AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

ClearTech Research / Jo Peterson

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

  1. AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

    4d ago

    AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

    AI security is not showing up as one clean problem.  It is showing up across governance, risk, productivity, identity, API security, and defense.  In this episode of ClearTech Loop, Jo Peterson talks with seasoned CISO Patricia Titus, about shadow AI, non human identities, AI agents, APIs, and what AI defense means when organizations are trying to move quickly without losing control. Patricia brings more than 25 years of cybersecurity leadership experience across public and private sectors, including financial services, technology, and government.   Patricia’s take is practical: shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem. If organizations want employees to use AI responsibly, the approved path has to be easier than the workaround.   What You’ll Hear in This Episode  Jo and Patricia discuss: Shadow AI as a governance, risk, productivity, and security issue Why visibility has to come before control How CISOs and CIOs can create approval lanes that are easier than going rogue Why AI agents are becoming a new control plane How non human identities, service accounts, bots, and APIs are changing the access conversation Why AI defense is less about novelty and more about applying fundamentals at a new scale and speed Key Insight  AI defense is not just about buying new tools. It is about understanding what AI connects to, what data it consumes, how agents behave, and whether the organization can prove access is controlled. That makes this episode especially relevant for CIOs, CISOs, IT leaders, security leaders, and enterprise teams trying to manage AI adoption inside real environments. Timestamps  00:00 Introduction to Patricia Titus  01:34 ClearTech Loop hot take format and AI security focus  02:25 Shadow AI as both an IT and security problem  03:03 Visibility, safe paths, and enforceable guardrails  05:17 AI agents as a new control plane  06:06 Why emerging AI agent behavior creates new concerns  08:46 Jo on executive awareness and evidence  10:33 Non human identities and how CISOs and CIOs are enabling them  12:34 Least privilege, zero trust, and proving agents are turned off  14:27 APIs as part of the non human identity conversation  15:25 AI defense as fundamentals at a new scale and velocity  16:12 Closing thoughts  Guest Bio  Patricia Titus is a seasoned Chief Information Security Officer. She is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.  She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.  Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations and leadership.  Resources  If Every User Needs an Identity, Why Don’t Our APIs? by Patricia Titus https://abnormal.ai/blog/user-identity-apis Preparing for AI Regulation: What CISOs Can Do Now by Patricia Titus https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now Building a Culture of Proactive Threat Defense by Patricia Titus https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense Season 1 ClearTech Loop https://www.buzzsprout.com/2248577 Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    16 min
  2. ClearTech Loop Special Edition: Rethinking CDN Pricing with AWS CloudFront

    May 21

    ClearTech Loop Special Edition: Rethinking CDN Pricing with AWS CloudFront

    Cloud pricing can look simple until the bill arrives.  In this ClearTech Loop Special Edition, Jo Peterson talks with Cristian Graziano, Principal Product Manager at Amazon Web Services, about AWS CloudFront flat rate plans and why predictable pricing matters for teams delivering internet facing applications.  Cristian explains how CloudFront helps accelerate and secure applications, why customers often combine CDN, WAF, DDoS protection, DNS, logging, and monitoring, and how flat rate plans are designed to make that model easier to understand, approve, and manage.  In this episode  Jo and Cristian discuss:  What AWS CloudFront does  Why CDN pricing can get complicated  How CloudFront flat rate plans simplify pricing  Why predictable monthly costs matter for developers, business units, SMBs, and enterprise teams  How AWS is making security part of the starting point  Why WAF, DDoS protection, bot controls, and security visibility matter for internet facing applications  Featured quote  “Security is included by default.” Cristian Graziano, Principal Product Manager, AWS  About the guest  Cristian Graziano is a Principal Product Manager at Amazon Web Services. His work focuses on the customer experience for AWS CloudFront, including onboarding, console experience, and pricing.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    11 min
  3. AI Security Starts with Education: James McQuiggan on Shadow AI, NHIs, and AI Defense

    May 19

    AI Security Starts with Education: James McQuiggan on Shadow AI, NHIs, and AI Defense

