal user behavior and detect anomalies. This helps identify potential breaches, especially when attackers use legitimate credentials.Know Your Data Estate: Maintain visibility into where sensitive data is stored, who has access, and how it is used. Regularly update your data inventory and access controls.Establish Data Ownership and Accountability: Assign clear data owners who understand and can authorize access and usage. Ensure business justification for all data access and regularly review permissions.Start with Immediate, Practical Steps: If resources are limited, address the most critical gaps first (e.g., implement basic classification and access policies), then build toward a more comprehensive data security program.Regularly Review and Adjust Access: Continuously re-evaluate who has access to what data, ensuring permissions are still necessary and appropriate, and remove access when it is no longer needed. Quote of the Show: “ I don't wanna say no, but because it depends, I have to sit with that person and understand what they're doing so we can create the safe right way to do that thing.” - Jennifer Fite Links: LinkedIn: https://www.linkedin.com/in/jenfitephd/ Website: https://www.trace3.com/ Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    40 min
  8. Re-Air: Data Governance & Stewardship Balance - Lance Fischer - Guardians of the Data - Episode #23

    12/30/2025

    Re-Air: Data Governance & Stewardship Balance - Lance Fischer - Guardians of the Data - Episode #23

    Why is visibility the first step in any effective data security strategy? In this re-air episode, we’re revisiting Ward’s conversation with Lance Fischer, Principal Security Architect at Guidepoint Security, but its insights are more relevant than ever as organizations grapple with data sprawl, AI adoption, and rising regulatory pressure. With nearly three decades in security, Lance breaks down one of the most misunderstood areas of modern security programs: the difference between data governance and data stewardship, and why confusing the two stalls progress before it even begins.   Takeaways: Prioritize Visibility First: Before implementing controls or buying tools, ensure you have a clear understanding of what data you have, where it resides, and how it flows within your organization.Clarify Data Governance vs. Data Stewardship: Define clear roles. Governance sets the policies and rules; stewardship ensures those rules are applied consistently. Foster communication and cooperation between these groups.Start Small and Scale: Don’t try to solve everything at once. Tackle visibility and controls in manageable pieces. Focus on a subset of data or a specific business unit to build momentum.Engage Stakeholders Across the Business: Involve HR, Legal, IT, and business units early to ensure policies are practical and have buy-in. Encourage open dialogue rather than top-down mandates.Understand and Plan for Resource Needs: Assess the people, time, and budget required for data security initiatives before launching. Avoid overburdening staff with too many roles; dedicate resources where possible.Document Decisions and Processes: Track inputs and outputs from governance meetings and policy changes for audit and continuous improvement.Anticipate and Manage Tool Sprawl: Regularly review existing tools for effectiveness and eliminate redundant or unused solutions. Don’t assume swapping tools will solve underlying process or visibility issues. Quote of the Show: “ Data governance is the rules of the game. Data stewardship ensures those rules are applied consistently and effectively.” - Lance Fischer Links: LinkedIn: https://www.linkedin.com/in/lance-fischer-a0301219/ Website: https://www.guidepointsecurity.com/  Ways to Tune In: Transistor: https://guardiansofthedata.show/  Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323 Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-dataiHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/YouTube: https://www.youtube.com/@GuardiansoftheDataPod

    49 min
See All (31)

Trailer

About

Welcome to Guardians of the Data! Join host, Ward Balcerzak, each week as he dives deep into the passions, expertise, and experiences of CISOs, Chief Data Officers, and more. Guardians of the Data is sponsored by Sentra - AI-powered data security platform that discovers and classifies all your data accurately and automatically to achieve enterprise-scale data protection without the fuss.

Information

  • Creator
    Ward Balcerzak
  • Years Active
    2025 - 2026
  • Episodes
    31
  • Rating
    Clean
  • Copyright
    © 2026 Ward Balcerzak
  • Show Website
    Guardians of the Data