In this episode, Cheri Hotman sits down with Diane Jones to explore the intersection of cybersecurity, engineering, and artificial intelligence. Drawing on her background in systems engineering and security, Diane shares her journey into AI governance and discusses how organizations can move beyond the hype and fear surrounding AI to focus on practical, actionable risk management. From NIST and ISO frameworks to developing her own AI admissibility framework, Diane offers valuable insights into building trustworthy, governable AI systems that deliver real business value.

In this episode of The Art of Cybersecurity, Cheri Hotman sits down with GRC leader Jerry Koshy for an honest, practitioner-to-practitioner conversation about what it really takes to build effective cybersecurity and risk programs.

While compliance and risk management often get framed as rigid processes or box-checking exercises, Cheri and Jerry explore why the most impactful work in GRC is actually an art form—one that requires leadership, communication, and the ability to align people across an organization.

Together they discuss:

• Why governance is often the most overlooked part of GRC

• How cybersecurity professionals must act as business enablers, not roadblocks

• The role of culture, buy-in, and relationship building in successful security programs

• Why many organizations struggle with audits and third-party risk management

• How strong GRC programs focus on continuous improvement, not just passing audits

They also dig into the realities of burnout in the field, the importance of emotional intelligence in leadership, and why the best cybersecurity programs succeed because of people—not just technology.

This episode is a candid look at the human side of cybersecurity, and why building secure organizations requires both science and art.

AI is not the boogeyman. It is not a magic fix either. In this episode of The Art of Cybersecurity, Cheri Hotman sits down with Erica Shoemate (former FBI and U.S. intelligence community, now working across tech policy, trust and safety, and AI literacy) to talk about what most AI conversations miss: the human stakes.

They dig into why “we passed the audit” is not the same as being secure, why integrity has to show up in daily decisions and not just on a values page, and how companies can adopt AI without sacrificing governance. Erica shares a practical example of using internal GenAI to speed up regulatory readiness and control mapping while keeping human review and accountability front and center. The takeaway is simple. Use AI to reduce friction and busywork, so people can focus on judgment, risk, and critical thinking.