    AI security is not only about policies, tools, and controls. It is also about education.  In this episode of ClearTech Loop, Jo Peterson talks with James McQuiggan, founder and CISO of Apparent Security, about shadow AI, non human identities, and what AI defense means as organizations try to keep up with real world AI adoption.  James brings the lens of an educator to the conversation. His perspective keeps coming back to how people learn, how they adopt new tools, and why security teams need to guide safe AI use instead of relying on blocking or policy alone.  In this episode  Jo and James discuss:  Shadow AI as the next version of shadow IT Why AI adoption is happening faster than governance and training How CISOs and CIOs can create safer paths for employees using AI Why non human identities create new access and data flow risks How AI defense includes defending with AI, defending against AI enabled attacks, and protecting AI systems themselves Timestamps  00:00 Introduction to James McQuiggan and the episode theme  02:32 Shadow AI as the next version of shadow IT  06:17 Why education matters in AI policy and rollout  07:34 Training, micro learning, and helping users work safely  10:05 Non human identities, access, and data flow  12:27 What AI defense means in practice  15:00 Final thoughts and closing  Guest Bio  James McQuiggan is founder and CISO of Apparent Security. He is a threat intelligence strategist, cybersecurity educator, and practitioner with more than 25 years of experience across critical infrastructure, human risk management, and security leadership.   Resources  AI and the Boardroom: Bridging Innovation and Security by James McQuiggan: https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security National Institute of Standards and Technology Cybersecurity Framework: https://www.nist.gov/cyberframework Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    16 min
  4. AI Security: Shadow AI, Non Human Identities, and AI Defense (Rock Lambros)

    May 5

    AI Security: Shadow AI, Non Human Identities, and AI Defense (Rock Lambros)

    AI is already inside your environment.  The problem is most organizations don’t fully see where or how it’s being used.  In this episode of ClearTech Loop, Jo Peterson sits down with Rock Lambros, CEO of RockCyber, to break down what’s actually happening with shadow AI, non human identities, and AI defense as adoption moves faster than governance.  Why This Matters  This isn’t a future problem.  Teams are already:  Using AI tools outside of approved environments  Creating machine and agent identities at scale  Relying on security models that were never designed for this level of automation  That gap between adoption and control is where risk is showing up.  What You’ll Hear in This Episode  Why shadow AI is a governance issue, not just a security problem  How non human identities are scaling beyond what most organizations can manage  What AI defense actually means beyond vendor messaging  Where organizations are most exposed right now  Key Insight  AI security isn’t breaking because organizations aren’t trying.  It’s breaking because the systems meant to manage risk are moving slower than the systems creating it.  About the Guest  Rock Lambros is CEO and Founder of RockCyber and a contributor to the OWASP GenAI Security Project. His work focuses on AI governance, agentic security, and helping organizations understand how AI changes the attacksurface.  Resources  OWASP GenAI Security Project: https://genai.owasp.org/ AAGATE Framework: https://www.rockcybermusings.com/p/aagate-governing-the-ungovernable-operationalizing-nist-ai-rmf-agentic-ai Governing the Ungovernable: https://aicybermagazine.com/governing-the-ungovernable/  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  5. AI Security: Todd Smith on Shadow AI, NHIs, and AI Defense

