EPISODE · May 18, 2026 · 35 MIN
Who Owns Your AI Security Policy? with Chris Cochran
from Hacker Valley Studio · host Hacker Valley Media
Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question? Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions. They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between. Impactful Moments 00:00 - Introduction 03:00 - Chris Cochran: from Co-Founder to SANS Field CISO 04:20 - Your board is pushing AI before security is ready 06:00 - Tiers of AI uses: summarization to full automation 07:50 - When AI shouldn't make the final call 10:10 - Bite-sized AI: starting small in the enterprise 11:45 - Introducing the SANS AI Security Maturity Model 13:20 - You can no longer afford to be an AI skeptic 16:30 - Three buckets: utilize, protect, and govern AI 18:50 - Fact or Cap: what level of maturity is your enterprise? 21:00 - Retroactive vendor risk and the AI explosion 23:05 - Agentic Identity: workforce, non-human, and beyond 25:00 - What works in the agentic identity space? 27:05 - Blockchain for agent identity: promising or hype? 29:00 - A Message for the next generation of practitioners 31:30 - Ron's closing take: who owns your AI policy? Links Connect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/ Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
What this episode covers
Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question? Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions. They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between. Impactful Moments 00:00 - Introduction 03:00 - Chris Cochran: from Co-Founder to SANS Field CISO 04:20 - Your board is pushing AI before security is ready 06:00 - Tiers of AI uses: summarization to full automation 07:50 - When AI shouldn't make the final call 10:10 - Bite-sized AI: starting small in the enterprise 11:45 - Introducing the SANS AI Security Maturity Model 13:20 - You can no longer afford to be an AI skeptic 16:30 - Three buckets: utilize, protect, and govern AI 18:50 - Fact or Cap: what level of maturity is your enterprise? 21:00 - Retroactive vendor risk and the AI explosion 23:05 - Agentic Identity: workforce, non-human, and beyond 25:00 - What works in the agentic identity space? 27:05 - Blockchain for agent identity: promising or hype? 29:00 - A Message for the next generation of practitioners 31:30 - Ron's closing take: who owns your AI policy? Links Connect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/ Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
NOW PLAYING
Who Owns Your AI Security Policy? with Chris Cochran
No transcript for this episode yet
Similar Episodes
Apr 15, 2026 ·28m
Mar 12, 2026 ·14m
Feb 17, 2026 ·21m
Feb 14, 2026 ·11m
Jan 5, 2026 ·61m
Dec 29, 2025 ·33m