EP 12 — Cyderes’ Patrick Carter on Data Tagging As the Missing Link in GenAI Security Strategy

Within just four hours of implementing controls at one healthcare organization, Patrick Carter, Sr. Practice Director at Cyderes, and his team caught an employee secretly selling sensitive patient data. Patrick doesn't just tell Jean his war stories, however — he provides a practical framework for quantifying security risks using the FAIR model and sounds the alarm on shadow AI becoming the single biggest threat to data security. From discovering that 10% of AI-generated code contains vulnerabilities to developing detection tools for unauthorized AI usage, Patrick offers a masterclass in navigating both the dangers and opportunities of AI for security leaders.   Topics discussed:   Building a specialized data protection practice from the ground up, with insights into how Patrick scaled his team to 40 consultants while maintaining excellence in service delivery. The dual challenge organizations face with data security: understanding complex compliance requirements and gaining visibility into what sensitive data exists in their environments, where it's stored, and how it moves. Shadow AI emerging as the most significant threat to data security in 2025, with statistics showing 60% of employees using free AI platforms and approximately 10% of prompts containing sensitive data. Using the FAIR risk model to translate complex security concepts into quantifiable financial impacts that help CISOs make data-driven investment decisions. A real-world case study where implementing data tagging and DLP controls uncovered an internal data theft operation at a healthcare organization within just four hours of deployment. The strategic integration of AI into service delivery, including developing an AI agent that functions as a Level 1 data analyst for managed DLP services. The critical importance of follow-through in professional growth, and how it’s the single most important trait for success in the cybersecurity field.