AI governance challenges aren’t fundamentally new - they’re extensions of existing IT security problems like shadow IT, data inventory gaps, and data loss. Organizations with mature security programs already have the building blocks needed to govern AI, though some AI-specific challenges require additional consideration.

I was invited to speak at the innagural AuthCon, the first Customer Identity and Access Management (CIAM) conference. During my presentation, I shared real-world insights from my company’s journey to SaaS. I outlined how customer identity and access management needs evolved across on-premises, hybrid, and cloud-native environments, and why building or buying the right identity features is critical for security, scalability, and customer satisfaction.

After attending multiple security conferences this year, BlueHat 2024 stood out for all the right reasons: no vendors, no sales pitches, just pure technical content. The dual perspectives from security researchers and Microsoft’s Security Response Center revealed that every security team faces the same fundamental challenges, just at different scales.

Fed up with losing SSH keys during my annual machine rebuilds, I discovered 1Password’s SSH Agent functionality. With some configuration tweaks, I now manage keys securely across devices and projects while adding MFA protection to every SSH operation.

Cross-platform encryption is a pain - different languages, same algorithm, different implementations. Here’s working AES-256 code for C#, Node.js, and PowerShell that actually interoperates correctly, so you don’t have to debug crypto edge cases.

Investments Unlimited hit close to home - a financial firm forced to fix their security posture discovers the same issues I face daily: outdated asset inventories, useless CABs, inconsistent pipelines. The message is clear: automate everything, don’t block velocity, and dig beneath surface assumptions.

Two product management books sparked an unexpected realization about the intersection between customer behavior analytics, security telemetry, and audit logging. Sometimes the most valuable insights come from applying frameworks outside their intended domain.

SNOWFROC 2010 was well worth it again.