Partially Redacted: Data, AI, Security, and Privacy

In this episode, we dive into the realm of cloud security with Merritt Baer, Field CISO of Lacework. Together, we look at the complex tapestry of perceptions surrounding on-premises security versus the cloud, shedding light on why some still view on-prem as the safer option.
Merritt lends her expertise to dissect the trade-offs that companies face by remaining in the traditional on-premises sphere rather than embracing the potential of the cloud. We explore the security considerations unique to the cloud-native world, offering insights into what it takes to navigate this transformation securely.
Whether you're a seasoned professional or just beginning your cloud journey, this episode will expand your understanding of cloud security, uncovering the pros, cons, and crucial factors to ponder when venturing into the realm of cloud computing.
Topics:
Why do people think on-prem is more secure?
What are the tradeoffs a company is making when they refuse to move to the cloud?
What are the new challenges facing a company once they’ve moved to the cloud from a security perspective that perhaps they didn’t face in the on-prem world?
Does the cloud reduce or increase your security risk footprint?
Does the type of talent and team look different?
How are cloud-native security tools and platforms different from traditional on-premises security solutions?
How do you manage security at this kind of scale?
As organizations adopt multi-cloud and hybrid cloud strategies, how do you recommend they maintain consistent security measures across different cloud environments?
What are some emerging security threats in the cloud landscape, and how can organizations proactively defend against them?
What is keeping CISOs up at night?

In this episode, we explore the world of General Data Protection Regulation (GDPR) Catawiki’s Data Protection Lead Paul Breitbarth. We cover GDPR's history, business essentials, compliance significance, and the art of harmonizing business objectives with regulatory demands.
Paul breaks down key GDPR components, emphasizing their role in safeguarding data privacy. From data handling to breach notification, listeners gain insights into essential compliance steps.
The heart of the conversation revolves around the challenge of balancing business goals with GDPR rules. Practical strategies are discussed, including privacy-conscious approaches and effective data protection policies. This episode is a guide for businesses and individuals navigating GDPR's complexities, offering actionable insights for responsible data management and privacy protection.
Topics:
What was the immediate impact on businesses when GDPR came into effect? How did the world respond?
What are the main requirements of a business when it comes to GDPR?
What are the key rights granted to individuals under GDPR, and how can they exercise these rights?
What are the technical requirements?
What are some common challenges businesses face when implementing GDPR compliance?
How has GDPR influenced the handling of data breaches and security incidents?
What are the fines for non-compliance?
What does it mean to be compliant?
Can you really be 100% compliant? Is that realistic?
How can a business navigate GDPR compliance, balance all the needs, and still do business?
What are the responsibilities and obligations of data processors and data controllers under GDPR?
Are there any recent updates or amendments to GDPR that businesses should be aware of?
What’s the future of GDPR?

In this episode, Ray Everett, Head of Privacy and Data Protection at Avellino Lab, joins the show to discuss the rise of the privacy officer. The conversation delves into the essential role of privacy officers, providing listeners with a comprehensive understanding of their responsibilities and the challenges they encounter. Ray offers practical advice on effectively finding and hiring privacy officers, as well as initiating and managing successful privacy programs. This episode is a must-listen for anyone seeking to navigate the ever-evolving landscape of privacy protection.
Topics:
How has the privacy landscape changed throughout your career? What are some of the big changes from when you started to today?
Can you describe the role and responsibilities of a Chief Privacy Officer? How has this evolved over time?
What does this function end up looking like within a large organization? Who’s on the team?
When should a company be building a privacy function? How do they know they need it?
When a company decides to establish a privacy officer role, what factors should they consider in determining the scope and authority of the position?
How does one go about finding a qualified privacy officer? What skills, qualifications, and experience should be sought after?
What sets a great privacy officer apart from an average one?
Let’s say I’m a founder and I realize I should hire a privacy officer and build a privacy function, but I have no experience with it, I just know I need to do it. Where do I start? How do I know what to look for in a potential candidate?
During the hiring process, what specific interview questions should I be asking? What kind of positive or negative signals should I be testing for?
Even when privacy organizations exist, they are often under-resourced and under-appreciated. What are your suggestions or thoughts on how a privacy officer can work with an organization to prevent this from happening?
What’s the typical career path for someone looking to move into privacy? What do you recommend for those listening that might want to build a career in privacy?
What are your thoughts on the future of the privacy officer? Will they own more budget, have more authority?
Resources:
Ray Everett LinkedIn
International Association of Privacy Professionals

