On the 39th episode of Enterprise AI Defenders, hosts Evan Reiser (CEO and co-founder, Abnormal AI) and Mike Britton (CIO, Abnormal AI) sit down with Mark Ballister, CISO at Montefiore Health System, to discuss governing AI risk in a hospital system. Mark shares how his team flipped the default from "no" to "yes, with controls," why work-versus-web toggles are a quiet exposure point, and how his own security team produced 22,000 lines of AI-generated code for an internal risk-evaluation model.

Quick Hits from Mark:

On the AI governance posture: "We don't look to say no. We look to say yes, as long as we can put controls around it."

On the Microsoft Copilot work-versus-web toggle: "By just clicking that button that says 'web,' you are no longer protected."

On bringing AI inside the security team: "It wrote all…22,000 lines of code."

Book Recommendation: The One Minute Manager by Ken Blanchard and Spencer Johnson

Like what you hear? Leave us a review and subscribe to the show on Apple, Spotify, and YouTube.

Enterprise AI Defenders is a show where top security executives share specific ways AI changes the threat landscape and the defenses that hold up in real environments.

Find more great insights from technology leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Abnormal Studios.

On the 38th episode of Enterprise AI Defenders, host Mike Britton talks with TJ Mann, Global Chief Information Security Officer at Lockton. TJ argues the fastest path to resilience is not chasing every shiny tool; it is treating identity, APIs, and SaaS configuration as the new frontline, because attackers “don’t need to breach your network anymore,” they need one compromised identity, integration, or misconfiguration. He also breaks down how AI shifts email and impersonation risk toward hyper-personalized social engineering, and why Lockton is investing heavily in employee awareness, muscle memory for reporting, and identity-first controls to keep fraud from becoming a business process.

Quick hits from TJ:

On AI-driven impersonation: “We are seeing… hyper personalized social engineering… deepfake voice or face or audio or video or both.”

On what changed in cloud security: “Identity… is the new perimeter.”

On what attackers really need now: “The bad guys don’t need to breach your network anymore. They just need to compromise one identity, one integration or one misconfiguration.”

Recent Book Recommendation: Ikigai by Héctor García and Francesc Miralles

Like what you hear? Leave us a review and subscribe to the show on Apple, Spotify, and YouTube.

Enterprise AI Defenders is a show where security executives explain concrete threat shifts and the defenses that hold up in real environments. Find more great insights from technology leaders and enterprise software experts at https://www.enterprisesoftware.blog/

Enterprise AI Defenders is produced by Abnormal Studios.

On the 37th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton talk with Matt Posid, Chief Security Officer at KPMG US. AI accelerates the attacker’s playbook by increasing overall capability and reducing the time between vulnerability discovery and exploitation. Matt explains why KPMG consolidated cyber, insider risk, physical security, life safety, resilience, and third-party risk into one enterprise security program, and how defenders can keep up by pairing strong controls with AI-enabled workflows and clear governance.

Quick hits from Matt:

On how AI changes the threat curve: “AI is really good at a couple of things. It is really good at making people better, and it’s really good at making people faster.”

On deepfakes and why fundamentals still work: “The controls we’ve had to protect against non AI-based attacks are still, in many cases, effective against the AI-based variants.”

On the defender’s response, fight at AI speed: “If the bad guys are using certain tools, the good guys probably have to also, in order to keep up with the capabilities, the velocity that we need to defend.”

Recent Book Recommendation: Unreasonable Hospitality by Will Guidara

Like what you hear? Leave us a review and subscribe to the show on Apple, Spotify, and YouTube.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Abnormal Studios.

On the 36th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton talk with Chris Leigh, VP and Chief Information Security Officer at Eversource Energy. Chris leads security for a regulated, high-stakes utility serving millions across New England. He also owns AI in an uncommon org design that he uses to prove a point: governance does not have to slow innovation if it is built like an engineering function, with repeatable guardrails and clear pathways to ship.

Quick hits from Chris:

​​On shipping AI faster with standardization: “And that’s allowed us to accelerate our time to delivery by orders of magnitude of three months, down to four weeks, down to two weeks for various sprints.”

On preventing outages with drone inspection: “We’ve put some patterns out on this that allows us to better bring in the imagery and run it through our models and pick up damaged components or hotspots in the wires, which allows us to schedule and do repairs before we actually have power outages.”

​​On transforming threat intel into action for the SOC: “Any IOCs get popped into our tools automatically.”

Recent Book Recommendation: Outlive: The Science and Art of Longevity by Peter Attia, MD

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Abnormal Studios.

On the 35th episode of Enterprise AI Defenders, hosts Evan Reiser (co-founder and CEO, Abnormal AI) and Mike Britton (CIO, Abnormal AI) talk with Adam Keown, Chief Information Security Officer at Eastman Chemical Company. Adam draws on a career in law enforcement and global enterprise security to explain how Eastman is safeguarding life-critical manufacturing through identity-first defense, AI-informed education, and resilience engineering, staying ahead of a dynamic threat landscape.

