Shows
Future of Data SecurityEP 29 — Age of Learning's Carl Stern on Why Certifications Are Side Effects, Not Final GoalsCarl Stern, VP of Information Security at Age of Learning, explains why forcing controls into place without executive alignment guarantees you'll fight uphill battles every single day, as people begin to see security as a blocker rather than a business enabler. Instead, he starts with identifying crown jewels and acceptable risk levels before selecting any frameworks or tools, ensuring the program fits company culture instead of working against it. He also asserts that certifications like HITRUST and SOC 2 validate you're already operating securely; the real program is the daily processes people follow because they understand why, not c...
2026-02-1029 min
Future of Data SecurityEP 28 — National Bank's Andre Boucher on Managing AI without Shadow IT FrictionAndré Boucher, SVP Technology and Information Security (CTO/CISO) at National Bank of Canada, managed the transition from commanding Canadian Forces Cyber Command to leading security at a systemically important financial institution by recognizing that governance expertise matters more than technical depth at scale. His approach to shadow AI involves enabling experimentation early with secure platforms that business teams actually prefer, reducing the appeal of unauthorized tools. Rather than aggressive detection that drives behavior underground, they created environments where innovation happens within guardrails. This shifts security from adversarial to collaborative, treating 31,000 employees as team participants rather than risks to m...
2026-01-2738 min
Future of Data SecurityEP 27 — Turntide's Paul Knight on Zero Trust for Unpatchable Production SystemsWhen manufacturers discover their IP and other valuable data points have been encrypted or deleted, the company faces existential risk. Paul Knight, VP Information Technology & CISO at Turntide, explains why OT security operates under fundamentally different constraints than IT: you can't patch legacy systems when regulatory requirements lock down production lines, and manufacturer obsolescence means the only "upgrade" path is a pricey machine replacement. His zero trust implementation focuses on compensating controls around unpatchable assets rather than attempting wholesale modernization. Paul's crown jewel methodology starts with regulatory requirements and threat actor motivations specific to manufacturing.
Paul also...
2026-01-1525 min
INCYBER VoicesS’implanter à l’international en cybersécurité : retour d’expérience sans filtre du CEO de QohashDans cet épisode d'INCYBER Voices enregistré au Forum INCYBER Canada, nous recevons Jean Le Bouthillier, fondateur et CEO de QOHASH, pour un retour d’expérience sans filtre sur l’expansion internationale dans la cybersécurité.Ancien membre des forces spéciales canadiennes, Jean Le Bouthillier a fondé QOHASH en 2018 avec une conviction forte : la sécurité des données ne doit pas reposer sur une centralisation massive dans le cloud. L’entreprise a fait le choix d’une approche décentralisée, orientée edge computing, qui permet d’analyser et de sécurise...
2026-01-1525 min
Future of Data SecurityEP 26 — Handshake's Rupa Parameswaran on Mapping Happy Paths to Catch AI Data LeakageRupa Parameswaran, VP of Security & IT at Handshake, tackles AI security by starting with mapping happy paths: document every legitimate route for accessing, adding, moving, and removing your crown jewels, then flag everything outside those paths. When vendors like ChatGPT inadvertently get connected to an entire workspace instead of individual accounts (scope creep that she's witnessed firsthand), these baselines become your detection layer. She suggests building lightweight apps that crawl vendor sites for consent and control changes, addressing the reality that nobody reads those policy update emails.
Rupa also reflects on the data labeling bottlenecks t...
2025-12-1924 min
Future of Data SecurityEP 25 — Cybersecurity Executive Arvind Raman on Hand-in-Glove CDO-CISO PartnershipArvind Raman — Board-level Cybersecurity Executive | CISO roles at Blackberry & Mitel, rebuilt cybersecurity from a compliance function into a business differentiator. His approach reveals why organizations focusing solely on tools miss the fundamental issue: without clear data ownership and accountability, no technology stack solves visibility and control problems. He identifies the critical blind spot that too many enterprises overlook in their rush to adopt AI and cloud services without proper governance frameworks, particularly around well-meaning employees who create insider risks through improper data usage rather than malicious intent.
