What are the biggest challenges data leaders are facing?
Today, we run back some of the best conversations of the year. Ward brings together insights from data security, privacy, and governance leaders across industries to answer one foundational question: What is the biggest challenge organizations are facing when it comes to data security?
From data classification to data sprawl, to even knowing what data you have, we cover it all in this episode.
Featuring: Rick DeLoach, Daley Varghese, Hans Vargas, Bryan DeLuca, Trevor Dolan, Luis Valenzuela, and Christian Ghigliotty.
Takeaways:
Connect with these featured guests:
Ways to Tune In:
What’s the real business impact of bad data governance in modern security programs?
Rick Doten, former Healthplan CISO at Centene Corporation and AI researcher with over 25 years of cybersecurity experience, joins the show to discuss the biggest challenges in data security. Rick emphasizes the critical importance of data governance and quality, explaining how understanding a business's needs and the value of its data are pivotal. He also explores how AI can both enhance and complicate data management. Drawing insights from his varied career path, including his role as a former health plan CISO and current advisor, Rick provides practical advice on mitigating security risks and leveraging AI for data protection.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
How do you get true leadership buy-in for your data security program and turn risk assessments into real action?
In this episode, AVP of InfoSec and data security leader Kenny Vu breaks down why leadership support is the biggest determining factor in whether a program thrives or fails. With over a decade of experience across engineering, consulting, and hands-on data protection work, Kenny shares a clear, practical framework for assessing risk, creating a roadmap, and earning long-term organizational trust. He dives into the nuances of implementing and managing data security programs, the necessity of education and awareness among employees, and strategies for gaining ongoing support from leadership. Kenny also recounts his journey in the cybersecurity field and offers advice for those looking to move into leadership roles.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Is AI really the solution to your data security challenges, or is the real problem hiding in your people and processes?
Ian Kicmol, leader of a major data protection organization with more than a decade of experience, shares why the biggest challenges facing data security today have less to do with tools and everything to do with people, communication, and the ability to manage overwhelming alert volumes. Ian explains why organizations that expect AI to replace humans in data security are setting themselves up for disappointment, and what teams should focus on instead to build programs that actually work. From hiring the right talent to tuning tools to creating a governance council that aligns engineering, legal, and business stakeholders, Ian breaks down the blueprint for a scalable, sustainable data protection function. Whether you're building a program from scratch or trying to fix alert fatigue, this conversation delivers real-world insight from someone who’s done the work across multiple industries.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Are your cybersecurity practices ready for the new era of AI-generated phishing, social engineering, and real-time deepfake attacks?
In this episode of Guardians of the Data, Dr. Sergio Sanchez, CIO of Coleman Health Services and former medical turned cybersecurity leader, breaks down the rapidly evolving world of AI-driven cyber threats. With more than 25 years in IT and security, Sergio brings a rare blend of technical insight, human understanding, and real-world experience. He digs into how AI is reshaping the attacker landscape, why non-technical employees are now prime targets, and what leaders must do today to prepare their organizations for the next wave of threats: from voice cloning and deepfake videos to hyper-personalized social engineering attacks. Sergio also shares his incredible personal journey from operating rooms in Mexico to managing technology for the Catholic Church across 50 states, to now securing one of the most mission-critical environments in healthcare.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Do you really know what your organization’s “crown jewels” are? Or how to protect them?
Bryan DeLuca, Principal Cybersecurity Engineer and self-proclaimed “Swiss Army knife” for data security programs, shares why every great security strategy starts with understanding your data. With over 25 years of IT and cybersecurity experience across a variety of industries, Bryan dives into what it really means to know your “crown jewels”, the data that would stop your business cold if it were compromised. He also discusses the critical role of trust and mental health in fostering a productive and secure work environment. Additionally, Bryan offers practical advice on data protection strategies, the significance of process-driven approaches, and how to effectively implement data lineage and insider threat management.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Are you building a data security program that truly works or just checking the boxes for compliance?
