Michael Woodson on AI Governance and Cyber Risk

Critical Stats

LinkedIn: Check out his profile!

Started their cybersecurity journey in: 1999

Most passionate about (in cybersecurity): Developing security programs from scratch and teams to secure organizations

Favorite zero-day: None of them

Favorite song: "Wherever You Go” by Skip Mahoaney & The Casuals

Introduction

Michael Woodson is a seasoned cybersecurity executive and strategic advisor with over three decades of experience protecting critical infrastructure, financial institutions, and global enterprises. His career spans law enforcement, federal government service, and private-sector leadership, giving him a rare perspective that bridges operational security and executive-level strategy.

Currently serving as Chief Information Officer and Chief Cybersecurity Strategist, Michael partners with boards and executive teams to translate complex technology, AI, and cybersecurity risks into actionable business strategies. His expertise encompasses IT governance, enterprise infrastructure modernization, and the development of cyber resilience programs that sustain stakeholder trust and regulatory alignment.

Michael is a cyber vanguard!

Michael's career demonstrates a genuine pioneering spirit in cybersecurity. As a Senior Cyber Crime Technical Advisor in a U.S. Embassy posting, he designed programs to help international law enforcement combat cybercrime and built partnerships that advanced critical infrastructure protection across Southeast Asia.

His domestic leadership includes establishing the first 24×7 Security Operations Center for a major transit authority and transforming a global hospitality company's security and privacy programs, with compliance frameworks for GDPR, CCPA, CPRA, and PCI DSS. In financial services, he built computer forensics laboratories and implemented advanced threat management platforms to address regulatory requirements and strengthen resilience against sophisticated cyberattacks.

Beginning as a police officer and IT specialist, Michael developed training curricula and supported critical public safety systems, establishing his unique ability to operationalize security strategy. Needless to say, he's seen it all.

Without further ado, we asked Michael our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

AI governance is the biggest cybersecurity challenge we face today. AI is evolving at a pace that far exceeds traditional leadership models, which were built around older tools and slower cycles of change. Many companies have not yet formally established AI accountability structures, and the speed of AI adoption is outrunning the ability to design proper controls. This creates a dangerous gap in which organizations deploy powerful AI capabilities without the governance frameworks needed to manage the associated risks.

2. How can we address the lack of AI governance?

The key to addressing the AI adoption and governance gap is education. Education at all levels is essential. From the boardroom to frontline employees, organizations need to build AI literacy and awareness so that everyone understands both the potential and the risks these technologies present.

3. What are three actions a CEO can take to protect their company from cyberattacks?

First, put cyber risk on the board agenda every quarter using business scenarios and Cyber Risk Quantification. This ensures cybersecurity remains a strategic priority with a measurable business context.

Second, provide a proper budget and enforce foundational security controls: Identity Access Management, Patching, Backups, Endpoint Security, and Vulnerability Management. These fundamentals form the backbone of any effective security program.

Third, require leadership to participate in annual tabletop exercises. These simulations prepare executives to respond effectively when incidents occur.

4. What are some of the best resources for learning more about cybersecurity?

My top three resources for learning about cybersecurity are focused on training and learning:

1. Cybrary - Most people in cyber know this one. It is an online cybersecurity training platform offering hands-on courses, labs, and certification preparation for professionals at all levels.

2. Dark Reading - A resource the expert turns to; this is a leading cybersecurity news site covering breaking threats, vulnerabilities, and industry trends.

3. LinkedIn Learning - A common online learning resource that most of us know. I like that it has thousands of video courses covering technology, business, and professional development (not just cyber matters).

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

My advice is simple: Lean in and commit to continuous learning. By that I mean read extensively, build your professional network, and attend industry conferences. The field rewards those who stay curious and connected.

I can do this all day… sharing this marvelous interview with everyone!