The convergence of cyber risk and resilience is res...
2025-12-0221 min
Future of Data SecurityEP 24 — Apiiro's Karen Cohen on Emerging Risk Types in AI-Generated CodeAI coding assistants are generating pull requests with 3x more commits than human developers, creating a code review bottleneck that manual processes can't handle. Karen Cohen, VP of Product Management of Apiiro, warns how AI-generated code introduces different risk patterns, particularly around privilege management, that are harder to detect than traditional syntax errors. Her research shows the shift from surface-level bugs to deeper architectural vulnerabilities that slip through code reviews, making automation not just helpful but essential for security teams.
Karen’s framework for contextual risk assessment evaluates whether vulnerabilities are actually exploitable by checking if...
2025-10-3020 min
Future of Data SecurityEP 23 — IBM's Nic Chavez on Why Data Comes Before AIWhen IBM acquired Datastax, they inherited an experiment that proved something remarkable about enterprise AI adoption. Project Catalyst gave everyone in the company — not just engineers — a budget to build whatever they wanted using AI coding assistants. Nic Chavez, CISO of Data & AI, explains why this matters for the 99% of enterprise AI projects currently stuck in pilot purgatory: technical barriers for creating useful tools have collapsed.
As a member of the World Economic Forum's CISO reference group, Nic has visibility into how the world's largest organizations approach AI security. The unanimous concern is that employees are ac...
2025-10-1531 min
Future of Data SecurityEP 22 — Databricks' Omar Khawaja on Why Inertia Is Security's Greatest EnemyWhat if inertia — not attackers — is security's greatest enemy? At Databricks, CISO Omar Khawaja transformed this insight into a systematic approach that flips traditional security thinking on its head and treats employees as assets rather than threats.
Omar offers his T-junction methodology for breaking organizational inertia: instead of letting teams default to existing behaviors, he creates explicit decision points where continuing the status quo becomes impossible. This approach drove thousands of employees to voluntarily take optional security training in a single year.
There’s also Databricks' systematic response to AI security chaos. R...
2025-09-1831 min
Future of Data SecurityEP 21 — Sendbird's Yashvier Kosaraju on Creating Shared Responsibility Models for AI Data SecuritySendbird had AI agents take backend actions on behalf of customers while processing sensitive support data across multiple LLM providers. This required building contractual frameworks that prevent customer data from training generic models while maintaining the feedback loops needed for enterprise-grade AI performance.
CISO Yashvier Kosaraju walks Jean through their approach to securing agentic AI platforms that serve enterprise customers. Instead of treating AI security as a compliance checkbox, they've built verification pipelines that let customers see exactly what decisions the AI is making and adjust configurations in real-time.
But the bi...
2025-08-2820 min
Future of Data SecurityEP 20 — MoonPay's Doug Innocenti on The Gut Instinct Gap in AI Security OperationsWhat happens when you scale a crypto company across 160+ countries while maintaining the same security standards as Wells Fargo? At MoonPay, it meant rethinking how traditional banking security translates to high-velocity fintech environments. Doug Innocenti, CISO, breaks down how his team achieved PCI, SOC 2 Type 2, and regulatory licenses like BitLicense and MiCA without slowing product development. The secret is the ability to test multiple security tools in parallel and pivot quickly when something isn't working.
But velocity alone isn't enough, he cautions Jean. Doug's approach to AI in security reveals a critical insight: although AI-powered t...
2025-08-1422 min
Future of Data SecurityEP 19 — Cribl's Myke Lyons on Data Hierarchies That Cut Security CostsMyke Lyons brings an unconventional background to cybersecurity leadership, having trained as a chef before discovering his passion for breaking and rebuilding IT systems. As CISO at Cribl, he applies culinary principles like mise en place to security operations while solving the fundamental economics problem facing every security team.
The math is unforgiving, he tells Jean: data volumes grow at 28% annually while security budgets remain flat. Myke's solution involves intelligent data hierarchies that route critical authentication logs to expensive SIEM systems while automatically sending regulatory compliance data to cheaper cold storage, reducing costs by 70-80% t...
