EP 28 — National Bank's Andre Boucher on Managing AI without Shadow IT Friction скачать в хорошем качестве

EP 28 — National Bank's Andre Boucher on Managing AI without Shadow IT Friction

André Boucher, SVP Technology and Information Security (CTO/CISO) at National Bank of Canada, previously led Canadian Forces Cyber Command and helped create the Canadian Centre for Cybersecurity. He explains why data inventory remains the hardest unsolved problem in enterprise security, how to manage AI adoption without creating shadow IT friction, and why treating 31,000 employees as security team members changes your approach. Andre shares his perspective on the military-to-private sector transition, revealing that governance and strategy skills matter more than technical expertise when securing systemically important financial institutions. He discusses National Bank's forward-leaning approach to AI experimentation, the regulatory challenges of autonomous AI in banking, and why third-party risk management is becoming exponentially more complex as vendors embed AI features without warning. Chapters: 0:00 Introduction 1:40 From technology officer to cyber command leader 3:17 Complexity of private sector governance vs government expectations 5:12 Being a CISO at a systemically important institution 7:40 Data security ecosystem maturity gap and taxonomy challenges 9:10 AI as another technology leap operating at order of magnitude speed 11:29 When awareness training fails against synthetic actors in video calls 13:57 Shadow AI management and treating 31,000 employees as security participants 16:37 Forward-leaning approach to AI experimentation with authorized platforms 18:00 Scaling AI pilots from sandbox to enterprise without mature data security 20:26 Board strategy mandates versus grassroots adoption pressure 22:48 Data inventory and unstructured data as persistent blind spots 25:24 AI use cases in security tooling and modeling normal behavior 28:08 Agentic AI challenges in regulated environments requiring repeatable decisions 29:05 Third-party risk amplification and the regulatory gap around vendor AI features 32:24 Building security teams around ethics mission and non-linear career paths 37:05 Career advice on patience curiosity and trusting yourself