How can we effectively navigate Microsoft Copilot from pilot to production?
In Friday's Super Cyber Friday episode, 'Hacking Microsoft Copilot: An Hour of Critical Thinking on Deployment and Security,' we discussed best practices and potential pitfalls in launching Microsoft Copilot. We explored both good and bad advice for ensuring the security and productivity of AI tools.
Joining us for this discussion, were Cyrus Tibbs , CISO at PENNYMAC , and Brian Vecci , field CTO at Varonis .
Watch the full video here:
HUGE thanks to our sponsor, Varonis
Register for the next [06-07-24] Super Cyber Friday “Hacking SOC2 Vs. ISO 27001: An hour of critical thinking about the value of these compliance standards.”?
Did you know that we have an events calendar? Visit our events page to subscribe so you can stay up to date on Super Cyber Friday and other CISO Series content.?
领英推荐
Best quotes from our guests
“Part of the problem with a platform like 365 or Google Workspace is that you can't take a role based approach to this. You can't just say these users should have access to this kind of data. That sounds great in theory, but I can click 'share' on any document, share with anybody in the company.” - Brian Vecci, Varonis
"You want people to be productive. You want them to be able to use these collaboration platforms. You want them to be able to use AI tools like Copilot. You want them to be able to work. You want them to be able to work quickly and efficiently, but you need to have guardrails in place. " - Brian Vecci, Varonis
“I've met a lot of CISOs who have more projects than they have people.?Like there is no army of people that you can hire to go do that because every single file has its own set of access controls.” - Brian Vecci, Varonis
“As security leaders, we really are the people that need to usher this into the enterprise. The actual productivity benefits of gen AI are massive. We've got to be the responsible stewards of this technology and help the company bring it in.” - Cyrus Tibbs, PennyMac
Quotes from the chat room
“Utilize the purview insider risk management reports to monitor for misuse of Copilot and weak permissions.” - Duane Gran , director of information security, Converge Technology Solutions Corp.
“Provide training to users about ethical use and right purpose for using Copilot. Consider awareness training for privacy protection.” - Marco Castilla , CISO, Avis México
“Include AI in new security training awareness, along with data privacy and protections.” - William Tulaba, CISSP , manager, security engineering, Cognex Corporation
“Create a comprehensive Gen-AI policy on what it can and can't be used for. Specify what types of company-sensitive data should not be input into the prompts.” - Andrew Aken, PhD, CISSP , CISO/vCISO, DocDrew, LLC
“All the business LLM tools are really highlighting the issues we have with data governance. The problem has always been there, LLMs are just really good at exploiting the gaps way better than humans are.” - Matt Black , director information security, Contentstack
“Deploy in user community waves to get feedback without risking a full deployment to all staff.” - Duane Gran , director of information security, Converge Technology Solutions Corp.
Jesus follower | CISO
9 个月Another great Cyber Friday event David, thanks!
Great dad | Inspired Risk Management and Security | Cybersecurity | AI Governance & Security | Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
9 个月Sadly I missed the last session, but I signed up for this one
Experienced Information Security Leader | Protecting Digital Assets with Proactive Risk Management & Cutting-edge Cybersecurity Strategies | CISSP Certified
9 个月A great event as always David!