2025-07-3128 min
Future of Data SecurityAsk Jean – Why Doesn't 100% Data Coverage Equal 100% Protection?Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses why 100% data coverage doesn’t equal 100% protection.
Would you like to have Jean answer one of your questions in a future episode? Email podcast@qohash.com with your question and a short summary of why you're looking for an answer!
2025-07-1702 min
Future of Data SecurityAsk Jean – How Does Data Visibility Transform Crisis into Calm?Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses how data visibility can turn crisis into calm.
Would you like to have Jean answer one of your questions in a future episode? Email podcast@qohash.com with your question and a short summary of why you're looking for an answer!
2025-06-2702 min
Future of Data SecurityEP 18 — GW Law’s Robert Kang on Why Moving Too Slow With AI Creates Shadow AdoptionRobert Kang, Professorial Lecturer of Cybersecurity & National Security, The George Washington University Law School, has been building enterprise cybersecurity programs since 2009, making him one of the “OG” practitioners when most organizations didn't even have dedicated cyber counsel. His unique perspective comes from protecting both critical infrastructure and social media platforms, highlighting how the same governance, risk management, and compliance framework applies across radically different threat landscapes.
In his conversation with Jean, he shares why organizations face equal risks from implementing AI too quickly or prohibiting it entirely, and how complete AI prohibition drives employees to use pe...
2025-06-2029 min
Future of Data SecurityAsk Jean - What's The Fastest Way To Reduce Data Security Risk?Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses the fastest way to reduce data security risk.
Would you like to have Jean answer one of your questions in a future episode? Email podcast@qohash.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Jean Le Bouthillier:
LinkedIn
Listen to more episodes:
Apple
Sp...
2025-06-1202 min
Future of Data SecurityEP 17 — Modern Health’s Michael Hensley on Healthcare Security Beyond HIPAA Compliance CheckboxesThe healthcare industry's digital transformation has created unprecedented opportunities for patient care delivery, but it's also introduced complex security challenges that extend far beyond traditional compliance frameworks. Michael Hensley, Director of Cyber Security at Modern Health, brings a unique perspective to protecting private — and heavily regulated — health data while maintaining the innovation velocity essential for startup success. Healthcare security teams must balance regulatory requirements with business agility, creating frameworks that protect patients without stifling innovation.
Michael's journey from professional musician to software engineer to cybersecurity leader shaped his understanding that effective security programs prioritize people and pr...
2025-06-0526 min
Future of Data SecurityAsk Jean - How Does GenAI Reshape Data Security Risk?Welcome to a special edition of Future of Data Security, where our host Jean Le Bouthillier answers the top questions our listeners have asked us. In today's episode, Jean addresses how GenAI is reshaping data security risk.
Would you like to have Jean answer one of your questions in a future episode? Email podcast@qohash.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Jean Le Bouthillier:
LinkedIn
Listen to more episodes of Future of Data Security:
Appl...
2025-05-2802 min
Future of Data SecurityEP 16 — KPMG’s Orson Lucas on Why One-Time Security Investments Tend to FailThe world of data security has fundamentally changed, yet many organizations still approach it as a one-time project rather than an ongoing journey. In this episode of The Future of Data Security, Orson Lucas, Principal at KPMG, draws on his 20+ years of experience to challenge the "one-and-done" approach that dooms many security initiatives. After witnessing the evolution from obscure privacy regulations to strategic business differentiators, Orson walks Jean through why even the most sophisticated organizations struggle with fundamental data governance and how the rise of AI assistants is creating unprecedented new risks.
Orson discusses why p...
2025-05-0737 min
Future of Data SecurityEP 15 — Morgan Stanley's Faith Rotimi-Ajayi on AI as Security's "Double Agent"The security landscape has radically shifted from "if you get breached" to "when you get breached" — and Morgan Stanley's approach to data protection reflects this fundamental change in mindset. In this episode of The Future of Data Security, Faith Rotimi-Ajayi, AVP of Operational Risk, discusses how sophisticated attackers are now researching and targeting specific financial institutions rather than relying on opportunistic attacks.
