What does AI security actually look like inside real organizations?

In this episode of ClearTech Loop, Jo Peterson talks with Matt Sharp, Chief Information Security Officer at Xactly, about shadow AI, non human identities, and what leaders should really mean when they talk about AI defense. They unpack why shadow AI is both an IT and security issue, how CISOs and CIOs are approaching identity and governance, and why AI defense now spans productivity tools, SaaS platforms, internal environments, and third party risk.

In this episode of ClearTech Loop, Jo Peterson sits down with Matt Sharp for a grounded conversation on three issues reshaping enterprise AI governance: shadow AI, NHIs, and AI defense. Matt brings a practical view from inside a real operating environment, where AI adoption is moving fast and governance, identity, and risk have to keep up. In the conversation, he explains why shadow AI is not just a security problem. It is also an IT, tooling, and governance problem, especially when organizations are trying to steer employees toward approved AI tools while protecting enterprise data.

The conversation then shifts to non human identities, where Matt argues that AI agents are being layered into authorization models that organizations never fully solved in the first place. From there, Jo and Matt dig into AI defense as a broader enterprise challenge that now touches browser extensions, IDEs, local models, SaaS platforms, and third party risk. This episode is especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams trying to balance AI adoption with governance, visibility, and accountability.

Timestamps

00:00 Introduction to Matt Sharp and the episode theme
02:29 Shadow AI: IT problem, security problem, or both?
05:54 Why collaboration between security and IT matters
07:21 NHIs, authorization, and the limits of role based access control
12:11 What AI defense means in practice
15:33 Platform strategy, budget pressure, and what comes next in AI security

Guest Bio

Matt Sharp is the Chief Information Security Officer at Xactly. He focuses on security, trust, and AI governance in environments where AI is becoming core to the business and product. He is also a venture advisor at YL Ventures and the author of The CISO Evolution.

Additional Resources

• Matt Sharp: A CISO’s approach to creating AI governance framework: https://www.securitypalhq.com/blog/matt-sharp-a-cisos-approach-to-creating-ai-governance-framework
• The CISO Evolution by Matt Sharp: http://amazon.com/CISO-Evolution-Knowledge-Cybersecurity-Executives/dp/1119782481
• Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577

Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.

🎧 Listen: In Buzzsprout Player
▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/

In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Gerry Gadoury to talk about what AI security leadership actually requires as the threat landscape changes faster and the business pressure around AI keeps rising.

This is not a conversation about one more security tool. Gerry brings the discussion back to risk judgment, executive alignment, and the human side of security leadership. As AI lowers the barrier for attackers and accelerates the pace of change, security leaders need to focus on real risk, not theoretical panic, while helping the business make better decisions under pressure.

Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/

Key Quotes

• “Do real risk assessments. Don't look so much for the Boogeyman. Look for the person actually knocking on your door.”
• “When you mandatorily push it downhill, I think people are going to resist.”
• “The AI landscape changes fundamentally by quarter.”

Three Big Ideas from This Episode

1. Real risk matters more than theoretical panic
   AI security starts with identifying what is likely, material, and relevant to the business instead of getting lost in every hypothetical scenario.
2. Security cannot just be pushed downhill
   Runbooks and playbooks matter, but they do not replace executive alignment. Security works better when leaders understand the concerns, reduce resistance, and align around outcomes before a crisis hits.
3. The CISO role is becoming more business critical
   As AI changes the risk environment, CISOs need to think more like risk officers by balancing technical controls, business priorities, and leadership judgment.

Additional resources

• Destination Employer: Attract, Recruit, and Retain the Top Talent in Your Market by Gerry Gadoury: https://www.amazon.com/dp/B0CR352P8M/ref=cm_sw_r_cp_ud_dp_MCV88SEER4A2FGQQ6H73
• NIST AI Risk Management Framework and AI Resource Center: https://airc.nist.gov/
• ClearTech Loop Season 1: https://www.buzzsprout.com/2248577

🎧 Listen: In Buzzsprout Player
▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/

In this episode of the ClearTech Loop podcast, Jo Peterson sits down with Fernando Montenegro to talk about what the CISO role actually looks like right now as generative AI spreads across the enterprise.

This is not a conversation about one more security tool. Fernando frames AI as a forcing function that exposes the social structure of an organization, including incentives, accountability, influence, and how decisions get made. The CISO role has become a bridge role, and the job is more political, more collaborative, and more consultative than it used to be.

Subscribe to ClearTech Loop on LinkedIn: https://www.linkedin.com/newsletters/7346174860760416256/

Zach Lewis Buzzsprout https://www.linkedin.com/newsletters/7346174860760416256/

Key Quotes

1. “They are the translator of security issues to non security decision makers.”
2. “One of the ways to bring these silos down is to have empathy for the other side, if you will.”
3. “You solve all of this at the design stage, at the initiation stage, not down the line when people want to release the production.”

Three Big Ideas from This Episode

1. AI forces cross functional alignment
   AI makes silos expensive. When teams have to work together to make AI work, security cannot stay isolated and expect trust to show up later.
2. Embed security by showing up early
   There is no perfect universal checklist. The workable move is being there at the beginning, removing friction early, and helping the initiative flourish before deadlines turn everything into a showdown.
3. The CISO is a translator role now
   CISOs are playing multiple games at once across the board, the CIO, legal, customers, regulators, and internal teams. Translation is a core operating requirement, not a soft skill.

Episode Notes and Links

Listen: In the Player
Watch on YouTube: https://youtu.be/0H4x1-Hu-44
Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

Additional resources

• The Futurum Group, Fernando Montenegro profile
  https://futurumgroup.com/fernando-montenegro/
• AI and organizational risk management resources, NIST AI Risk Management Framework
  https://www.nist.gov/itl/ai-risk-management-framework
• 2017 Transformers paper: “Attention Is All You Need” (2017) by Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, Illia Polosukhin. https://proceedings.neurips.cc/paper_files/paper/2017/file/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf
• ClearTech Research and ClearTech Loop https://cleartechresearch.com/

🎧 Listen: In Buzzsprout Player
▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/