In this episode of Guardians of the Data, Matthew Gonzales, Director of Data Security Engineering, shares what it really takes to build and sustain an effective data security program. Drawing from his 20 years of experience, Matthew stresses the importance of having a structured data security strategy, incorporating business objectives, control frameworks, and operating models. The conversation dives into the nuances of stakeholder engagement, effective communication, and proactive governance. Matthew also shares insights from his own journey in the industry, emphasizing the need to align data security practices with evolving technologies like AI. This episode serves as a comprehensive guide for organizations looking to fortify their data security frameworks.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
In this episode of Guardians of the Data, Ward sits down with Tobias Simpson, Director of Data Security and Security Awareness at Kennesaw State University, to unpack the realities of data classification, governance, and loss prevention in complex organizations. With over 25 years in IT and cybersecurity, Tobias shares hard-earned lessons on building a data-first culture, getting executive buy-in, and using tools like Microsoft Purview to make DLP actually work, without breaking the business. Tobias also highlights the significance of tabletop exercises with departmental cooperation, implementing document matrices, and maintaining strong relationships with technology providers. The conversation concludes with Tobias reflecting on his career journey from help desk roles to cybersecurity leadership, and offering advice for professionals entering or advancing in the field.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What if the key to stronger data security isn’t technology… but curiosity?
In this episode, Christian Ghigliotty, Head of Enterprise Security Engineering, joins us to unpack what it really takes to build a security-first culture in today’s AI-driven world. From champion programs to collaboration councils, Christian shares how curiosity, communication, and connection are redefining how modern teams protect data. He also opens up about his unconventional career path and why he believes writing and relationship-building are two of the most underrated skills in tech. Whether you’re leading enterprise security or just getting started in data protection, this conversation will leave you thinking differently about how trust, empathy, and engagement fuel resilience.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What happens when AI adoption moves faster than your security strategy?
Today, Ward sits down with Adrian Guevara, Chief Information Security Officer at TELUS Digital Solutions, to unpack one of the biggest challenges facing organizations today: how to secure your business in an AI-driven world. Adrian brings over two decades of IT and cybersecurity experience and a refreshingly candid take on what it really takes to lead through massive change. Adrian shares insights on the impact of AI on businesses, the importance of understanding and tinkering with technology, and the crucial role of building trust and relationships within an organization. He emphasizes the need for a culture of continuous feedback and collaboration, especially in rapidly growing and technologically evolving environments. The episode also delves into Adrian's fascinating career journey from an IT director who was voluntold to be a security officer to his current role as a CISO, highlighting key strategies for navigating the ever-changing landscape of data security.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Are we so obsessed with new AI tools that we’ve forgotten the basics of security?
Kraig Faulkner, Field CTO at Infolock, joins the show to discuss the pressing challenges and solutions around data security, particularly focusing on AI and access control. Kraig elaborates on the importance of understanding business data, securing AI access, and the necessary steps organizations need to take to prevent data exfiltration. He shares his professional journey and thoughts on the future trends in data security, including a potential shift back to on-prem solutions and the integration of AI into larger security portfolios. The episode highlights key strategies for implementing and securing AI within organizations, making it a must-listen for security leaders.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What happens when your organization doesn’t know what it needs to protect?
Today Ward welcomes Hans Vargas, Enterprise Data Protection Lead at Marathon Petroleum Corporation, who brings over two decades of experience in cybersecurity. Hans shares insights on the importance of understanding what data needs to be protected, and the challenges organizations face in this area, especially with the adoption of cloud services. He discusses the significance of communicating the value of data protection to business leaders and data owners, and offers practical advice on data discovery, retention, and governance. Hans emphasizes the necessity of including data security considerations in the early stages of application development and innovation. He also shares his personal journey from Peru to a successful career in the U.S., highlighting the importance of mentorship, continuous learning, and proactive problem-solving in cybersecurity. This episode provides valuable strategies for integrating data security into organizational processes and fostering collaboration between cybersecurity professionals and business stakeholders.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What’s harder than stopping a breach? Convincing leadership your data security program is worth the investment.
Zach Luze, Data Security Advisory Practice Director at TBD Cyber joins Ward today to focus on the challenges organizations face in demonstrating the value of data security. Zach explains how the inability to show value can impact budgets and resources, emphasizing that many data security programs struggle with meaningful key performance indicators (KPIs). He suggests a blended approach to data discovery and provides insights into building metrics that highlight the value of security programs. Zach also shares his career journey from an IT auditor to his current role, highlighting his work in assessing, designing, and building data security programs. The conversation touches on various aspects of data security, including data discovery, cloud transformation, insider threats, and the burgeoning role of AI in improving data detection and response. The episode concludes with Zach's predictions on AI's growing influence in data security through 2026 and advice for those looking to break into the field.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Think hackers are your biggest data threat? Think again.