Faith tells Jean why social engineering attacks have evolved to target entire family units, including compromising newborns' Social Security numbers for future fraud, and why third-party risk management demands rigorous new approaches as vend...
2025-04-0127 min
Future of Data SecurityEP 14 — ruby’s George Al-Koura on Why Your Third-Party Security Audits Aren't Enough"If you aren't investing in penetration testing, if you aren't investing in having external auditing and third party reporting like gray and black box type testing, you're leaving your program extremely exploitable because you're just admiring the beauty of your own ideas." This blunt assessment from George Al-Koura, CISO at ruby, encapsulates his refreshingly practical approach to data security.
In this episode of The Future of Data Security, George challenges conventional wisdom by predicting a major shift back to controlled data centers as organizations struggle with securing AI implementations in the cloud. He reflects on wh...
2025-03-2544 min
Future of Data SecurityEP 13 — Early Warning's Daniel Maynard on AI Governance and Data Risk ManagementIn this insightful episode of The Future of Data Security, Jean Le Bouthillier speaks with Daniel Maynard, VP of Privacy and Data Risk Management & CPO at Early Warning, shares his journey from law to privacy and offers a practical framework for assessing AI implementation risks — distinguishing between controllable technical risks and more complex model provenance concerns.
Daniel tells Jean about the critical challenges facing financial institutions, including data quality issues, AI ethics considerations, and the paradox of balancing fraud prevention with privacy protection. Daniel provides actionable governance strategies for managing shadow AI, addresses emerging threats from...
2025-03-1125 min
Future of Data SecurityEP 12 — Cyderes’ Patrick Carter on Data Tagging As the Missing Link in GenAI Security StrategyWithin just four hours of implementing controls at one healthcare organization, Patrick Carter, Sr. Practice Director at Cyderes, and his team caught an employee secretly selling sensitive patient data. Patrick doesn't just tell Jean his war stories, however — he provides a practical framework for quantifying security risks using the FAIR model and sounds the alarm on shadow AI becoming the single biggest threat to data security. From discovering that 10% of AI-generated code contains vulnerabilities to developing detection tools for unauthorized AI usage, Patrick offers a masterclass in navigating both the dangers and opportunities of AI for security leaders.
...
2025-03-0422 min
Future of Data SecurityEP 11 — Exabeam’s Kevin Kirkwood on Advanced Attack Detection with UEBAThe cybersecurity landscape is entering an AI arms race, and Kevin Kirkwood, CISO at Exabeam, is on the frontlines building defenses that can match the speed of machine-powered threats. As Exabeam's "Customer Zero," Kevin shares candid insights from transitioning through three platform generations in three years, reflecting on how each migration exposed previously undetected attack patterns in Microsoft environments.
His experience leading the rapid adoption of 700+ UEBA rules simultaneously (against recommended practice) offers valuable lessons for security leaders pushing the boundaries of detection capabilities. Kevin envisions a future where AI-assisted systems can propose new detection ru...
2025-02-2528 min
Future of Data SecurityEP 10 — Idaho National Lab's Robert Roser on Securing America's Nuclear Research InfrastructureDrawing on his unique background in high-energy physics experimentation, Robert Roser, CISO & Director of Cyber Security at Idaho National Laboratory, offers valuable insights into the parallels between managing complex scientific detectors and securing critical national research infrastructure. He explores the evolving landscape of scientific computing security, from the open science environment of Fermilab to the classified research world of nuclear energy.
Rob's practical experience implementing zero-trust architecture, managing international collaborations, and navigating federal compliance requirements provides a comprehensive view of modern cybersecurity challenges in sensitive research environments. His candid discussion of AI's impact on both se...
2025-01-2319 min
Future of Data SecurityEP 9 — County of Santa Clara's Chris Pahl on Building Trust in Public Sector PrivacyDrawing from his diverse background in both private and public sectors, Chris Pahl, CPO of the County Executive Office of the County of Santa Clara, tells Jean how organizations can transform privacy from a compliance burden into a strategic asset on this episode of The Future of Data Security Show.
