AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

ClearTech Research / Jo Peterson
  • 5.0 (1)
  • TECHNOLOGY

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

  1. AI Security: Shadow AI, Non Human Identities, and AI Defense (Rock Lambros)

    1D AGO

    AI Security: Shadow AI, Non Human Identities, and AI Defense (Rock Lambros)

    AI is already inside your environment.  The problem is most organizations don’t fully see where or how it’s being used.  In this episode of ClearTech Loop, Jo Peterson sits down with Rock Lambros, CEO of RockCyber, to break down what’s actually happening with shadow AI, non human identities, and AI defense as adoption moves faster than governance.  Why This Matters  This isn’t a future problem.  Teams are already:  Using AI tools outside of approved environments  Creating machine and agent identities at scale  Relying on security models that were never designed for this level of automation  That gap between adoption and control is where risk is showing up.  What You’ll Hear in This Episode  Why shadow AI is a governance issue, not just a security problem  How non human identities are scaling beyond what most organizations can manage  What AI defense actually means beyond vendor messaging  Where organizations are most exposed right now  Key Insight  AI security isn’t breaking because organizations aren’t trying.  It’s breaking because the systems meant to manage risk are moving slower than the systems creating it.  About the Guest  Rock Lambros is CEO and Founder of RockCyber and a contributor to the OWASP GenAI Security Project. His work focuses on AI governance, agentic security, and helping organizations understand how AI changes the attacksurface.  Resources  OWASP GenAI Security Project: https://genai.owasp.org/ AAGATE Framework: https://www.rockcybermusings.com/p/aagate-governing-the-ungovernable-operationalizing-nist-ai-rmf-agentic-ai Governing the Ungovernable: https://aicybermagazine.com/governing-the-ungovernable/  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  2. AI Security: Todd Smith on Shadow AI, NHIs, and AI Defense

    APR 29

    AI Security: Todd Smith on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Todd Smith, SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank, about shadow AI, non human identities, and what AI defense looks like in environments where identity, fraud, and security are tightly connected.  They unpack why shadow AI is both an IT and security issue, why blocking AI tools is not a long term strategy, and how organizations are trying to bring more visibility and control to environments where AI adoption is already happening across teams.  Todd explains how shadow AI creates real risk through data leakage, IP exposure, and regulatory pressure, especially when employees turn to unapproved tools to move faster. The conversation also highlights the role of training, as organizations shift from simply restricting behavior to helping employees understand how to use AI safely.  The discussion then moves to non human identities, where Todd describes the operational challenge of managing identities that do not follow a clean lifecycle. These identities can accumulate over time, often without clear ownership, creating a growing need for discovery, cleanup, and better control moving forward.  From there, Jo and Todd explore AI defense from a practical standpoint. Instead of starting with external threats, the conversation focuses on understanding what is happening inside the environment first, including how AI interacts with data, identity, and access. That internal visibility becomes the foundation for any broader defense strategy.  This episode is especially relevant for CIOs, CISOs, security leaders, and identity leaders working through the realities of AI adoption, governance, and risk in enterprise environments.  Timestamps  00:00 Introduction to Todd Smith and episode context  01:40 Shadow AI: IT problem, security problem, or both?  04:50 Discovery, visibility, and managing shadow AI  07:55 Security as the “Department of Education”  10:45 Non human identities and lifecycle challenges  13:20 AI defense: starting inside the environment  Guest Bio  Todd Smith is SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank. His work spans identity, fraud, threat intelligence, and AI security in financial services environments. He has held leadership roles across Ameris Bank, SoFi, Barclays, Citi, and the FBI, focusing on identity, cyber fraud, and intelligence driven security operations.  Additional Resources  National Institute of Standards and Technology AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework National Institute of Standards and Technology Cybersecurity Framework (CSF): https://www.nist.gov/cyberframework MITRE ATT&CK Framework: https://attack.mitre.org/ Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 Follow ClearTech Loop  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    16 min
  3. AI Security: Thomas Bryant on Shadow AI, NHIs, and AI Defense

