Secure Talk podcast | by Strike Graph

An AI Security Maturity Model for CISOs, with Chris Cochran (SANS)

Written by Strike Graph Team | Jul 14, 2026 4:29:07 PM

 

Half the room at Chris Cochran's leadership dinners still calls themselves AI skeptics. He argues they can't afford to be — because the adversary already isn't.

**Timestamp index:**
00:00 — Intro
02:49 — NSA/threat intel → AI security, storytelling
09:55 — Why leaders feel stuck / no roadmap
14:41 — Three pillars (Protect/Utilize/Govern)
17:00 — Governance as the real foundation / shadow AI
21:37 — Evidence-based scoring vs. pass/fail
26:27 — EU AI Act
28:44 — Fable/Mythos, Project Glasswing access controls
33:18 — Token subsidies, self-hosted models
37:52 — Data poisoning & context poisoning
40:12 — Iron Man suit framing
42:38 — Close: what's next