Chris’s "U R IT" framework emphasizes the crucial role of employees in data protection, and his practical approach to managing AI risks and surveillance technologies offers a blueprint for modern privacy leadership. He demonstrates how to build privacy programs from the ground up, foster cros...
2025-01-1625 min
Future of Data SecurityEP 8 — Marsh McLennan’s Orrie Dinstein on Navigating Global Data Privacy ChallengesIn this episode of The Future of Data Security Show, Jean speaks with Orrie Dinstein, Global Chief Privacy Officer at Marsh McLennan. Orrie shares his extensive experience in data privacy, highlighting the shift from compliance-focused programs to a more integrated approach that encompasses information governance.
Orrie also sheds light on the misconception of data ownership among executives, the complexities of navigating global privacy laws, and the critical need for collaboration between privacy and security teams. He also offers his strategies for how organizations can effectively manage data protection while fostering innovation.
Topi...
2025-01-0927 min
Future of Data SecurityEP 7 — Lumen Technologies’ Hugo Teufel on the Role of Employee Training in Data PrivacyIn this episode of The Future of Data Security Show, Jean speaks with Hugo Teufel, VP; Deputy General Counsel for Cyber, Privacy, Records; & Chief Privacy Officer at Lumen Technologies. Hugo shares his expertise on the evolving landscape of data privacy and security, such as the significant impact of AI on data security, emphasizing the need for organizations to understand various AI use cases and implement robust governance frameworks.
Hugo also highlights the importance of employee training in mitigating risks, noting that human error remains a critical vulnerability. Additionally, he explores the complexities of navigating global da...
2024-12-0221 min
Future of Data SecurityEP 6 — Trusteva’s Sylvia Klasovec Kingsmill on Embracing Privacy by Design in the Digital AgeIn this episode of The Future of Data Security Show, Jean speaks with Sylvia Klasovec Kingsmill, Senior Fellow, Future of Privacy Forum and Founder of Trusteva. They explore the critical distinctions between data privacy and data security, emphasizing their complementary roles in protecting individual rights and safeguarding data.
Sylvia also addresses the complexities AI introduces to privacy regulations, particularly around consent and data scraping. Additionally, she highlights the importance of adopting a "privacy by design" philosophy, urging organizations to proactively integrate privacy measures into their systems.
Topics discussed:
The distinction between data pri...
2024-11-1524 min
Future of Data SecurityEP 5 — The Government of Alberta’s Martin Dinel on Navigating Cloud Adoption in the Public SectorIn this episode of The Future of Data Security Show, Jean speaks with Martin Dinel, Assistant Deputy Minister & CISO, Cybersecurity Division of the Government of Alberta. Martin uses his extensive experience in cybersecurity and the evolving landscape of data protection to explore the significant impact of AI on enhancing data security measures, emphasizing a risk-based approach to adopting new technologies.
Martin also delves into the challenges and strategies of cloud adoption in the public sector, highlighting how centralized data management can improve security. Additionally, he addresses the importance of collaboration among government entities to strengthen cy...
2024-10-3130 min
Future of Data SecurityEP 4 — Fidelity National Financial’s Ward Balcerzak on Navigating Data Security in a Cloud-First WorldIn this episode of The Future of Data Security Show, Jean speaks with Ward Balcerzak, AVP and Director of Data Security & Insider Risk at Fidelity National Financial, who shares his expertise on the evolving challenges of data security in today’s cloud-first landscape. Ward discusses the critical importance of establishing a comprehensive data inventory and discovery process to effectively manage sensitive information.
Ward also offers his insights into the implications of generative AI on data protection, highlighting the need for robust governance strategies to mitigate risks. With a focus on collaboration across departments, this episode offe...
2024-10-1727 min
Future of Data SecurityEP 3 — Imperva’s Terry Ray on the Impact of Generative AI on Data ProtectionIn this episode of The Future of Data Security podcast, Jean speaks with Terry Ray, SVP of Data Security GTM & Field CTO at Imperva, who shares his extensive experience in the field of data security. He discusses the evolving landscape of cybersecurity, particularly the challenges posed by generative AI and its implications for data protection.