    APR 14

    AI Security: Thomas Bryant on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Thomas Bryant, Director of Technical Marketing at Pure Storage and independent analyst and consultant at THB3, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense.  They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense is increasingly becoming a resilience question rather than just a detection one.   In this conversation, Thomas explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to help employees move faster without exposing enterprise data through non approved tools. He also shares how leaders are using discovery, inventory, and training to bring more structure to environments where AI adoption is already ahead of visibility.   The discussion then shifts to non human identities, where Thomas argues that organizations need to think differently about bots, scripts, and AI agents that can outnumber humans at massive scale. From there, Jo and Thomas dig into AI defense as a broader operational challenge centered on adversarial AI, faster response, resilience, and recovery when humans cannot keep up on their own. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, accountability, and resilience.   Timestamps  00:00 Introduction to Thomas Bryant and the episode theme  01:39 Shadow AI: IT problem, security problem, or both?  03:04 Discovery, standardization, and training around shadow AI  05:07 NHIs, onboarding, and machine identity management  07:18 Super agents, governance, and traceability  11:09 AI defense, adversarial AI, and resilient security   Guest Bio  Thomas Bryant is Director of Technical Marketing at Pure Storage and an independent analyst and consultant at THB3. He has held leadership roles across Pure Storage, Commvault, VMware, and Dell, with a focus on technical marketing, infrastructure, cloud, AI, and cybersecurity. His work centers on helping technical teams make complex technology easier to understand and act on.   Additional Resources  Thomas Bryant on LinkedIn: https://www.linkedin.com/in/thomashbryant/  Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577  Thomas Bryant Podcast (2024): https://podcasts.apple.com/us/podcast/the-resilience-rundown/id1730107130  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy    🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  4. ResOps: Bridging Security & Operations for Smarter Cyber Recovery

    APR 10

    ResOps: Bridging Security & Operations for Smarter Cyber Recovery

    When ransomware strikes, even the most prepared organizations can find themselves scrambling—security hunting for indicators while IT races to spin up restores. It’s a recipe for confusion and downtime. Chris Bevel, Practice Lead for Cybersecurity and AI at Commvault, joined Clear Tech Loop to break down how ResOps—the fusion of security and operations—creates a new model for smarter cyber resilience and faster, more coordinated recovery. Breaking Down the Silos Security and IT operations share the same goal: keep the business running. But during a cyber incident, they often work from separate playbooks. Security investigates threats; operations restores systems. The result is fragmented workstreams, miscommunication, and delayed recovery. ResOps bridges that divide. By aligning both teams under a unified, pre-tested recovery framework, organizations can respond to ransomware and other cyberattacks with speed and precision. The goal isn’t just to get systems back up—it’s to restore them safely and confidently. AI That Drives Real Decisions Not all artificial intelligence earns its keep. As Bevel explains, “AI doesn’t replace people—it helps them see more clearly and decide faster.” Commvault’s AI-powered analytics connect signals across identity behavior, configuration drift, and privilege escalation. Individually, these alerts seem routine. When correlated, they reveal hidden attack patterns—insights that help teams detect and respond before damage spreads. This AI-driven cybersecurity approach turns scattered data into actionable intelligence, helping organizations reduce risk and make confident recovery decisions under pressure. Recovery as Code: From Chaos to Confidence Traditional disaster recovery plans often live in outdated documentation or inside a single engineer’s mind. Recovery as code modernizes that approach, defining every restoration step as structured, repeatable, and testable code. By treating recovery like infrastructure, teams can ensure cyber recovery that’s not just fast but reliable and verifiable. Clean data, validated systems, and resilient configurations—these are the new success metrics for post-ransomware recovery. Securing Active Directory: The Core of Cyber Resilience In nearly every ransomware event, Active Directory (AD) is the prime target. Once compromised, attackers can move freely across the network. Bevel recounts a cautionary tale from HIMSS: a company restored all systems, only to discover the attacker still had persistence through AD. True identity resilience means validating every object, setting, and credential before declaring victory. Commvault extends this rigor beyond on-prem environments with protection for hybrid identity platforms like Okta, ensuring secure recovery across both cloud and data center ecosystems. The Future of Cyber Recovery: Practiced, Unified, Intelligent ResOps isn’t a tool—it’s a mindset shift. It’s about rehearsing before the crisis hits, connecting teams around shared playbooks, and letting AI surface what humans might miss. As organizations face increasingly complex ransomware threats, this convergence of security and operations represents the next evolution of cyber resilience. Commvault will showcase these ResOps and cyber recovery innovations at RSA. For anyone who’s experienced the chaos of an uncoordinated incident response 🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  5. AI Security: Matt Sharp on Shadow AI, NHIs, and AI Defense