Quick hits from Adam:

On aligning cyber with manufacturing outcomes: “Cybersecurity here at Eastman has two main pillars: make sure the business continues running, and protect our intellectual property. That gives us an advantage in the market.”

On evolving attack surfaces: “Identity is the new attack surface, and privilege is the blast radius.”

On adaptive education: “One of the nicest compliments I’ve gotten was a VP saying: ‘Your security newsletter is so concise it’s faster to read than to file away’.”

Recent Book Recommendation: How to Know a Person by David Brooks

- -

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Josh Meer.

On the 34th episode of Enterprise AI Defenders, hosts Evan Reiser (co-founder and CEO, Abnormal AI) and Mike Britton (CISO, Abnormal AI) talk with Micah Czigan, Chief Information Security Officer at Georgetown University. Micah shares how Georgetown is navigating AI adoption with security-first thinking, tailored governance, and a mindset rooted in experimentation. From piloting secure internal AI tools to defending against deepfakes and hyper-personalized phishing, Micah’s approach protects people while embracing innovation.

Quick hits from Micah:

On AI-powered phishing: “Phishing emails now look personal. AI is building profiles and crafting messages that feel targeted, not blasted.”

On governance that enables adoption: “Shadow AI happens when people don’t feel they have a path to yes. We’re focused on building that path.”

On personalized AI defense models: “We're profiling advisory targets to understand risk not just by email but web activity too, and that’s all AI-powered.”

Recent Book Recommendation: Nuclear War: A Scenario by Annie Jacobsen.

- -

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Josh Meer.

On the 33rd episode of Enterprise AI Defenders, hosts Evan Reiser (CEO and co-founder, Abnormal AI) and Mike Britton (CIO, Abnormal AI) sit down with Lester Godsey, Chief Information Security Officer at Arizona State University, to discuss how ASU is building an ambitious, campus-wide AI strategy. With more than 200,000 users, ASU has deployed an in-house platform supporting 60+ language models and has granted all students and staff access to ChatGPT. Godsey outlines ASU’s strong governance framework, proactive security controls, and threat modeling to address risks such as prompt injection and insider misuse, while highlighting student-driven innovation through hackathons and grants that promote responsible AI experimentation in cybersecurity.

Quick hits from Lester:

On AI threat acceleration: "It’s not net new attacks, we’re just seeing them executed faster, more effectively. The deepfakes in 2024 aren’t funny anymore."

On internal innovation: "We built our own platform supporting over 60 large language models, with walled garden controls and ethical guardrails."

On AI’s future impact: “We’re training a model to ingest messy threat intel from all sources and separate the good from the bad. That’s how small teams can finally take action with confidence.”

Recent Book Recommendation: It's Your Ship: Management Techniques from the Best Damn Ship in the Navy by D. Michael Abrashoff

- -

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where top security executives share how moves to the cloud have created an evolved threat landscape that requires new tools to protect against cybercrime. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Josh Meer

On the 32nd episode of Enterprise AI Defenders, hosts Evan Reiser (CEO, co-founder at Abnormal AI) and Mike Britton (CIO, Abnormal AI) talk with Yaron Levi, CISO at Dolby. They unpack the enduring basics of cyber, how agentic AI can help teams move faster, and why excellent security starts with the business mission. Yaroni argues that most incidents still trace to old problems and that progress in the AI era begins with operational discipline, explicit threat modeling, and automation, where it truly reduces risk. He lays out a pragmatic sequence that starts with business goals, maps how things can go wrong, selects countermeasures, and then reconciles ambitions with real budgets.

Quick hits from Yaron:

On AI’s role in defense at scale: “We need to be able to embrace and figure out how we can automate more, how we can leverage those technologies to help us defend better and really tackle that the technical debt mountain… maybe with some AI, agentic AI, maybe we have some chances to deal with it better.”

On why breaches still happen: “Unpatched systems, misconfigurations, compromised credentials, RDP, open RDP, the RDP that somebody left out there.”

On preventing AI agent blind spots: “Do you know what your inventory is? Back then it was devices, then cloud workloads and virtual machines and other Kubernetes or whatnot. And now it’s like agents, okay? If we’re going to suck at managing the agent’s inventory, the same way we [sucked at] managing, you know, device inventory, we are going to have a big problem.”

Recent Book Recommendation: The Psychology of Money by Morgan Housel

--

Like what you hear? Leave us a review and subscribe to the show on Apple, Google, Spotify, Stitcher, or wherever you listen to podcasts.

Enterprise AI Defenders is a show where security, privacy, and safety leaders share how they are protecting the world from AI-powered threats. Find more great lessons from tech leaders and enterprise software experts at https://www.enterprisesoftware.blog/.

Enterprise AI Defenders is produced by Josh Meer.