StackAware

Who should own AI governance? I've seen it run by: -> Security -> Privacy -> Legal Even data science teams themselves. And there is an emerging 5th option showing promise, which I talk about in this clip ?? --- Need more AI governance tips? Go to my profile (Walter Haydock) and ring my bell ??!

"We wake up one day and our vendors now all have AI." ?? A common security leader concern. What to do: -> Check terms, conditions, & privacy policies regularly -> Build a database to track risks and remediations -> Apply industry-leading AI governance expertise Easy right? Well, if you don't have the skills or bandwidth to do this, I've got good news: StackAware's AI risk assessment database! With 200+ risks (and growing) identified, it is THE single source for vendor-specific AI issues. Try it free for 7 days:

Want transparent AI? Check out this clip for 5 ways to make it happen: And StackAware's free guide is here: https://lnkd.in/gzP4-s5b

"We're risk-on. But I want be sure we're not risk-stupid." ?? What the CISO of a $75M ARR SaaS firm told me about his company's approach to AI. He continued, saying "I know we can do do this well. But I'm also keenly aware we can do this poorly." This sums up the challenges facing companies in 2025: -> The competition is heating up -> Executives are pushing to use AI -> Employees feel pressure to increase productivity At the same time: -> Data leakage risks abound -> Regulators are turning up the heat -> Customers demand to know how you use their info Bringing new tools, models, and products online quickly but also securely is the name of the game here. StackAware can help. And to demonstrate our value, we'll start for free. So check out our 7-module AI governance model at govern [dot] stackaware [dot] com

3 reasons health-tech companies choose HITRUST over SOC 2 to accelerate sales and avoid fines: 1. Scalability HITRUST offers certifications at 4 different levels: -> e1 -> i1 -> r2 -> AI As your firm grows, so will its security needs. An early e1 certification addresses customers concerns from the start without a massive compliance program. You can "graduate" to i1 or r2 to show greater maturity as you store and process more sensitive data like protected health information (PHI). And if you are developing artificial intelligence products, the AI security certification is a purpose-built, externally-assessable framework. With SOC 2 you can get Type I or II attestations (not certifications) on control design (that's all for Type I) and operating effectiveness (Type II). You could expand the Trust Services Criteria [TSC] (security, confidentiality, processing integrity, availability, and privacy) reviewed, but customers (and many SOC 2-audited companies) don't understand what these mean. HITRUST's structure is well-known in the healthcare industry, making enterprise sales easier. 2. Flexibility HITRUST (as of version 11.4) maps to 61 authoritative sources, which allows you to demonstrate compliance with laws and regulations like HIPAA's rules for: -> Privacy -> Security -> Breach notification There are few ways to guarantee safe harbor from regulatory action through external certification, but having an outside expert check your work is the next best way to avoid it. SOC 2 attestations focus on the TSC and don't look at specific regulatory requirements. For example, even if you get attested for the privacy TSC, that doesn't mean the auditor is saying you are GDPR or CCPA compliant. 3. Quantified results Organizations with HITRUST certifications reported a 0.59% incident rate in 2024. Conversely, Munich Re's Global Cyber Risk and Insurance Survey for 2024 found 47% of the interviewed participants (out of 7,500) had suffered one. While compliance isn't security, security often IS compliance. Without a breach to investigate in the first place, the likelihood of expensive fines are low. Separately, some cyber insurers offer a 25% credit to r2-certified organizations because of the reduced risk. No data exists for either breach rates or insurance discounts for SOC 2-attested companies. TL;DR - Health-tech companies should look at HITRUST over SOC 2 because of its: 1. Scalability 2. Flexibility 3. Quantified results Are you?

Need an AI governance advisor "in a box" to accelerate deal closure and reduce the risk of hacks and fines? Get one with the 1st month FREE! Here is what is included: -> Editable copies of all StackAware info products -> Security and governance posture audit -> Unlimited risk assessment API queries -> 60 mins per month of 1:1 consulting -> 72 hour SLA on written questions So if you are security, compliance, data, or AI leader in: -> Financial services -> Healthcare -> B2B SaaS DM me "ADVISOR" by end of today and I'll send over the promo code. (no GRC products or other consultants)

Thrilled to welcome Noah G. Susskind to StackAware! Noah joins us from McKinsey & Company, where he spent almost 8 years and most recently served as a Senior Security Manager. At StackAware, he'll be Head of AI and Cybersecurity, while dual-hatting as General Counsel. Leveraging over a decade of information security and compliance experience, Noah will lead delivery of our AI governance services. I'm excited about this next stage of growth and couldn't be happier to bring Noah onboard.

This is my last day on the internal Cybersecurity team at McKinsey & Company. I’m grateful for the hundreds of friends, sponsors, and other colleagues I met over nearly 8 years here—too many to name. My next role will be Head of AI and Cybersecurity, and General Counsel, at StackAware. I’m psyched to join founder Walter Haydock working on AI, Cyber, and Privacy.

On Monday, a health-tech CISO and StackAware customer explained the key business driver for our work: "The goal of building this governance program is so that we don't have to revisit it on a contract-by-contract basis...so we can scale our business ambitions for AI without making life a living hell for the folks in legal." Proprietary AI is a massive competitive advantage, but closing enterprise deals is complex: -> Customers have security/ethical concerns -> Contractual restrictions make life painful -> Regulators are getting more aggressive So instead of re-inventing the wheel every time, why not just be like my client and build a repeatable process? If that sounds good, I'll get you started with StackAware's free healthcare AI governance model. So if you are a security, compliance, or data leader in health-tech and want access: DM me "HEALTH." (no consultants)

Want to eliminate bias from AI? Check out this clip??