In the podcast episode Jodi Daniels, Founder & CEO of Red Clover Advisors, and Justin Daniels, Legal and Corporate Counsel at Baker Donelson, share valuable insights on privacy and security considerations in product development. They discuss the common mistakes made and the crucial questions to ask when designing new products, emphasizing the need for proactive data protection.
Jodi and Justin delve into core principles and best practices for integrating privacy-by-design, highlight the risks of neglecting privacy and security during product development, and explore ways to balance innovation and functionality with privacy and data protection requirements. They also address the importance of ingraining privacy and security throughout the product life cycle and provide guidance on evaluating the privacy and security implications of emerging technologies like AI.
Topics:
From your point of view, what do you think is the biggest mistake or oversight people make when building new products when it comes to privacy and security?
What kind of questions should I be asking myself when designing a new product when it comes to data protection?
What are the core principles and best practices for operationalizing privacy-by-design when developing new products?
What are the potential risks and challenges associated with neglecting privacy and security considerations during the product development phase?
How can organizations effectively balance the need for innovation and functionality with the requirements of privacy and data protection?
What steps can companies take to ensure that privacy and security are ingrained throughout the product life cycle, from design to deployment?
Are there any specific regulations or standards that companies should be aware of when it comes to privacy and security in new product development?
What are some of the privacy and security challenges facing companies interested in generative AI?
When it comes to any kind of new technology, like AI, how can individuals and businesses evaluate the privacy and security implications before integrating them into their operations?
What are some common misconceptions or myths surrounding privacy and security in AI, and how can they be addressed?
Resources:
Data Reimagined: Building Trust One Byte at a Time

In this episode, Rachael Ormiston, Head of Privacy at Osano, joins the show to discuss the impact of generative AI on privacy. We covered a wide range of topics, including Rachael's initial impression of ChatGPT and the risks associated with generative AI. We also explored Italy's recent ban on ChatGPT, the measures that can be taken to mitigate risks and protect privacy, and how businesses and organizations can leverage generative AI responsibly without infringing on people's privacy rights.
Furthermore, we delved into the role of policymakers in regulating the use of generative AI to ensure privacy protection, as well as the ethical considerations that should be taken into account. Rachael provided valuable insights on how individuals can protect their privacy in the age of generative AI and the steps they can take to safeguard their personal information. Finally, we discussed the future of generative AI, highlighting the need to harness its potential while ensuring that privacy remains a top priority.
Join us in this enlightening conversation as we navigate the intersection of Generative AI and privacy, gaining valuable insights from Rachael Ormiston's expertise.
Topics:
What was your first impression of ChatGPT?
How can generative AI impact privacy, and what are some of the risks associated with it?
Recently Italy became the first western country to ban ChatGPT, why did they do this?
What might this mean for other countries?
What measures can be taken to mitigate the risks of generative AI, and how can we ensure that privacy is protected?
How can businesses and organizations leverage generative AI while ensuring that they don't infringe on people's privacy rights?
How can policymakers regulate the use of generative AI to ensure that it doesn't infringe on people's privacy rights?
What ethical considerations should be taken into account when using generative AI, and how can we ensure that it is used responsibly?
How can individuals protect their privacy in the age of generative AI, and what steps can they take to safeguard their personal information?
What is the future of generative AI, and how can we harness its potential while ensuring that it doesn't pose a threat to our privacy?

In this podcast episode, Jimmy Fong, Chief Commercial Officer at Seon, discusses online fraud and the role of Seon's fraud prevention tool. Jimmy covers common fraud patterns, evolving tactics, and the challenges of distinguishing legitimate user behavior from fraudulent activities. He shares Seon's journey, emerging fraud patterns, and best practices for security. Jimmy emphasizes collaboration and information sharing, highlighting the potential of generative AI in fraud prevention.
Topics:
How does online fraud work and why is it such a concern for online businesses and consumers?
What are some common fraud patterns that individuals or businesses should be aware of when conducting transactions online?
How has fraud patterns changed over time?
How do fraudsters typically exploit vulnerabilities in online systems to carry out their fraudulent activities?
Why fraudulently submit demo requests to a business? What is a fraudster attempting to do?
What are the challenges and complexities involved in distinguishing between legitimate user behavior and fraudulent activities?
How did Seon start?
Are there any notable trends or emerging fraud patterns that you've observed recently? How should businesses adapt to stay ahead of evolving fraud tactics?
What are some best practices that individuals and businesses can implement to enhance their overall security posture and minimize the risk of falling victim to online fraud?
How important is collaboration and information sharing between businesses, industry associations, and law enforcement agencies in combating online fraud? Are there any notable initiatives in this regard?
In your opinion, what does the future of fraud prevention look like? What role might generative AI play on both sides?
Resources:
Seon
SEON Cat & Mouse Podcast