    Apr 29

    AI Security: Todd Smith on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Todd Smith, SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank, about shadow AI, non human identities, and what AI defense looks like in environments where identity, fraud, and security are tightly connected.  They unpack why shadow AI is both an IT and security issue, why blocking AI tools is not a long term strategy, and how organizations are trying to bring more visibility and control to environments where AI adoption is already happening across teams.  Todd explains how shadow AI creates real risk through data leakage, IP exposure, and regulatory pressure, especially when employees turn to unapproved tools to move faster. The conversation also highlights the role of training, as organizations shift from simply restricting behavior to helping employees understand how to use AI safely.  The discussion then moves to non human identities, where Todd describes the operational challenge of managing identities that do not follow a clean lifecycle. These identities can accumulate over time, often without clear ownership, creating a growing need for discovery, cleanup, and better control moving forward.  From there, Jo and Todd explore AI defense from a practical standpoint. Instead of starting with external threats, the conversation focuses on understanding what is happening inside the environment first, including how AI interacts with data, identity, and access. That internal visibility becomes the foundation for any broader defense strategy.  This episode is especially relevant for CIOs, CISOs, security leaders, and identity leaders working through the realities of AI adoption, governance, and risk in enterprise environments.  Timestamps  00:00 Introduction to Todd Smith and episode context  01:40 Shadow AI: IT problem, security problem, or both?  04:50 Discovery, visibility, and managing shadow AI  07:55 Security as the “Department of Education”  10:45 Non human identities and lifecycle challenges  13:20 AI defense: starting inside the environment  Guest Bio  Todd Smith is SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank. His work spans identity, fraud, threat intelligence, and AI security in financial services environments. He has held leadership roles across Ameris Bank, SoFi, Barclays, Citi, and the FBI, focusing on identity, cyber fraud, and intelligence driven security operations.  Additional Resources  National Institute of Standards and Technology AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework National Institute of Standards and Technology Cybersecurity Framework (CSF): https://www.nist.gov/cyberframework MITRE ATT&CK Framework: https://attack.mitre.org/ Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 Follow ClearTech Loop  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    16 min
  6. AI Security: Thomas Bryant on Shadow AI, NHIs, and AI Defense

    Apr 14

    AI Security: Thomas Bryant on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Thomas Bryant, Director of Technical Marketing at Pure Storage and independent analyst and consultant at THB3, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense.  They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense is increasingly becoming a resilience question rather than just a detection one.   In this conversation, Thomas explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to help employees move faster without exposing enterprise data through non approved tools. He also shares how leaders are using discovery, inventory, and training to bring more structure to environments where AI adoption is already ahead of visibility.   The discussion then shifts to non human identities, where Thomas argues that organizations need to think differently about bots, scripts, and AI agents that can outnumber humans at massive scale. From there, Jo and Thomas dig into AI defense as a broader operational challenge centered on adversarial AI, faster response, resilience, and recovery when humans cannot keep up on their own. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, accountability, and resilience.   Timestamps  00:00 Introduction to Thomas Bryant and the episode theme  01:39 Shadow AI: IT problem, security problem, or both?  03:04 Discovery, standardization, and training around shadow AI  05:07 NHIs, onboarding, and machine identity management  07:18 Super agents, governance, and traceability  11:09 AI defense, adversarial AI, and resilient security   Guest Bio  Thomas Bryant is Director of Technical Marketing at Pure Storage and an independent analyst and consultant at THB3. He has held leadership roles across Pure Storage, Commvault, VMware, and Dell, with a focus on technical marketing, infrastructure, cloud, AI, and cybersecurity. His work centers on helping technical teams make complex technology easier to understand and act on.   Additional Resources  Thomas Bryant on LinkedIn: https://www.linkedin.com/in/thomashbryant/  Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577  Thomas Bryant Podcast (2024): https://podcasts.apple.com/us/podcast/the-resilience-rundown/id1730107130  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy    🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  7. ResOps: Bridging Security & Operations for Smarter Cyber Recovery