    APR 7

    AI Security: Matt Sharp on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Matt Sharp, Chief Information Security Officer at Xactly, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense. They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense now spans productivity tools, SaaS platforms, internal environments, and third party risk.   In this episode of ClearTech Loop, Jo Peterson sits down with Matt Sharp for a grounded conversation on three issues reshaping enterprise AI governance: shadow AI, NHIs, and AI defense. Matt brings a practical view from inside a real operating environment, where AI adoption is moving fast and governance, identity, and risk have to keep up. In the conversation, he explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to steer employees toward approved AI tools while protecting enterprise data.   The conversation then shifts to non human identities, where Matt argues that AI agents are being layered into authorization models that organizations never fully solved in the first place. From there, Jo and Matt dig into AI defense as a broader enterprise challenge that now touches browser extensions, IDEs, local models, SaaS platforms, and third party risk. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, visibility, and accountability.   Timestamps  00:00 Introduction to Matt Sharp and the episode theme  02:29 Shadow AI: IT problem, security problem, or both?  05:54 Why collaboration between security and IT matters  07:21 NHIs, authorization, and the limits of role based access control  12:11 What AI defense means in practice  15:33 Platform strategy, budget pressure, and what comes next in AI security   Guest Bio  Matt Sharp is the Chief Information Security Officer at Xactly. He focuses on security, trust, and AI governance in environments where AI is becoming core to the business and product. He is also a venture advisor at YL Ventures and the author of The CISO Evolution.   Additional Resources  Matt Sharp: A CISO’s approach to creating AI governance framework: https://www.securitypalhq.com/blog/matt-sharp-a-cisos-approach-to-creating-ai-governance-framework  The CISO Evolution by Matt Sharp: http://amazon.com/CISO-Evolution-Knowledge-Cybersecurity-Executives/dp/1119782481  Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.    🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    18 min
  6. AI Security Is a Risk Leadership Problem First with Gerry Gadoury

    MAR 10

    AI Security Is a Risk Leadership Problem First with Gerry Gadoury

    In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Gerry Gadoury to talk about what AI security leadership actually requires as the threat landscape changes faster and the business pressure around AI keeps rising.  This is not a conversation about one more security tool. Gerry brings the discussion back to risk judgment, executive alignment, and the human side of security leadership. As AI lowers the barrier for attackers and accelerates the pace of change, security leaders need to focus on real risk, not theoretical panic, while helping the business make better decisions under pressure.  Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/  Key Quotes  “Do real risk assessments. Don't look so much for the Boogeyman. Look for the person actually knocking on your door.” “When you mandatorily push it downhill, I think people are going to resist.” “The AI landscape changes fundamentally by quarter.” Three Big Ideas from This Episode  Real risk matters more than theoretical panic  AI security starts with identifying what is likely, material, and relevant to the business instead of getting lost in every hypothetical scenario. Security cannot just be pushed downhill  Runbooks and playbooks matter, but they do not replace executive alignment. Security works better when leaders understand the concerns, reduce resistance, and align around outcomes before a crisis hits. The CISO role is becoming more business critical  As AI changes the risk environment, CISOs need to think more like risk officers by balancing technical controls, business priorities, and leadership judgment. Additional resources  Destination Employer: Attract, Recruit, and Retain the Top Talent in Your Market by Gerry Gadoury: https://www.amazon.com/dp/B0CR352P8M/ref=cm_sw_r_cp_ud_dp_MCV88SEER4A2FGQQ6H73 NIST AI Risk Management Framework and AI Resource Center: https://airc.nist.gov/ ClearTech Loop Season 1: https://www.buzzsprout.com/2248577  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    11 min
  7. Cybersecurity Is a Social System with Fernando

