{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cyber Smokehouse","title":"Managing Risk at Scale - John Rogers - Cyber Smokehouse - Episode #21","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/db84a67b\"></iframe>","width":"100%","height":180,"duration":2925,"description":"Cybersecurity leaders today face a challenge that extends far beyond technology: keeping pace with constant change. In this episode of Cyber Smokehouse, Ernie Anderson and Graeme Payne sit down with John Rogers, Chief Information Security Officer and Head of Technology Risk at MSCI. Drawing on experience spanning consulting, financial services, and executive security leadership, John shares his perspective on AI governance, third-party risk management, board communication, and the growing complexity facing security teams.Listeners will gain practical insights into how organizations can approach AI governance, communicate cyber risk effectively to executives and boards, rethink traditional third-party risk practices, and prepare for a future where security leaders must balance innovation with increasingly complex threats. Takeaways:The speed of change remains one of the biggest challenges facing security leaders today, with AI accelerating both innovation and the barrier to entry for attackers.AI governance starts with visibility. Before organizations can govern AI effectively, they need an inventory of where AI systems and agents actually exist across the business.Citizen development creates opportunities for innovation but also introduces new security responsibilities that many non-technical users may not fully understand.Effective board communication requires focusing on risk, change, and business impact rather than diving into highly technical details that executives may not find actionable.Traditional third-party risk management approaches often rely heavily on questionnaires that may not provide meaningful security insight, highlighting the need for more risk-focused evaluation methods.Security teams are continually playing catch-up as new technologies emerge, while foundational controls such as encryption and access management remain consistently important.Cybersecurity professionals entering the field should embrace AI tools rather than fear them, as...","thumbnail_url":"https://img.transistorcdn.com/OzVByYrVZ7pJIeb4cJ2-aoOkjC_j5Q1oz9lj1NhJqsk/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS80OTlh/YTdiNmUxMDU5OWY1/NWM4NTAxODM1NGNm/YTBiZi5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}