    Apr 10

    ResOps: Bridging Security & Operations for Smarter Cyber Recovery

    When ransomware strikes, even the most prepared organizations can find themselves scrambling—security hunting for indicators while IT races to spin up restores. It’s a recipe for confusion and downtime. Chris Bevel, Practice Lead for Cybersecurity and AI at Commvault, joined Clear Tech Loop to break down how ResOps—the fusion of security and operations—creates a new model for smarter cyber resilience and faster, more coordinated recovery. Breaking Down the Silos Security and IT operations share the same goal: keep the business running. But during a cyber incident, they often work from separate playbooks. Security investigates threats; operations restores systems. The result is fragmented workstreams, miscommunication, and delayed recovery. ResOps bridges that divide. By aligning both teams under a unified, pre-tested recovery framework, organizations can respond to ransomware and other cyberattacks with speed and precision. The goal isn’t just to get systems back up—it’s to restore them safely and confidently. AI That Drives Real Decisions Not all artificial intelligence earns its keep. As Bevel explains, “AI doesn’t replace people—it helps them see more clearly and decide faster.” Commvault’s AI-powered analytics connect signals across identity behavior, configuration drift, and privilege escalation. Individually, these alerts seem routine. When correlated, they reveal hidden attack patterns—insights that help teams detect and respond before damage spreads. This AI-driven cybersecurity approach turns scattered data into actionable intelligence, helping organizations reduce risk and make confident recovery decisions under pressure. Recovery as Code: From Chaos to Confidence Traditional disaster recovery plans often live in outdated documentation or inside a single engineer’s mind. Recovery as code modernizes that approach, defining every restoration step as structured, repeatable, and testable code. By treating recovery like infrastructure, teams can ensure cyber recovery that’s not just fast but reliable and verifiable. Clean data, validated systems, and resilient configurations—these are the new success metrics for post-ransomware recovery. Securing Active Directory: The Core of Cyber Resilience In nearly every ransomware event, Active Directory (AD) is the prime target. Once compromised, attackers can move freely across the network. Bevel recounts a cautionary tale from HIMSS: a company restored all systems, only to discover the attacker still had persistence through AD. True identity resilience means validating every object, setting, and credential before declaring victory. Commvault extends this rigor beyond on-prem environments with protection for hybrid identity platforms like Okta, ensuring secure recovery across both cloud and data center ecosystems. The Future of Cyber Recovery: Practiced, Unified, Intelligent ResOps isn’t a tool—it’s a mindset shift. It’s about rehearsing before the crisis hits, connecting teams around shared playbooks, and letting AI surface what humans might miss. As organizations face increasingly complex ransomware threats, this convergence of security and operations represents the next evolution of cyber resilience. Commvault will showcase these ResOps and cyber recovery innovations at RSA. For anyone who’s experienced the chaos of an uncoordinated incident response 🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    13 min
  8. AI Security: Matt Sharp on Shadow AI, NHIs, and AI Defense

    Apr 7

    AI Security: Matt Sharp on Shadow AI, NHIs, and AI Defense

    What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Matt Sharp, Chief Information Security Officer at Xactly, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense. They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense now spans productivity tools, SaaS platforms, internal environments, and third party risk.   In this episode of ClearTech Loop, Jo Peterson sits down with Matt Sharp for a grounded conversation on three issues reshaping enterprise AI governance: shadow AI, NHIs, and AI defense. Matt brings a practical view from inside a real operating environment, where AI adoption is moving fast and governance, identity, and risk have to keep up. In the conversation, he explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to steer employees toward approved AI tools while protecting enterprise data.   The conversation then shifts to non human identities, where Matt argues that AI agents are being layered into authorization models that organizations never fully solved in the first place. From there, Jo and Matt dig into AI defense as a broader enterprise challenge that now touches browser extensions, IDEs, local models, SaaS platforms, and third party risk. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, visibility, and accountability.   Timestamps  00:00 Introduction to Matt Sharp and the episode theme  02:29 Shadow AI: IT problem, security problem, or both?  05:54 Why collaboration between security and IT matters  07:21 NHIs, authorization, and the limits of role based access control  12:11 What AI defense means in practice  15:33 Platform strategy, budget pressure, and what comes next in AI security   Guest Bio  Matt Sharp is the Chief Information Security Officer at Xactly. He focuses on security, trust, and AI governance in environments where AI is becoming core to the business and product. He is also a venture advisor at YL Ventures and the author of The CISO Evolution.   Additional Resources  Matt Sharp: A CISO’s approach to creating AI governance framework: https://www.securitypalhq.com/blog/matt-sharp-a-cisos-approach-to-creating-ai-governance-framework  The CISO Evolution by Matt Sharp: http://amazon.com/CISO-Evolution-Knowledge-Cybersecurity-Executives/dp/1119782481  Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577    Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.    🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    18 min
See All (49)

About

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

Information

You Might Also Like