    MAR 2

    Cybersecurity Is a Social System with Fernando

    In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Fernando Montenegro to talk about what the CISO role actually looks like right now as generative AI spreads across the enterprise.   This is not a conversation about one more security tool. Fernando frames AI as a forcing function that exposes the social structure of an organization, including incentives, accountability, influence, and how decisions get made. The CISO role has become a bridge role, and the job is more political, more collaborative, and more consultative than it used to be.   Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/  Zach Lewis Buzzsprout https://www.linkedin.com/newsletters/7346174860760416256/  Key Quotes  “They are the translator of security issues to non security decision makers.”  “One of the ways to bring these silos down is to have empathy for the other side, if you will.”  “You solve all of this at the design stage, at the initiation stage, not down the line when people want to release the production.”  Three Big Ideas from This Episode  AI forces cross functional alignment  AI makes silos expensive. When teams have to work together to make AI work, security cannot stay isolated and expect trust to show up later.  Embed security by showing up early  There is no perfect universal checklist. The workable move is being there at the beginning, removing friction early, and helping the initiative flourish before deadlines turn everything into a showdown.  The CISO is a translator role now  CISOs are playing multiple games at once across the board, the CIO, legal, customers, regulators, and internal teams. Translation is a core operating requirement, not a soft skill.  Episode Notes and Links  Listen: In the Player Watch on YouTube: https://youtu.be/0H4x1-Hu-44 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/   Additional resources  The Futurum Group, Fernando Montenegro profile https://futurumgroup.com/fernando-montenegro/  AI and organizational risk management resources, NIST AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework  2017 Transformers paper: “Attention Is All You Need” (2017) by Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, Illia Polosukhin. https://proceedings.neurips.cc/paper_files/paper/2017/file/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf  ClearTech Research and ClearTech Loop https://cleartechresearch.com/ 🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    20 min
  8. Security Is an Environment with Miri Rodriguez

    FEB 26

    Security Is an Environment with Miri Rodriguez

    What CISOs miss when security only lives in features  AI security is still getting framed like a technology problem: new tools, new controls, new dashboards, and new rules. In this episode of ClearTech Loop, Jo Peterson talks with Miri Rodriguez, Cofounder and CEO of Empressa.ai, about why that framing keeps breaking in the real world.  Miri brings a people first lens to AI adoption and security. She argues that security is not just something you install. It is an environment people are willing to enter. When the environment does not feel secure, adoption either slows or goes underground, and then security teams are left trying to govern what they cannot see.  This conversation connects three practical leadership threads: using GenAI upstream to understand real adoption patterns, embedding security and privacy without slowing innovation by designing for humans, and building governance that becomes habit instead of paperwork.  Subscribe to ClearTech Loop on LinkedIn https://www.linkedin.com/newsletters/7346174860760416256/  Key Quotes “The opportunity is massive when you think about security as an environment, not just a technology or a feature.”  “The features don’t matter. If you can’t tell me why the features are important in my space.”  Three Big Ideas from This Episode  GenAI beyond the tool stack Generative AI can help security leaders widen the lens on adoption. Before policies and controls, leaders need to understand where people hesitate, where they take shortcuts, and why the secure path gets avoided. Inclusion is a security control Speed without inclusion creates blind spots, and blind spots become risk. Security and privacy do not have to slow innovation, but they do have to be designed in a way people can understand and follow. Governance is behavior If governance does not translate into day to day habits, it is just documentation. Training format matters as much as content, and security sticks when people see it as personal responsibility, not corporate paperwork. Additional Resources  AI Foundations for Women (Empressa AI) https://empressa.ai/ai-foundations-for-women/ Most Tools Weren’t Built with Women in Mind, AI Is Just the Latest https://empressa.ai/2025/04/03/most-tools-werent-built-with-women-in-mind-ai-is-just-the-latest/ IABC Catalyst, Building Your Brand With Microsoft Senior Storyteller Miri Rodriguez https://www.iabc.com/Catalyst/Article/building-your-brand-with-microsoft-senior-storyteller-miri-rodriguez About the Guest Miri Rodriguez is Cofounder and CEO at Empressa.ai, an AI and storytelling strategist, bestselling author, and Microsoft alum. She focuses on ethical innovation, inclusion, and building trustworthy AI environments where women can connect, learn, and thrive. She is also the author of Brand Storytelling: Put Customers at the Heart of Your Brand Story.    🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    16 min
See All (46)

About

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

Information