Who Owns Your AI Security Policy? with Chris Cochran

Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question?

Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions.

They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between.

Impactful Moments

00:00 - Introduction

03:00 - Chris Cochran: from Co-Founder to SANS Field CISO

04:20 - Your board is pushing AI before security is ready

06:00 - Tiers of AI uses: summarization to full automation

07:50 - When AI shouldn't make the final call

10:10 - Bite-sized AI: starting small in the enterprise

11:45 - Introducing the SANS AI Security Maturity Model

13:20 - You can no longer afford to be an AI skeptic

16:30 - Three buckets: utilize, protect, and govern AI

18:50 - Fact or Cap: what level of maturity is your enterprise?

21:00 - Retroactive vendor risk and the AI explosion

23:05 - Agentic Identity: workforce, non-human, and beyond

25:00 - What works in the agentic identity space?

27:05 - Blockchain for agent identity: promising or hype?

29:00 - A Message for the next generation of practitioners

31:30 - Ron's closing take: who owns your AI policy?

Links

Connect with Chris Cochran on LinkedIn: ​​https://www.linkedin.com/in/chrishvm/

Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/