Using AI to Solve the Data Visibility Problem - Andrew Wilder - Guardians of the Data - Episode #38
What if your DLP tool is slowing your business down instead of protecting it?
In this episode, Andrew Wilder shares why traditional data loss prevention (DLP) programs have struggled to deliver real value, and what needs to change in an AI-driven world. Drawing from decades of experience leading security programs at global organizations, he breaks down the core challenge most teams still face: relying on humans to classify and manage massive volumes of data simply doesn’t scale.
The conversation explores how AI is reshaping data security, from automatically identifying sensitive data to reducing false positives and improving visibility across the organization. Andrew also explains why security should act as an enabler, not a blocker, and how CISOs can prioritize the right investments while balancing risk and business needs.
If you’re rethinking your approach to data security, AI, or DLP, this episode offers a practical look at what’s working, what isn’t, and where the future is headed.
Takeaways:
- Stop Relying on Humans to Classify Your Data: Manual data classification fails at scale. Invest in AI-powered DSPM tools that automatically crawl, catalog, and classify sensitive data across your environment.
- Use Just-In-Time Popups to Change User Behavior: Real-time prompts asking users to justify unusual data movement are more effective than blocking controls. They create accountability, generate valuable intel, and shift culture without requiring a large team to chase false positives.
- Think of Security as an Enabler, Not a Blocker: Present risks with options and let the business decide their risk appetite. Your job is to inform, not to dictate. Frame security like brakes on a Formula 1 car: they let you go faster safely.
- Look at AI From Three Angles: How is the business using it (and how do you secure that)? How are attackers using it? How can your security team use AI agents to do more with finite resources?
- Build a Team of "Bot Masters": Use AI agents to automate repetitive tasks (SOC L1 triage, GRC forms, legacy account cleanup, third-party risk). Free your human talent for higher-value, strategic work.
- Reassess Your Security Posture At Least Every 90 Days: The risk landscape changes fast (new AI models, zero-days, etc.). Your 3-year roadmap should be a living document, not a static plan.
Quote of the Show:
- “Your job as a CISO is to be kind of a ruthless prioritizer.” - Andrew Wilder
Links:
- LinkedIn: https://www.linkedin.com/in/apwilder/
- Website: https://cybersecurityintheboardroom.com/
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
Creators and Guests