Manny Silva, Skyflow’s Head of Documentation, joins the podcast to share his journey of tinkering with generative AI systems and building a private GPT trained on internal Skyflow documents.
Manny discusses his first impression of ChatGPT, how he got interested in this space as a technical writer, and the non-obvious insights he gained along the way. He addresses common misconceptions about GPT, particularly regarding privacy and security. Manny explains the concept of creating a private GPT and explores the reasons why organizations would want to implement it. He provides valuable insights into effectively integrating a private GPT into existing workflows and systems, along with the challenges and considerations companies should be aware of.
Manny shares best practices for training and fine-tuning a private GPT to ensure optimal performance and accuracy. He delves into the impact of his work at Skyflow and the enhanced productivity observed in the field. Finally, Manny looks ahead to future advancements and trends in the field of private GPTs and discusses their transformative potential in the realms of documentation, product launches, and marketing.Topics:
When you first saw ChatGPT, what was your first impression?
As a technical writer, how did you get so interested in this space and start tinkering with the Open AI platform and APIs?
What are some of the non-obvious things you learned as you dove into this?
What are some of the common misconceptions you’re seeing when it comes to GPT, in particular when talking about privacy and security?
What’s it mean to create a private GPT and why would someone want to do that?
How can organizations effectively implement and integrate a private GPT into their existing workflows and systems?
What are some common challenges or considerations that companies should be aware of when building and utilizing a private GPT?
What are some best practices and strategies for training and fine-tuning a private GPT to ensure optimal performance and accuracy?
Can you describe what you built at Skyflow that leverages private GPT?\
What kind of impact are you seeing in terms of yours or other people’s productivity?
Looking ahead, what advancements or trends can we expect to see in the field of private GPTs, and how will they continue to transform the way we work with documentation, product launches, and marketing?
Resources:
Privacy-First AI: Harnessing Snowflake and Skyflow to Customize GPT
Generative AI Data Privacy with Skyflow GPT Privacy Vault

In this episode, Ashley Jose, a product lead at Skyflow with a decade of experience in SaaS product management, explores the importance of data governance in today's data-driven world. He discusses the impact of growing data on business decisions and highlights the key components of an effective data governance framework.
Ashley addresses misconceptions, explains the evolution of data governance, and its intersection with data privacy regulations. He also explores how data governance works within Skyflow's data privacy vault approach.
Ashley addresses common misconceptions about data governance and dispels myths surrounding the topic. He then delves into the evolution of data governance in the face of big data and technological advancements, highlighting both new challenges and opportunities. He explains how organizations must navigate privacy regulations like GDPR and incorporate them into their data governance strategies.
Drawing on Skyflow's expertise in data privacy vaults, Ashley explains how data governance functions within their approach. He demonstrates how this approach addresses challenges related to controlling access to sensitive data.
Ashley provides practical advice for engineers and technical professionals looking to enhance their involvement in data governance initiatives.
Topics:
How has the growth of data that businesses store, process, and analyze impacted how they make business decisions?
Can you explain what data governance is and why it is important in the context of today's data-driven world?
What are the key components of a comprehensive data governance framework?
What are the main challenges organizations face when implementing effective data governance practices? How does data governance impact engineers and technical teams directly? What role do they play in ensuring successful data governance?
What are some common misconceptions or myths about data governance that you often come across? How would you address them?
With the rise of big data and advancements in technology, how has data governance evolved over the years? Are there any new challenges or opportunities that have emerged?
How does data governance intersect with data privacy and compliance regulations, such as GDPR or CCPA?
In the context of Skyflow and the data privacy vault approach to the management of sensitive data, how does data governance work?
How does a data privacy vault help address some of the challenges with controlling access to sensitive data?
Are there any emerging trends or technologies in the data governance space that you find particularly interesting or promising?
Do you have any practical advice or recommendations for engineers and technical professionals who want to enhance their understanding and involvement in data governance initiatives within their organizations?
Resources:
Introducing the Skyflow Data Governance Engine
Data Access Control with lakeFS’s Adi Polak
The Partially Redacted 2022 Year in Review with Skyflow’s Ashley Jose