Terry emphasizes the importance of understanding data usage and implementing robust monitoring practices to mitigate risks. He also highlights the need for clear communication within organizations to enhance security efforts. He also shares his invaluable insights on how to navigate th...
2024-10-0331 min
Future of Data SecurityEP 2 — University of Kentucky’s Michael Sheron on Navigating Data Management Challenges at UniversitiesIn this episode of The Future of Data Security podcast, Michael Sheron, Director of Privacy and GRC at the University of Kentucky, shares his journey into data privacy and the challenges faced in managing sensitive information within a large academic institution.
He emphasizes the importance of establishing solid privacy policies and fostering a culture of cybersecurity awareness among staff. Michael also discusses the unique data management challenges posed by high student turnover and the need for collaboration across departments to ensure effective data stewardship.
Topics discussed:
The...
2024-09-1922 min
Future of Data SecurityEP 1 — HelpScout’s Pilar Garcia on People-Centric Data Privacy and SecurityIn the very first episode of The Future of Data Security podcast, our host, Co-Founder and CEO of Qohash, Jean Le Bouthillier, speaks with Pilar Garcia, Director of Privacy and Security at Help Scout. Pilar shares her journey into data privacy and security, emphasizing the significance of a people-centric approach to building robust security teams.
She discusses the delicate balance between innovation and risk, highlighting the importance of effective communication within organizations. Pilar also touches on the evolving challenges posed by AI in the security landscape, particularly with phishing.
Topics discussed:
Transitioning from a ba...
2024-09-0319 min
WMYT - What makes YOU Tick? Tech Leaders Career StoriesE.28 - Success and Setbacks in Tech Sales Leadership, Cyber Sales VP Josh Pearson's Career InsightsFrom Washington DC, starting his tech career as a renewals rep, to becoming a worldwide VP of sales. With companies like Oracle, Adobe, IBM, Akamai, Instart Logic, Cloudflare, Kognos and Qohash - this man knows what success looks like!Josh Pearson is a great example of building a successful career in tech sales leadership.the ...not always easy, but the right way = Built on Trust ✅🔓 Here's what you'll find inside:- Turning setbacks into comebacks.- Overcoming the isolation of the C-suite.- The jump from doer to di...
2024-02-1549 min
BUILDERSJean Le Bouthillier, CEO of Qohash: $20 Million Raised to Build the Future of Data SecurityIn today's episode of Category Visionaries, we speak with Jean Le Bouthillier, CEO of Qohash, a data security platform that's raised $20 Million in funding.
Topics Discussed:
Jean’s background in defense as an officer in the Canadian Military and a tactical helicopter pilot
Why Jean decided to quit the military to found his own company, and the lessons he learned from his time as an officer
The difficulties regulated entities have in keeping customer data safe and following regulations, and how Qohash helps them do that
Why it’s difficult to get client reviews when your prod...
2023-09-1529 minBUILDERSJean Le Bouthillier, CEO of Qohash: $20 Million Raised to Build the Future of Data SecurityIn today's episode of Category Visionaries, we speak with Jean Le Bouthillier, CEO of Qohash, a data security platform that's raised $20 Million in funding.
Topics Discussed:
Jean’s background in defense as an officer in the Canadian Military and a tactical helicopter pilot
Why Jean decided to quit the military to found his own company, and the lessons he learned from his time as an officer
The difficulties regulated entities have in keeping customer data safe and following regulations, and how Qohash helps them do that
Why it’s difficult to get client reviews when your prod...
2023-09-1529 min
Cybersecurity BuildersJean Le Bouthillier, CEO of Qohash: $20 Million Raised to Build the Future of Data SecurityIn today's episode of Category Visionaries, we speak with Jean Le Bouthillier, CEO of Qohash, a data security platform that's raised $20 Million in funding.Topics Discussed:Jean’s background in defense as an officer in the Canadian Military and a tactical helicopter pilotWhy Jean decided to quit the military to found his own company, and the lessons he learned from his time as an officerThe difficulties regulated entities have in keeping customer data safe and following regulations, and how Qohash helps them do thatWhy it’s difficult to get client reviews when your produc...
2023-09-1529 min