March 13, 2024

Matt Sharp: A CISO’s approach to creating AI governance framework

In this episode of In Security podcast, Matt Sharp, Chief Information Security Officer (CISO) at Xactly shares his journey into the role of a CISO, from a decade in cybersecurity consulting and earning an MBA. Matt, along with our host and GTM leader Mike Cataffo, discuss key considerations, practical examples, real-life cases, and the crucial role of stakeholder involvement in crafting effective governance policies. He also shares the challenges of controlling shadow IT and offers insights into the art of striking the right balance in AI governance.

Episode Highlights:

  • Challenges of Shadow IT: Shadow IT – by nature – can be a complicated issue for security teams to handle. Matt shares how he addresses these challenges.
  • Balancing Innovation and Risk Management: Matt illustrates how Xactly navigates ethical challenges, ensuring AI aligns with industry giants' ethical frameworks like Google and Microsoft, maintaining high standards of integrity and accountability.
  • Adaptability in the AI Governance Landscape: Matt emphasizes scalability, highlighting the critical role that a dynamic AI governance document plays in dealing with ever-changing technologies and regulations.
  • Xactly's Approach to AI Governance: Discover Xactly's AI governance, shaped by industry competition and the evolving role of AI where Matt outlines a framework aligning tech stakeholders and legal experts with business goals, effectively mitigating risks.

Watch the episode here:

About our guest, Matt Sharp:

Matt Sharp is an accomplished security professional who is currently the Chief Information Security Officer (CISO) at Xactly Corp. With over two decades of experience, Matt stands out as a thought leader and is also the author of The CISO Evolution. He contributes significantly to the industry as a trusted advisor, serving on advisory boards for organizations including NopSec and CyberGRX.

Challenges of Shadow IT, AI governance and Striking the Right Balance

In this episode, we discuss the unique challenges of balancing innovation and risk management. Use cases of AI in businesses tend to be driven by efficiency gains. Yet, AI and machine learning also pose a potential threat. While benefits might be apparent with decision-making and improving the efficiency of repetitive tasks, their reliance on large amounts of data also makes them prone to security risks. Matt also provides practical examples of AI use cases at Xactly. Their active exploration of AI integration is evident in growing interest and increased inbound requests. Collaborating with a sales & marketing tool unveiled opportunities for risk management, emphasizing a focus on high-probability deals and enhancing sales efficiency across various business aspects.

Challenges also exist for security professionals from the implications of shadow IT. In Matt’s own words “...there are people who are going to ask for permission and people who will ask for forgiveness.” Risks can go beyond compliance violations, sometimes reaching as far as access to unauthorized access to even data breaches. He talks about why it becomes important to communicate the acceptable boundaries within which one would expect people to operate.


The “In Security” podcast brings you conversations and thoughts on the shifting landscape of security, Governance, Risk, and compliance (GRC), technology, and beyond. Featuring insights from industry executives and leaders in cybersecurity and GRC, we explore the crucial strategies, trends, and stories shaping our ever-evolving digital world.

Subscribe to our newsletter for the latest in Security, GRC and GTM:

No items found.
No items found.
Nirvana Karkee
Content Writer