In this episode, Anshu Sharma, CEO and co-founder of Skyflow highlights the alarming disparity between the millions of dollars companies invest in cybersecurity and the persistent occurrence of breaches and cyber attacks. Despite these hefty investments, current approaches to cybersecurity are simply not enough to protect customer data. It's like putting a bandaid on a broken arm - it might temporarily cover the problem, but it won't heal the underlying issue.
According to Anshu, what we truly need is a security by default approach. We require systems that not only secure customer Personally Identifiable Information (PII) but also understand and handle the various types of workflows involving PII. This means implementing measures that go beyond mere protection and actively support the necessary tasks and operations involving sensitive data.
Skyflow has developed technology that addresses these challenges. Skyflow not only ensures the security of PII but also supports the specific workflows associated with it. By doing so, Skyflow's technology effectively insulates applications from the burdensome responsibility of managing customer data, allowing organizations to focus on their core business objectives.
Topics:
Are we getting better at protecting customer data or worse?
Why has the software industry failed at cybersecurity?
How do you think the trend towards increased regulation and oversight of the cybersecurity industry will impact the development and adoption of new security technologies?
What is security-by-default?
What are some of the tactics companies can use to build products that are secure-by-default?
How does this approach potentially change the culture of the company?
What’s an example of a company building products with security built-in?
What inspired you to start Skyflow, and how does your solution address the current challenges with cybersecurity in the software industry?
What is the key difference between what Skyflow offers and what’s historically been done by businesses for data protection?
How do you see the software industry evolving in terms of cybersecurity in the next few years, and what role do you think companies like Skyflow will play in this transformation?
What’s next for Skyflow?
Resources:
The software industry has failed at cybersecurity. What, now?
Privacy by Architecture with Anshu Sharma

In this episode Roshmik Saha, Head of Engineering at Skyflow, dives into the fascinating realm of data privacy and security solutions. Whether you're considering building your own privacy solution or seeking insights into the infrastructure requirements for handling credit card data securely, this episode has you covered.
One important aspect that often goes underestimated is the maintenance costs associated with data privacy solutions. Roshmik emphasizes the significance of factoring in long-term maintenance expenses, as these solutions require ongoing updates, monitoring, and enhancements to adapt to evolving threats and regulations. It's crucial to recognize that compliance is merely a baseline and that solely building for compliance may not offer state-of-the-art security. Roshmik shares his expertise on how to go beyond compliance and implement robust security measures to protect sensitive data effectively.
During the conversation, Roshmik highlights key considerations and features when building a data privacy solution to securely store and govern access to data. From encryption techniques and access control mechanisms to comprehensive auditing capabilities, he offers insights into the foundational elements required for a robust privacy solution. Additionally, he emphasizes the importance of incorporating state-of-the-art security technologies and features to reduce the risk of data breaches and potential reputational damage.
Scalability is another critical aspect to address when developing a data privacy solution. Roshmik sheds light on the challenges faced by engineering teams in ensuring that the solution can meet the needs of a growing organization. He discusses strategies for building a scalable architecture that can handle increasing data volumes, user demands, and operational complexities.
Throughout the episode, Roshmik provides practical advice and shares his thoughts on various topics, including the future of data privacy and security technologies. By drawing from his vast experience and expertise, you'll gain valuable insights into building a data privacy solution that not only meets regulatory requirements but also ensures resilience against cyber attacks.
Topics:
If I told you I was starting a B2C company and I was going to build my own privacy and security solution, what would your advice be
Considering just credit card data, what would I need from an infrastructure standpoint to securely store, handle, and process credit card data?
Beyond infrastructure costs, what other types of costs would I need to think through?
What are the types of features or technologies I’d need to build to meet existing privacy requirements but also reduce the risk that I end up in the news for a data breach?
What are the key considerations or features when building a data privacy solution to securely store data and govern access?
What’s the engineering cost to build and maintain these?
What kind of expertise does an engineering team require to build something that you think not only meets regulatory requirements, but also is resilient to cyber attacks?
What are the most important security measures that need to be put in place to protect data privacy?
How do you test and evaluate the effectiveness of the data privacy solution?
How do you ensure that the data privacy solution remains up-to-date with evolving data privacy regulations and best practices?
What are the biggest challenges that engineering teams face when building a data privacy solution?
How do you ensure that the data privacy solution is scalable to meet the needs of a growing organization?
Why do you think companies try to do this themselves?
How do you ensure that the Skyflow is resilient to cyber attacks and other security threats?
What advice would you give to other engineering teams building a data privacy solution for their organization?
Are there any future data privacy or security technologies you’re excited about?