Security fails when it’s written for auditors instead of humans. Jess Vachon sits down with cybersecurity and privacy leader Ash Mohanaprakas to unpack how the best security programs feel practical, lightweight, and deeply aligned to the mission, even under pressure. Ash shares how she helps organizations turn security from a cost center into a strategic advantage that supports enterprise deals, customer trust, and acquisition readiness.
Ash’s story is anything but linear: an Oxford-trained linguist, a first-generation immigrant, and one of the only undergraduate student parents during her time there. We talk about how language and identity shape the way people interpret risk, why “translation” is an underrated security leadership skill, and how her early governance, risk, and compliance work at a huge university taught her to design controls that researchers can actually live with. The conversation also gets candid about imposter syndrome, early-career salary constraints, and the confidence that comes from learning hard frameworks by doing real work.
From ISO 27001 to SOC 2, we dig into what companies get wrong when they overbuild compliance with endless policies, and what to do instead when you need scalable security with minimal friction. We also tackle AI security and AI governance: why “AI-first” is not a differentiator, how to think about agentic workflows, and where AI can genuinely reduce repetitive GRC tasks so humans can focus on complex risk decisions and culture.
If you care about cybersecurity leadership, pragmatic compliance, risk management, board communication, and building security programs that scale, this one will land. Subscribe, share this with a security leader who’s drowning in documentation, and leave a review with the most “unread policy” moment you’ve seen.
https://www.vigilantviolet.com/
www.linkedin.com/in/jessvachon1
