Download Transcript (pdf)

Episode Summary: AI Risk Is Mostly Not New  

We are entering a phase of AI adoption where the conversation is no longer about possibility. It is about responsibility. 

AI agents are being embedded into security operations, business workflows, and decision making faster than governance models were designed to handle. Teams are moving quickly. Boards want results. And CISOs are being asked to enable innovation without introducing risk they cannot unwind. 

In this episode of ClearTech Loop, Jo Peterson sits down with Timothy Youngblood, four-time Fortune 500 CSO and CISO, board member, angel investor, and adjunct professor, to discuss how leaders should think about AI adoption through the lens of human oversight, governance, and accountability. 

🎧 Listen to the full episode 
https://www.buzzsprout.com/2248577/episodes/18509846

📬 Stay in the Loop subscribe for new episodes 
https://www.linkedin.com/newsletters/7346174860760416256/ 

AI has technically been with us for years. What changed is not the math, it is the front door. Suddenly anyone in the organization can touch it, feed it data, and make decisions with it. That shift in accessibility is what is rewriting business risk. 

In this episode of ClearTech Loop, Jo Peterson speaks with Michael Machado, CISO and Chief Data Officer at Hyland, about why the core disciplines of security have not been replaced, they have been stretched. Cloud, SaaS, mobile, and now AI all force the same questions about visibility, data movement, and accountability, just at a different speed.  

🎧 Listen to the full episode in the player above

📬 Stay in the Loop subscribe for new episodes 
https://www.linkedin.com/newsletters/7346174860760416256/ 

Episode Lens 

“Waves of technology come. Cloud, SaaS, mobile, AI. The muscles we flex are things we have seen before.” 
— Michael Machado  

This conversation is framed around a simple reality. AI does not require a brand new security playbook. It requires applying familiar disciplines faster, earlier, and with more visibility into how data is moving. 

The new risk is not that AI exists. The new risk is that access is now broad and frictionless. 

 

Key Perspectives: The Balance Between Action and Inaction

Michael framed AI decisions in a way that felt immediately practical. There is risk in doing things and risk in not doing things. Organizations have to balance productivity gains and business accelerators against downside risk, and make those decisions with eyes open at the right level of leadership. 

This is not a message to slow adoption. It is a message to make adoption visible. 

Old Muscles, New Technology 

Michael emphasized that the fundamentals still win. Visibility first. Privacy impact. Audit trails and forensics. Resilience. Alignment to business goals. 

What AI changes is the speed and volume of adoption and the number of people who can move data outside the organization without realizing they are doing it. 

Governance Starts With the Business Problem 

A recurring point in this discussion was that AI risk is still business risk wearing new clothes. When governance starts with the tool, it produces policies about features instead of outcomes.  

Michael’s sequence is straightforward: 

1. Start with the objective. 

2. Map the data movement that objective requires. 

3. Then design controls that support the mission instead of slowing it down.  

AI Governance Is a Multi Department Decision

AI governance cannot live inside one department. Michael was direct about this, and it is a theme that continues to show up across ClearTech Loop guests.  

AI pulls in contracts, data, customer experience, and risk all at once. When those perspectives meet early, organizations make balanced decisions. When they meet after deployment, governance becomes damage control.  

 

What CISOs Should Actually Measure

Michael separated risk analytics from value analytics, and this is a distinction many security teams miss. 

It is not enough to track what could go wrong. CISOs also need visibility into whether the organization is getting measurable value from the licenses and tools it is buying, and whether those tools are actually being adopted.  

This shifts the dashboard from fear metrics to business metrics, and it forces a harder conversation: are we paying for controls that change outcomes, or paying for the appearance of control. 

What You Will Learn

• How accessibility is changing AI risk inside the enterprise 

• How to evaluate AI decisions as business risk, not technology hype 

• Why visibility, auditability, and resilience still matter most 

• How to structure AI governance as a multi department operating model 

• What CISOs should measure beyond exposure, including adoption and value signals  

Jo’s Take: Fundamentals at Higher Speed 

What stood out in this conversation is how firmly Michael rejected the idea that AI requires an entirely new security worldview. 

The fundamentals have not changed. The pace has. 

More people can now participate in risk without realizing it, and that reality forces security leaders to get earlier visibility, tighten feedback loops, and bring leadership into informed tradeoffs before adoption becomes irreversible. 

About the Guest: Michael Machado

Michael Machado is CISO and Chief Data Officer at Hyland and advisor to multiple startups. His work spans cloud security, fraud prevention, data governance, and aligning security strategy with business growth across enterprise and emerging companies. 

Additional Resources

• An Evolution of Defensive Security Operations: From Simple Detection to Modern SOC Automation https://www.linkedin.com/pulse/evolution-defensive-security-operations-from-simple-modern-machado-unctc/  

• ClearTech Research Insights https://cleartechresearch.com  

• NIST AI Risk Management Framework https://www.nist.gov/itl/ai-risk-management-framework  

🎧 Listen to the full episode in the player above 

📬 Stay in the Loop subscribe for new episodes 
https://www.linkedin.com/newsletters/7346174860760416256/