Arun DeSouza, the Managing Director at Profortis Solutions, brings over two decades of experience as a CISO, having developed and implemented award-winning programs in identity lifecycle management and IoT security. His impressive career includes induction into the CISO Hall of Fame by the Global Cyber Startup Observatory and recognition as a top CISO by Cyber Defense Magazine. Arun’s expertise, combined with his academic background—a Ph.D. in Chemical Engineering from Vanderbilt—offers listeners a unique perspective on navigating today’s complex cybersecurity landscape.

From Chemical Engineering to Cybersecurity Leadership
Arun’s journey into cybersecurity is as unconventional as it is inspiring. Initially trained as a chemical engineer, he transitioned to cybersecurity through hands-on experience and a fearless approach to problem-solving. Faced with the challenge of managing global security for a French company, Arun built a strategic plan that not only upgraded systems but also delivered significant savings. His approach, which he calls the “power of federation,” involved collaborating with partners for discounted pricing and consolidating resources.

Navigating Cybersecurity Threats: IoT, Ransomware, and AI
Arun sheds light on the evolving cybersecurity threat landscape, particularly the rapid proliferation of IoT devices. With an estimated 75 billion IoT devices by 2025, the risks associated with insecure software, vulnerable cloud communications, and expanded attack surfaces are more significant than ever. He highlights specific challenges in manufacturing and OT security, where ransomware and supply chain attacks can cripple operations. Arun also warns of the impending threat of AI-powered supply chain attacks, which could amplify the scale and sophistication of breaches. His insights reinforce the need for robust data governance and the adoption of Zero Trust security models to mitigate these risks effectively.

Critical Role of Identity Management and Leadership
Central to Arun’s security philosophy is the concept of identity access management (IAM) as a strategic cornerstone. He introduces the idea of the “identity coin,” which blends physical security (person, device, location) with logical security (attributes, behavior, context). Arun emphasizes that security is not just about technology but also about strong leadership and communication. He advises CISOs to build relationships with senior leaders, use storytelling to convey risks, and align security initiatives with business objectives. His analogy of the CISO as the “captain of the good ship cyber” encapsulates his forward-thinking approach to navigating cybersecurity challenges.

Technical Acumen and Strategic Vision
Arun’s expertise and leadership offer actionable insights for anyone looking to strengthen their cybersecurity strategy. His forward-thinking approach to risk management, identity governance, and embracing change provides a valuable blueprint for both cybersecurity professionals and business leaders.

LinkedIn: https://www.linkedin.com/in/arundesouza/

Profotis Solutions: https://profortissolutions.com/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

With over two decades of experience in the cybersecurity domain, Chad Lorenc stands as a prominent voice in cloud security and enterprise security strategy. Currently serving as a security leader at Amazon Web Services (AWS), Chad has contributed significantly to advancing cloud architecture best practices and building robust security frameworks for some of the world’s most dynamic organizations. In this insightful Kitecast episode, Chad shares his expertise on cloud security, the evolving role of CISOs, and the integration of artificial intelligence (AI) into enterprise security strategies.

Evolution of Cloud Security: From Apprehension to Opportunity

In the early days of cloud adoption, organizations often hesitated to migrate their operations due to concerns over security and control. Chad reflects on this initial apprehension and explains how the cloud security paradigm has matured over the years. Many companies attempted to replicate on-premises security models in the cloud, often facing challenges with patching, incident management, and compliance. Cloud environments require unique security approaches, with a focus on building specific controls and aligning them with broader security operations and compliance requirements.

CISOs: Leading the Charge in Cloud and AI Adoption

A recurring theme in the podcast is the critical role of CISOs in driving cloud and AI strategies. Chad offers valuable advice to CISOs, encouraging them to lead cloud adoption initiatives rather than being pulled into projects at the last minute. He highlights the tangible security benefits of cloud environments, such as the ease of implementing encryption and other advanced security controls. By taking a proactive approach, CISOs can not only enhance security but also achieve cost savings and operational efficiencies.

Embracing AI and Navigating Regulatory Challenges

As organizations increasingly integrate AI into their operations, compliance and security become critical considerations. Chad discusses how the shift to data lakes and the acceleration of AI adoption have transformed cloud security conversations from traditional security measures to compliance and audit readiness. The conversation also touches on the complexities of shadow AI—where unsanctioned AI tools are used within companies—and how security leaders can address these challenges by aligning internal strategies with business demands. In addition, Chad sheds light on the regulatory landscape, including the growing importance of FedRAMP compliance for federal clients and the balance between rapid cloud innovation and regulatory adherence.

Charting the Future of Cloud Security with Chad Lorenc

The podcast concludes with Chad’s forward-looking perspective on the evolving cybersecurity landscape. He believes that while AI remains a dominant topic, true innovation lies in optimizing security operations and embracing technologies that drive business outcomes. Chad sees an emerging trend where CISOs are not only security experts but also strategic business leaders who contribute to overall organizational success. His parting advice to security professionals is clear: embrace new technologies like AI and cloud solutions with a strategic mindset to remain relevant and impactful.

LinkedIn: https://www.linkedin.com/in/chadlorenc/

Amazon Web Services: https://www.linkedin.com/company/amazon-web-services/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.

Unveiling AI, Data Security, and Innovation

Howard Holton, the Chief Technology Officer of GigaOm, explores some of the most pressing topics in technology today. With over two decades of experience spanning roles as CTO, CISO, CIO, and consultant, Howard brings a wealth of knowledge to the conversation. His background includes leadership positions at Rheem Manufacturing, Hitachi Vantara, and Precision Discovery, where he honed his expertise in digital transformation, data science, and operational strategy. At GigaOm, Howard combines his technical acumen with a passion for helping organizations navigate the complexities of modern technology landscapes.

Generative AI: Hype vs. Reality

The conversation delves into the rapid rise of generative AI (GenAI) and the realities beyond the hype. Howard explains how businesses are grappling with this transformative technology, which, while promising, is rife with complexities. Many organizations rushed into adopting AI without fully understanding its implications, leading to inefficiencies and unexpected risks. He points out that generative AI is a powerful tool but cautions against treating it as a catch-all solution. The conversation highlights how improper use can lead to issues like misinformation, inaccurate outputs, and even legal challenges, underscoring the need for deliberate strategy in deploying AI tools.

Tackling AI Governance and Risks

Howard also provides an unvarnished look at AI governance and its associated risks. With generative AI being a relatively young technology, governance frameworks are still in their infancy. Organizations often lack cohesive tools to manage the risks associated with AI deployments. This leads to challenges in ensuring compliance with data privacy regulations and safeguarding sensitive information.

Shadow AI: The Hidden Risk

Shadow AI emerged as another critical topic in the discussion. Howard describes Shadow AI as the unauthorized use of AI tools by employees, often without the knowledge or approval of management. While employees leverage these tools to improve productivity or efficiency, this practice introduces significant risks to data security and compliance. Sensitive company data may unknowingly be exposed to public large language models (LLMs), creating vulnerabilities and potential regulatory breaches.

Advice for the Tech Community

Closing the episode, Howard offers invaluable advice for professionals navigating the ever-changing tech landscape. He underscores the importance of mentorship, curiosity, and collaboration in driving innovation. “It’s our job to help people,” he says, emphasizing the need for tech leaders to share their knowledge and foster growth within their communities. Howard also encourages organizations to adopt a mindset of continuous learning, particularly as emerging technologies like AI continue to evolve.

LinkedIn: https://www.linkedin.com/in/howardholton/

GigaOm: https://gigaom.com/

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.