Schließen
Schließen
""
Das AI Security Playbook
In diesem Playbook werden sechs zentrale Sicherheitsherausforderungen untersucht, mit denen Unternehmen bei der Einführung von KI konfrontiert sind, sowie bewährte, praxisnahe Strategien, um diese zu bewältigen.
Erleben Sie Netskope
Machen Sie sich mit der Netskope-Plattform vertraut
Hier haben Sie die Chance, die Single-Cloud-Plattform Netskope One aus erster Hand zu erleben. Melden Sie sich für praktische Übungen zum Selbststudium an, nehmen Sie an monatlichen Live-Produktdemos teil, testen Sie Netskope Private Access kostenlos oder nehmen Sie an Live-Workshops teil, die von einem Kursleiter geleitet werden.
Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.
Netskope wird als Leader mit der weitreichendsten Vision sowohl im Bereich SSE als auch bei SASE Plattformen anerkannt
2X als Leader im Gartner® Magic Quadrant für SASE-Plattformen ausgezeichnet
Eine einheitliche Plattform, die für Ihre Reise entwickelt wurde
""
Netskope One AI Security
Organisationen benötigen sichere KI, um ihr Geschäft voranzubringen, doch Kontrollmechanismen und Schutzmaßnahmen dürfen nicht zu Lasten der Geschwindigkeit oder der Benutzerfreundlichkeit gehen. Netskope kann Ihnen helfen, die Vorteile der KI zu nutzen.
""
Netskope One AI Security
Organisationen benötigen sichere KI, um ihr Geschäft voranzubringen, doch Kontrollmechanismen und Schutzmaßnahmen dürfen nicht zu Lasten der Geschwindigkeit oder der Benutzerfreundlichkeit gehen. Netskope kann Ihnen helfen, die Vorteile der KI zu nutzen.
Moderne Data Loss Prevention (DLP) für Dummies – E-Book
Moderne Data Loss Prevention (DLP) für Dummies
Hier finden Sie Tipps und Tricks für den Übergang zu einem cloudbasierten DLP.
Modernes SD-WAN für SASE Dummies-Buch
Modernes SD-WAN für SASE-Dummies
Hören Sie auf, mit Ihrer Netzwerkarchitektur Schritt zu halten
Verstehen, wo die Risiken liegen
Advanced Analytics verändert die Art und Weise, wie Sicherheitsteams datengestützte Erkenntnisse anwenden, um bessere Richtlinien zu implementieren. Mit Advanced Analytics können Sie Trends erkennen, sich auf Problembereiche konzentrieren und die Daten nutzen, um Maßnahmen zu ergreifen.
The Lens
""
Lesen Sie die neuesten Nachrichten und Meinungen des Teams von Netskope. The Lens vereint unsere Blogs, unsere Podcasts und Fallstudien; jede Woche kommen New Inhalte hinzu.
Technischer Support von Netskope
Technischer Support von Netskope
Überall auf der Welt sorgen unsere qualifizierten Support-Ingenieure mit verschiedensten Erfahrungen in den Bereichen Cloud-Sicherheit, Netzwerke, Virtualisierung, Content Delivery und Software-Entwicklung für zeitnahen und qualitativ hochwertigen technischen Support.
""
KI auf der Überholspur
Die Netskope-Roadshow „AI in the Fast Lane“ bringt Sicherheitsexperten zusammen, um zu diskutieren, wie Unternehmen KI heute einsetzen und wie eine umfassende Sicherheitsstrategie ein intelligenteres, sichereres und zukunftssicheres Modell schaffen kann.
Netskope-Video
Netskope-Schulung
Netskope-Schulungen helfen Ihnen, ein Experte für Cloud-Sicherheit zu werden. Wir sind hier, um Ihnen zu helfen, Ihre digitale Transformation abzusichern und das Beste aus Ihrer Cloud, dem Web und Ihren privaten Anwendungen zu machen.

On the latest episode of Security Visionaries, host Bailey Popp sits down with Teresa Carlson, CEO of the General Catalyst Institute and former leader of AWS Worldwide Public Sector, for a wide-ranging conversation on the intersection of AI, cybersecurity, and public-private collaboration. Teresa draws on nearly three decades in technology to share what it truly takes to work with government. From navigating compliance frameworks like FedRAMP to building sponsor networks that accelerate the path to authority to operate. The discussion explores how security leaders can shift from a checklist culture to an outcomes-based mindset, and why going in as a partner, not a vendor, is the defining factor for success. Teresa and Bailey also tackle the fragmented global AI regulatory landscape, the challenge of data sovereignty, and why startups bear a disproportionate burden in a world of conflicting mandates. This episode’s bottom line? AI is minting a new generation of citizen developers and the opportunity has never been bigger.

 

Watch

 

Zeitstempel

00:01 – Intro08:38 – Die Bedeutung von Daten-Governance und -Kategorisierung
00:47 – Wichtige KI-Trends auf der RSAC 202611:18 – Der „Aha-Moment“ des Netskope-CISO und der „FOMO“-Faktor bei der KI-Einführung
01:42 – Datensouveränität und ihr Zusammenhang mit der KI-Einführung13:19 – Ein Tipp für Sicherheitsverantwortliche: Red Teaming und Incident Response optimal nutzen
03:20 – Sicherheitsherausforderungen für stark regulierte Branchen bei der Einführung von KI15:09 – Diskussion über „Agentenbasierte Prozesstechnologie“ und Konferenz-Highlights
06:19 – Leitfaden für CISOs zur Aktivierung von KI-Anwendungsfällen17:12 – Schlusswort

 

Hören

Zeitstempel

00:01 – Intro08:38 – Die Bedeutung von Daten-Governance und -Kategorisierung
00:47 – Wichtige KI-Trends auf der RSAC 202611:18 – Der „Aha-Moment“ des Netskope-CISO und der „FOMO“-Faktor bei der KI-Einführung
01:42 – Datensouveränität und ihr Zusammenhang mit der KI-Einführung13:19 – Ein Tipp für Sicherheitsverantwortliche: Red Teaming und Incident Response optimal nutzen
03:20 – Sicherheitsherausforderungen für stark regulierte Branchen bei der Einführung von KI15:09 – Diskussion über „Agentenbasierte Prozesstechnologie“ und Konferenz-Highlights
06:19 – Leitfaden für CISOs zur Aktivierung von KI-Anwendungsfällen17:12 – Schlusswort

 

Andere Möglichkeiten zum Zuhören:

In dieser Folge

Bailey Popp
Sr. Customer Advocacy Manager at Netskope

Chevron

Bailey Popp

Bailey verfügt über PR- und Marketing-Expertise sowie technisches Wissen, das sich über die Märkte B2B, B2G-Unternehmenssoftware und Cybersicherheit erstreckt. Zuvor war sie bei Splunk und Highwire PR tätig und arbeitete mit Kunden wie Qualtrics, Unity, ExtraHop, Code42, Boomi (von Dell übernommen), BitSight, OWASP, One Identity und Bayer Crop Science zusammen.

LinkedIn-Logo

Teresa Carlson
CEO — General Catalyst Institute

Chevron

Teresa Carlson

Placeholder Abstract

LinkedIn-Logo

Bailey Popp

Bailey verfügt über PR- und Marketing-Expertise sowie technisches Wissen, das sich über die Märkte B2B, B2G-Unternehmenssoftware und Cybersicherheit erstreckt. Zuvor war sie bei Splunk und Highwire PR tätig und arbeitete mit Kunden wie Qualtrics, Unity, ExtraHop, Code42, Boomi (von Dell übernommen), BitSight, OWASP, One Identity und Bayer Crop Science zusammen.

LinkedIn-Logo

Teresa Carlson

Placeholder Abstract

LinkedIn-Logo

Episodentranskript

Offen für Transkription

0:00:00 Bailey Popp: Hello and welcome to another episode of the Security Visionaries podcast. I am your host Bailey Popp and this is a podcast where we share stories and advice from those on the front lines in the cyber security and networking space.

0:00:14 Bailey Popp: Today I am joined by Teresa Carlson, currently CEO at General Catalyst Institute. Welcome Teresa.

0:00:20 Teresa Carlson: Thanks Bailey. Great to see you today.

0:00:23 Bailey Popp: You too. So for those that don't know you, tell us a little bit about yourself and your background in both the public and private sector. You've had a fascinating career.

0:00:35 Teresa Carlson: Thanks, Bailey. Yes, I've been super blessed. I describe myself as a technology executive. I've been working in tech for about 28 years and I spent about 10 years at Microsoft. I ran US federal government at Microsoft and then I was at Amazon Web Services for almost 11 years where I built and ran something called worldwide public sector and then took on also regulated industries like energy, telco, financial services and the rest of healthcare and also built an aerospace and satellite business while I was there and all of these Bailey were working with governments around the world and regulated industry. And then I went to Splunk. I was the president of a company called Splunk. And then I went back to Microsoft for a year and worked for Satya Nadella doing an entrepreneur in residence. And for the last three years now, I've been building and running this institute for General Catalyst. And General Catalyst is one of the largest transformation and venture capital firms in the world. We invest again in these government companies that work with governments and defense and intel, financial services, industrials. So it's been a lot of fun to build this. And what we do here is we work with all of our founders. We have about 900 globally and we work with them to put them in front of regulators, lawmakers, the agency leaders who make decisions on buying and help them understand how governments work, but also look out for policies that may not be the best for startup companies because Bailey, as you probably know, they don't have the same ability to spend the amount of capital on things like government affairs. So we try to really help them shape their track, understand how all this works. So that's been a lot of fun and we launched this in September 24. So we're almost in our second full year of doing this.

0:02:41 Bailey Popp: You have been busy. I am sure the conversations at your holiday dinner tables are nothing short of very interesting. You mentioned that you've built and led major organizations at AWS and Microsoft. Let's talk a little bit about that. You have the private sector which moves at the speed of competition and then you have the public sector which is really tied to regulation and delivering on missions. What is the secret sauce for a security leader or someone like you who's trying to align these two different tempos?

0:03:21 Teresa Carlson: Well, it's a really good question because this is one of my mantras over the years — working with government is not for the faint of heart but the mission is so important once you get it right. The business itself is worth it but also the mission itself is worth it because you really are making the world a better place if you do your job especially in cyber security. And I think the key is really going in and working as a partner versus a vendor. It's just critical. Anytime you introduce yourself as a vendor and you start off that way with these customers, it just doesn't work. And they do have a lot of moving parts. I tell our companies, never go in with a set of problems. They already know they have problems. You want to be a solution broker for them as hard as it can be and sometimes as frustrating because they do move slower sometimes and they do have more compliance hoops to get through. And also you do see that when you're working in regulated industries they have new compliance regimes like FedRAMP or IEL and you have to make sure that you do meet SOC 1 and SOC 2. These things are not options when you work in government. So my key factor for them is be a partner, go in as a solution broker and make sure when you're going in, go to solve the issues they have. Don't just bring the technology to the table.

0:04:43 Bailey Popp: Yeah, absolutely. And what's advice that you would give for shared vision and leadership among the two divisions? How do you partner so that others then follow?

0:04:58 Teresa Carlson: Well, you want to offer them something up without always asking them to buy something. And what I mean is many times it's education and advocacy first. And I'll give you an example of this. We invest — when you're a venture capital firm and even when I was at AWS, cloud was very early in the market. Even a lot of the lawmakers really hadn't been introduced to cloud computing that much in 2010 and early on, going in and having the conversations, I had to do with my teams a lot of show-and-tell advocacy so they understood what I was bringing to the table and how it is actually going to improve government and citizen services. So you have to make sure you do that. Just don't go in trying to sell something. And the second thing I think that we've seen a lot with venture capital because we tend to invest ahead of the curve — we're always investing in the most innovative and transformative technologies. So when you're doing that and you walk in and have these conversations, you want to make sure you're explaining very thoughtfully why these technologies are game-changing. And look at AI. I mean AI is not new, but it has now evolved to a degree that most of us would share is something we wouldn't have imagined five years ago. Look at Anthropic. They're just barely five years old. The revenues are unbelievable. They're profitable. And it just demonstrates the absorption that you're seeing from small businesses, enterprises, and governments. So the story that these companies have to be able to tell is one of what's the problem or opportunity that you're going in to solve and then correlating that with the technology and making it real.

0:06:50 Teresa Carlson: One time when I was leading Microsoft, some of our customers said to us, 'The technology is great, but I want to hear more about the why. How is it actually going to solve my problem, not just what the technology is?' And we went through a period where I said, okay, for a quarter, we're actually not even going to talk about the technology. We're going to go in and map what are we going to achieve and how are we going to achieve it? And it really changed the thinking of our account executives in the field and our technical team. If you're trying to create a better social security administration pathway for citizens to be able to do more work online and meet them where they are — how do you showcase that without talking about every component of technology? And after a while the customers would say, 'This is great but now what's the technology I have to buy to get there?' And that's actually the conversation you want to have more of.

0:08:08 Bailey Popp: Absolutely. I think that's great advice. I love what you said about the education — a lot of times people jump into the product or the solution, but taking your customers and your teams almost on this educational road show of the problem that you're solving is really key. I want to go back to something you said earlier. We talked a little bit about FedRAMP and so for a long time public-private security collaborations are in this kind of compliance form checklist era. How do we shift that partnership from a checklist culture to an outcomes-based culture?

0:08:25 Teresa Carlson: Yeah, I've been working on that for 20 years. There always is a lot of frustration. We see it a lot with our companies that they are confused about what is the mandate they have to meet around security and compliance to be able to work within a government agency. There are tools like FedRAMP that was actually created for cloud computing — and that preceded something called FISMA which was really paper-based. The minute you printed off your security protocol it would be outdated. So then you went to FedRAMP which was supposed to be more automated, distributed computing-based. That is much better and I do think we've seen much better results. However, they do have to move it along faster. It's one of the top blockers that we hear from our companies. The approach that really works — and even I used it myself at AWS even though we had helped shape FedRAMP — is you have to go back to the agency and your sponsor and make sure you've worked with them directly so they give you either provisional authority to operate or the full authority to operate based on them understanding your technology. They really are the ones at the agency level that are taking on the risk. Once you have a solid package and you've found those sponsors, utilize them within other agencies. I've seen a lot of successes — once they have a sponsor, they show their controls, they show the road map, they've had a lot of success using that with other agencies. Would we like it to be more straightforward? 100%. But these CISOs and CIOs are the ones that take on the risk. Their name is on the line.

0:11:41 Teresa Carlson: At the General Catalyst Institute, the thing that we are doing is we continue to push and provide data on why — at the GSA and OMB level — they need to have a model that's much more scalable and fast. And this administration has been working in a much more commercial way and much faster than others I've seen for a variety of reasons. One is the Anthropic situation which was kind of a wake-up call about cyber security — we had kind of stopped talking about cyber security in a big way. It's good for everyone to understand what is happening now: the situation hasn't improved, you actually need more tools, more support, and more focus. Artificial intelligence in general and the fact that we do not want to be behind China has been a big catalyst. And third, we're at war in multiple places and we need to scale and protect our capabilities. As a result of those things, we're seeing government move a lot faster and try to get rid of red tape. Never don't take advantage of a good crisis — the time is now when we can go back in and say, 'Look, this is why you have to scale things faster like FedRAMP and have an approval process that gets these companies through a lot faster.'

0:08:08 Bailey Popp: Absolutely. The comment you made about having a sponsor and building your sponsor network is really important. Is that something that you feel is well known in the industry?

0:13:54 Teresa Carlson: I don't think it's well known. I think most companies will just try to follow the playbook. You really have to be working with a customer and truly understanding what their needs are. Ask them: 'What do we need to do to make you comfortable to give us that provisional or full authority to operate?' You just have to be open, ask these questions, and push hard. It's a process — it's whack-a-mole. It's not one thing, but it is critical. And I would say to your point, how do you work in one agency or department versus trying to work across the full federal government spectrum?

0:14:50 Bailey Popp: We've talked a little bit about obviously the US, but I would be remiss if we didn't talk about some of the geopolitical changes that we're seeing. Based on your experience, how can private companies collaborate with government without creating these digital silos that are actually making us feel a little less safe — especially when you think about this era of AI and the constant threat landscape that we're under right now? 0:15:15 Teresa Carlson: Look, I do think it's a challenge. We're in a time right now in the US where our government leaders are scratching their head and saying, 'Should we regulate or should we not regulate?' And the lack of regulation in some ways has caused almost more confusion. At the state level, we have thousands of mandates already out the door — policies on AI mandates across different regulated areas like healthcare or finance. This is very hard on startups because they're constantly having to ask, 'Can I meet those requirements?' If five states have five different requirements, that costs a lot of money. And then at the federal level, President Trump just pulled the executive order and said we're going to pause. Most people believe it's a good thing to have some federal government stance one way or another because it causes a lot more confusion. We're also seeing a change where you're hearing them talk a bit more about security and trust, less on safety, but they're starting to see — we've got to be able to both innovate and move fast as a country, and also pay attention to the safety and protection of both our government systems and our citizens. That's the ying and the yang right now. Bailey, there is no solution right now. All these agencies are kind of moving out independently. And it's really very different than cloud computing — with cloud, you could not move forward without meeting security and compliance regimes. Now with AI, you're seeing them adopt it with less of a framework in place. 0:18:21 Teresa Carlson: In Europe, they're still moving forward — they have AI policies they're pushing through in Brussels and they are more concerned in terms of the governmental level actually pushing forward on a lot of these. And the groups that get penalized the most are startups — large tech companies have the lobbying, the government affairs, the people and the capital to push through this and figure out a model. For startups, it could be life or death in terms of the amount of capital they have to spend on this.

0:19:16 Bailey Popp: What do you recommend when it comes to data sharing across public and private partnerships? How should we be thinking about using data sharing to be better at our jobs and harbor better partnerships?

0:19:42 Teresa Carlson: Data is not set up to be siloed. It doesn't operate that way. Even take government out of the mix — you have international companies, global companies that work in different parts of the world and they're moving data around all the time. So what we always did — both when I was at AWS and the work you do and others — is about how do you protect that data? How do you secure that data when you're moving it back and forth? For companies, we always recommend: encrypt your data, make sure you have a backup, make sure the pipes are clean that you're moving it through, make sure you're doing all the patching you need to do in your systems. Keep up with your large vendors. As an organization you have to understand what your risks are and ensure that you're working diligently because the bad guys don't get better and the technology doesn't move slower and the innovation is not going to pause. This is an iterative and ongoing process.

0:21:24 Bailey Popp: That should be the title of the episode — those three lines will really stick with us. I think one of the other things that we're talking a lot about is policy. So, if you removed some of the policy constraints and even took away some of the budget issues, what is one collaborative project that you would want to see public and private sectors take on together?

0:21:50 Teresa Carlson: Top for me would be healthcare. Healthcare is so broken and my own personal experience — I have someone in my life that has a rare disease and the ability to get the data and knowledge and use that in a way rapidly and a low-cost option to both process genes, do the DNA analysis, and really start working on cures — we are not there. Our healthcare costs are going up and up. We are not taking advantage of our technology in the right way. Look at Alzheimer's in this country. The numbers are staggering. Cognitive decline, mental health issues. Our technology is unbelievable and we are still not using it in the right way — not just to solve these problems but to move them along. Our healthcare workers are exhausted from COVID still. So if I had a magic wand and we worked on one thing together between congressional leaders, legislators, the White House, the world, and tech — it would focus on some of these core critical areas that are costing citizens so much money, lack of access, and things that now with technology and AI we should just move along so much faster. Sickle cell anemia — it's very targeted with a population that we should solve this. We know how to solve it. There are things out there we can be doing but the cost is so astronomical it's not getting down to the individual that has sickle cell anemia to be able to change the outcomes. So for me for sure it would be healthcare.

0:23:55 Bailey Popp: I echo that completely. I'm a type 1 diabetic. I have been for decades now. And I use a technology — I actually code my own app. It's based on an open-source software program that parents put together because they were so frustrated that this technology is not affordable on the market. And it's a Facebook group for help and support if you need anything. And it's wonderful and it's changed my life, but it's pretty sad that that's where your resources are right now compared to what could be on the market and could be helping. So that is one that hits my heart. I completely understand.

0:24:36 Teresa Carlson: Well, Bailey, I think you're an example of what I believe we're going to see a lot more in AI — which is you will have individuals now who can be their own entrepreneur. They can begin to solve their own problems. And if you look at Anthropic's coding tools, Claude Code — I have never seen so many people that are not coders coding. We used to promote this at Amazon — we had coding programs, we wanted to teach young girls to code. We had amazing initiatives like AWS Educate. But you're a great example where you're taking skills and now you're going to solve your own problems. You can maybe start your own company around this. And I do believe that we're going to see more entrepreneurs pop up because they have the technology in a very different way at their fingertips and they don't have to go to four years of computer science to be able to code.

0:25:46 Bailey Popp: Citizen developers are taking over the world. Yeah. Exactly. You mentioned all of your amazing initiatives that you had built at AWS and you were also a big advocate for diversity like we powered tech. So how can public and private partnerships come together to solve that skills gap? And talk a little bit about that inclusive community that you've built.

0:26:14 Teresa Carlson: When I started out my career in tech, there were just so few women participating and I saw a lot not be able to stay in the workforce. I had a lot of amazing women that worked for me who made a decision that they couldn't do both. One of my goals — and I really appreciate what Amazon did, Andy Jassy was really good about this — we really focused on ensuring that we had tools that could hit everyone: economically depressed areas, male, female, young, just in areas that we really hadn't focused on. We didn't go out and just focus on the Ivy Leagues. We were focused around the world. And one of my early efforts, which I still love, was something called Smart is Beautiful. Some women here in DC helped me brand it — some female CIOs actually. And the goal was targeted toward young girls. We had t-shirts and we would go around the world. I would find the most amazing women I could in every country. I would convene a dinner or a lunch and we would talk about how do we make sure in this community that we encourage young girls to be part of the technology revolution and make sure that they can get the right jobs and the right pay. And it was about smart is beautiful — use your brain, use your talent. We helped create coding clubs around the world. A woman in Brussels started and she taught them to code through fashion. She said, 'You want to make something?' So she taught them how to code what they were doing. We were trying to get them interested in solving a problem. Girls were much more interested in solving a problem — they wanted to do something with their skills. But really, Bailey, it was about opening up the world and the eyes of opportunity. And for me personally, I wanted to make sure that all the women that worked for me saw they had an opportunity and the doors were there for them to climb that ladder. And now at General Catalyst it's fun because we have so many female founders.

0:29:33 Bailey Popp: Breaking that glass ceiling one day at a time. I love it. Well, I know I have kept you for quite a bit, so I think that's all we have time for today. I really appreciate you coming on the podcast, Teresa. You've shared amazing insights about the public and private communities and how we can better partner, thinking about geopolitical instances across the world and how we can better protect our data. So you've given a lot of us a lot of things to think about. Thank you. 0:30:04 Teresa Carlson: Thank you Bailey. Thanks for having me.

0:30:07 Bailey Popp: You have been watching the Security Visionaries podcast and I have been your host Bailey Popp. Thanks for tuning in. You can find this episode on YouTube, Spotify, and Apple Music. Subscribe, give us some love, and check us out next time. See you.

Abonnieren Sie die Zukunft der Sicherheitstransformation

Mit dem Absenden dieses Formulars stimmen Sie unseren Nutzungsbedingungen zu und erkennen unsere Datenschutzerklärung an.