Daley Varghese, a seasoned privacy expert, joins Ward Balcerzak to reveal why data sprawl and AI misuse may be even more dangerous, and what companies can do to get ahead. Daley emphasizes the importance of governance strategies, data mapping, and the need for cross-functional collaboration among privacy, security, and data governance teams. The episode also highlights the pressing need for education and clear communication within organizations to mitigate risks and build trust with consumers. Daley shares insights on how to start privacy initiatives, manage assessment fatigue, and the role of education and relationships in overcoming these challenges. Additionally, Daley provides advice for professionals looking to enter the privacy field and discusses the evolving landscape of privacy regulations.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
How does the accidental insider pose a threat to your company’s security?
Today, Ward dives deep into data security challenges with Rick Scot, the global CISO at Elevate Textiles. With almost 20 years of cybersecurity experience, Rick emphasizes the critical importance of addressing insider threats, especially those posed by well-meaning employees unaware of their risky actions. He shares real-world experiences, the evolution of cyber awareness training, the necessity of building strong internal relationships, and insights into his multifaceted career journey. The episode is packed with expert advice for cybersecurity professionals on fostering a culture of security within an organization and tips for young professionals to find a mentor.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What’s the meaning behind the data your team is collecting?
Derek Fisher, Director of the Cybersecurity Defense and Information Assurance Program at Temple University, joins Ward to hash out the ‘why’ behind data security. Derek emphasizes the importance of understanding the integrity and proper usage of data, especially in scenarios like healthcare and financial services. The conversation also explores the differences in data security practices across various industries such as healthcare, financial services, and higher education. Derek shares insights on teaching the next generation of cybersecurity professionals and the relevance of the NIST NICE framework in aligning education and job roles. The episode offers practical advice for aspiring and current cybersecurity professionals on staying curious, demonstrating skills, and the importance of understanding the broader ecosystem of data security.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
Human risk is the most unpredictable factor in cybersecurity and insider risk.
Lisa Gunning, a counterintelligence and insider risk expert with over 18 years of experience in both the public and private sectors, joins Ward today to dive into human risk. Lisa shares her unique perspective on the human element in cybersecurity, the evolving landscape of insider threats, and the critical importance of building a strong security culture within organizations. The conversation covers the intersection of AI, human behavior, and data protection, offering practical advice for organizations of all sizes. She provides actionable recommendations and stories around her experiences that any listener can benefit from.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What’s the balance between data governance and data stewardship?
Lance Fischer, Principal Security Architect at Guidepoint Security, joins the show today and dives into the complexities of data security, highlighting the differences between data governance and data stewardship. He emphasizes the significance of visibility and collaboration among stakeholders in maintaining robust data security frameworks. Lance shares insights from his extensive career, revealing the practical challenges and strategies in improving data security through governance, tool rationalization, and pragmatic approaches. The discussion also touches on the evolving landscape of AI, APIs, and the critical importance of securing sensitive data. This episode provides a comprehensive look into the foundational aspects of data security and offers practical advice for organizations to enhance their data protection efforts.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
How can cybersecurity professionals balance both the regulatory requirements and the fundamentals of data protection?
Today, Trevor Dolan, VP Senior Director of Cybersecurity Data Protection and Governance at Fidelity National Financial, shares insights on balancing regulatory compliance with the fundamentals of data protection, designing holistic data protection programs, and the importance of strategic planning. He delves into the five main areas of developing data protection organizations: governance and leadership, risk assessment, policies and procedures, training and awareness, and team and organizational structure. Trevor also offers practical advice for young professionals starting in the field and discusses the significance of building trustworthy relationships with stakeholders. For organizations facing budget and hiring challenges, he suggests prioritizing top-risk areas and leveraging existing resources effectively. The episode concludes with Trevor reflecting on his career journey and sharing his contact information for further connection.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In:
What are the people concerns when it comes to cybersecurity?
Today Ward welcomes seasoned security veteran and CEO of Nexasure, Rick McElroy. Rick, with over 25 years of experience in cybersecurity, shares his insights on the primary challenges organizations face in data security, focusing on the often-overlooked human and cultural elements. He emphasizes the importance of education, awareness, and the need for a balanced investment between technology and people. Rick also delves into the dynamics of cross-generational training and the impact of organizational culture on security programs. Additionally, he shares his personal journey in cybersecurity, discusses the significance of continuous learning and volunteering, and offers advice for individuals looking to enter or advance in the field. The episode highlights the need for a holistic approach to data security that includes both technological solutions and human factors.
Takeaways:
Quote of the Show:
Links:
Ways to Tune In: