Interested in being a guest? Email us at [email protected]

Nick Kathmann, CISO at LogicGate, brings over 25 years of cybersecurity experience to tackle the paradox at the heart of modern risk management: security teams drowning in data while GRC teams are starving for it. This fundamental disconnect has long hindered effective enterprise risk management—until now.
AI is emerging as the bridge between these two worlds, combing through massive datasets to identify patterns and relationships that humans might miss. Drawing from his extensive background in highly regulated environments, Kathmann explains how AI can transform incident data, near misses, and control failures into actionable intelligence that helps organizations calibrate their risk tolerance and prevent threats before they materialize.
The conversation explores how cyber insurance is evolving through AI-powered underwriting that evaluates security control effectiveness with unprecedented precision. We also examine the governance challenges organizations face when SaaS providers unexpectedly enable AI features without proper opt-in procedures, creating what Kathman colorfully describes as product teams "running with scissors" to meet market demands.
Perhaps most valuable is Kathmann's practical framework for implementing AI governance—understanding that different AI use cases require different risk evaluations. Whether you're enabling AI in an SAP instance, using GitHub Copilot for engineering, or building custom LLMs, each scenario demands consideration of data sensitivity, potential biases, and intellectual property implications unique to that implementation.
Looking ahead, Kathmann offers an optimistic view of AI's impact on GRC professionals. Rather than replacing compliance officers, AI will likely increase demand for human expertise by making risk data more accessible and actionable. The technology will serve as a co-pilot, handling routine tasks while enabling humans to make better-informed decisions about high-impact risks. For organizations ready to transform their approach to risk management, the journey begins with mapping connections between processes, controls, and risks—then implementing modern platforms capable of turning this complex web of relationships into strategic advantage.
Which aspects of your risk management program would benefit most from AI enhancement? The future of GRC is here—are you equipped to leverage it?

Support the show

More at https://linktr.ee/EvanKirstel