In this episode of Resilient Cyber, I sit down with VP, Product Marketing and Strategy for Protegrity, James Rice.

We will be discussing how traditional approaches to security aren't solving the AI security challenge, the importance of data-centric approaches for secure AI implementation and addressing issues such as AI data leakage.

James and I dove into a lot of great topics, including:

• Why traditional perimeter-based and infrastructure-centric security models are failing in the era of AI, and why organizations need to fundamentally rethink their approach to securing AI workloads.
• The concept of data-centric security — protecting the data itself rather than the systems surrounding it — and why this shift is critical as data flows across cloud platforms, AI models, and agentic workflows.
• The growing risk of AI data leakage and how sensitive information (PII, PHI, PCI, intellectual property) can inadvertently be exposed through AI training data, model outputs, prompt injection, and RAG pipelines.
• Why many organizations find themselves stuck in an "AI circularity" — wanting to leverage AI but unable to do so because of the complexity of securing critical business data throughout the AI lifecycle.
• The importance of embedding security controls inline within the AI pipeline — from data ingestion and model training to orchestration and output — rather than bolting security on after the fact.
• How data protection techniques such as tokenization, anonymization, dynamic masking, and format-preserving encryption can enable organizations to use realistic, context-rich data for AI while maintaining compliance and reducing risk.
• The challenge of securing agentic AI workflows, where autonomous agents continuously interact with enterprise data, making traditional access control models insufficient.
• How organizations can balance the need for AI innovation and data utility with regulatory compliance requirements across frameworks like GDPR, HIPAA, PCI DSS, and emerging AI-specific regulations.
• James's perspective on how security, risk, and compliance functions need to evolve to keep pace with the rapid productionization of AI across the enterprise.
• The role of semantic guardrails in governing AI inputs and outputs, ensuring that protection is applied contextually based on how data is being used — not just where it resides.

• About the Guest
  James Rice is VP of Product Marketing and Strategy at Protegrity, a global leader in data-centric security. He brings over 20 years of experience in security, risk, and compliance, having provided solution engineering, value engineering, and implementation services to Fortune 1000 organizations across industries. Prior to Protegrity, James held leadership roles at Pathlock (formerly Greenlight Technologies), Accenture, and PricewaterhouseCoopers.
  
  
• About Protegrity
  Protegrity is a data-centric security platform that protects sensitive data across hybrid, multi-cloud, and AI environments. Their approach embeds security directly into the data itself — enabling enterprises to unlock insights, accelerate innovation, and meet global compliance with confidence. Protegrity's solutions include data discovery and classification, tokenization, anonymization, dynamic masking, and semantic guardrails for AI and analytics workflows.
  Learn more at protegrity.com

In this episode of Resilient Cyber, I sit down with Jamieson O'Reilly, Security Researcher and Founder @ Dvuln.

Jamieson recently went viral for his hacking activities demonstrating the vulnerabilities and exploitation of OpenClaw (previously ClawdBot and Moltbot), from exposed servers, backdooring skills and demonstrating how to perform potential account takeovers.

Jamieson is now helping secure the OpenClaw project.

We will walk through his findings, implications of the rise of Personal AI Assistants (PAI) and the various potential risks and security ramifications of insecure adoption and usage.

In this episode of Resilient Cyber, I sit down with longtime Cyber practitioners and leaders Helen Patton and Josiah Dykstra to dive into their latest book, "Switching to Cyber: The Mid-Career Guide to Launching a Cybersecurity Career".

The book aims to help mid-career professionals pivot into the cyber career field and navigate finding their cyber niche, bridging skill gaps and conquering tech intimidation among more.

In this episode of Resilient Cyber I sit down with Anshuman Bhartiya to discuss AI-native AppSec.

Anshuman is a Staff Security Engineer at Lyft, Host of the The Boring AppSec Community podcast, and author of the AI Security Engineer newsletter on LinkedIn.

Anshuman has quickly become an AppSec leader I highly respect and find myself learning from his content and perspectives on AppSec and Security Engineering in the era of AI, LLMs and Agents.

In this episode of Resilient Cyber I'm joined by one of my favorite Vulnerability Researchers, Jerry Gamblin.

Jerry recently published a comprehensive 2025 CVE retrospective, which we will dive into, as well as his thoughts around trends and patterns we may see emerge in the vulnerability management landscape moving into 2026 and beyond.

In this episode of Resilient Cyber, I sit down with my friend and the Founder of Return on Security (RoS), 💰 Mike Privette.

Mike is the among the best our community has to offer when it comes to analyzing the macroeconomic trends of the cybersecurity ecosystem, from M&A, fundraising, startups, innovation, and venture capital.

We will dig into the macroeconomics of cyber this past year, key trends, takeaways, the outsized role AI has or hasn’t had and what 2026 may hold as we look ahead.

In this episode I sit down with my friend and Vulnerability Researcher Patrick Garrity 👾🛹💙 of VulnCheck to do a roundup of the latest trends, analysis and insights into the vulnerability and exploitation ecosystem throughout the past year.

We covered a lot of great topics, including:

- The most notable vulnerability trends over 2025, including what has changed, or stayed the same in the past year.

- Continued challenges around the NIST NVD and CVE, the sprawl of competing vulnerability databases and vulnerability identification schemes, challenges with funding, centralized vs. decentralized approaches and what the future holds.

- What the life of a vulnerability researcher looks like under the hood, including participating in coordinated vulnerability disclosure.

- Efforts from Patrick's team at VulnCheck, including their Known Exploited Vulnerability catalog, covering gaps from the CISA KEV, as well as https://research.vulncheck.com that provides excellent graphs and visualizations.

- Patrick's thoughts on what the vulnerability management landscape may look like in 2026.

In this episode of Resilient Cyber, I'm joined by Jesus Alejandro Cardenes Cabre, SVP of Product Architecture and John Xiaremba, Software Engineer, both from the VIA Knowledge Hub team to dig into all things post-quantum cryptography (PQC).

This includes PQC standards, as well as practical steps developers must take today to mitigate future risks.