The security landscape is transforming rapidly as AI becomes embedded throughout enterprise technology stacks. Organizations (and security vendors) need to fundamentally rethink how they approach things like security governance and risk management. That's one of the pieces of advice Jonathan Trull, CISO at Qualys, has during the conversation we had at RSAC 2025 Conference. Listen to this new episode of Techzine Talks to learn more about what he had to say.
Trull draws from his experience overseeing both corporate security and product security engineering when he highlights the gap between AI implementation and security considerations. While organizations race to adopt generative AI tools, few have developed comprehensive frameworks for securing them properly.
According to Trull, many conversations tend to focus on one thing when it comes to securing AI. "Everyone tends to focus on how to prevent sensitive data going into SaaS, AI-enabled products," he says. "But what about when you're building your own LLM models? When do you do data masking? How do you incorporate security in the engineering lifecycle?" These architectural security questions deserve answers too.

At the end of the day, cybersecurity is about creating a balance. A balance between innovation and cybersecurity, and the risks that organizations are willing to take. This conversations gives you some good insights into how to tackle this. Tune in now!