Search IANS

This AAE Writeup outlines how to secure onboarding to help new CISOs quickly understand the organization, navigate key challenges, and drive impact from the start.

This document breaks down how organizations like yours should approach Data Inentory and Mapping by creating an accurate, up‑to‑date view of what data exists; how it moves; and who processes it across systems, products and services.

This Principle underscores that maintaining data inventories and flow maps is essential for identifying and managing privacy‑related security risks. This visibility enables teams to meet obligations like RoPA, DSARs and vendor oversight while enforcing governance and lifecycle controls.

AI-driven automation is rapidly changing expectations for security leaders, but many security organizations are still built around workflows, staffing models, and operating assumptions from a pre-AI era. As CISOs seek to improve execution, reduce operational burden, and augment decision-making with AI, they must also rethink how their teams are structured, staffed, and developed.

AI is turning into an existential crisis for many security tool vendors, with some seeing their stock price plummet with the advent of Claude and other AI tools. How does (and should) AI impact security teams’ build-vs-buy decisions? As more organizations turn to AI and vibe-coding to build their own internal toolsets, where should they start and what should they watch for?

This AAE Call Summary outlines how to build and execute an AI security program with the frameworks, visibility, and controls needed to manage risk at scale.

As organizations accelerate adoption of Microsoft Copilot agents, security leaders must balance innovation with risk. 

As organizations adopt AI agents and MCP, security teams are challenged to enable these emerging technologies while still managing the risk. In this session, IANS Faculty Aaron Turner and CSA Chief Analyst Rich Mogull share practical reference patterns for multi-platform security architectures and compensating controls that protect sensitive data, maintain operational visibility and manage risk across increasingly complex AI workflows.

Download a summary version of IANS’ 2026 Small and Mid-Market Cybersecurity Talent Report

Rich is the Chief Analyst at the Cloud Security Alliance where he focuses on leading-edge cloud and AI security research and implementation. He has over 25 years of security experience, with over 15 years of focusing on cloud and emerging technologies. Prior to joining the CSA full time Rich frequently collaborated with CSA as the principle course designer of the CCSK training class, primary author of the Guidance, and developer of the Cloud Security Maturity Model, among other projects. As Researcher and CEO of Securosis, RIch taught cloud security and incident response at Black Hat for over 10 years, developed the free Cloud Security Lab a Week (CloudSLAW) project, and actively works on developing hands-on cloud security techniques. Rich also founded DisruptOps, a cloud security startup acquired by FireMon where he became the SVP of Cloud Security. Prior to founding Securosis and DisruptOps, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he's happy to speak for free -- assuming travel is covered).