In this episode, we sit down with StackAware Founder and AI Governance Expert Walter Haydock. Walter specializes in helping companies navigate AI governance and security certifications, frameworks, and risks. We will dive into key frameworks, risks, lessons learned from working directly with organizations on AI Governance, and more.

• We discussed Walter’s pivot with his company StackAware from AppSec and Supply Chain to a focus on AI Governance and from a product-based approach to a services-oriented offering and what that entails.
• Walter has been actively helping organizations with AI Governance, including helping them meet emerging and newly formed standards such as ISO 42001. Walter provides field notes, lessons learned and some of the most commonly encountered pain points organizations have around AI Governance.
• Organizations have a ton of AI Governance and Security resources to rally around, from OWASP, Cloud Security Alliance, NIST, and more. Walter discusses how he recommends organizations get started and where.
• The U.S. and EU have taken drastically different approaches to AI and Cybersecurity, from the EU AI Act, U.S. Cyber EO, Product Liability, and more. We discuss some of the pros and cons of each and why the U.S.’s more relaxed approach may contribute to economic growth, while the EU’s approach to being a regulatory superpower may impede their economic growth.
• Walter lays our key credentials practitioners can explore to demonstrate expertise in AI security, including the IAPP AI Governance credential, which he recently took himself.

You can find our more about Walter Haydock by following him on LinkedIn where he shares a lot of great AI Governance and Security insights, as well as his company website www.stackaware.com

In this episode, we sit with the return guest, Jim Dempsey. Jim is the Managing Director of the Cybersecurity Law Center at IAPP, Senior Policy Advisory at Stanford, and Lecturer at UC Berkeley. We will discuss the complex cyber regulatory landscape, where it stands now, and implications for the future based on the recent U.S. Presidential election outcome.

We dove into a lot of topics including:

• The potential impact of the latest U.S. Presidential election, including the fact that while there are parallels between Trump’s first term and Joe Biden’s, there are also key differences. We’re likely to see a deregulatory approach related to commercial industry and consumer tech but much more alignment and firm stances related to cyber and national security.
• The future of efforts around Software Liability and Safe Harbor
• Contrasted differences between the EU’s tech regulatory efforts and the U.S. The U.S. has taken a much more voluntary approach. While Jim is an advocate of regulation and thinks it is needed, he simply cannot get behind the heavy-handed approach of the EU and suspects it will continue to widen the tech gap between the U.S. and the EU.
• What is the potential for regulatory harmonization and the challenges due to the unique aspects of each industry, vertical, data types, and more.

Jim leads the recently formed IAPP Cybersecurity Law Center

He is also the author of the book Cybersecurity Law Fundamentals, Second Edition.

In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left".

This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine.

We dive into a lot of topics such as:

• Tyler and Jame’s high-level thoughts on shift left and where it may have went wrong or run into challenges
• Tyler’s thoughts on the evolution of shift left over the last several decades from some of his early Pen Testing roles and working with early legacy applications before the age of Cloud, DevOps and Microservices
• James’ perspective, having started in Cyber in the age of Cloud and how his entire career has come at shift left from a bit of a different perspective
• The role that Vendors, VC’s and products play and why the industry only seems to come at this from the tool perspective
• Where we think the industry is headed with similar efforts such as Secure-by-Design/Default and its potential as well as possible challenges