Felicia King takes you inside a cautionary tale — from the head of a major cybersecurity agency accidentally feeding confidential memos into a public AI, to small businesses unknowingly making their data the price of a "free" account. Through sharp examples and blunt truth, she shows how missing policies, licenses, and training turn promising tools into breach vectors.

Then she guides you through a practical playbook: the shared-responsibility model, paid licensing, demonstrable due care, and professional operational maturity. With vivid stories of project estimates, productivity boosts, and AI acting as an engineering assistant, Felicia reveals how the right guardrails can transform AI from a liability into the competitive edge that moves the impossible into the possible.

 

Felicia discussed the importance of implementing proper governance structures and training for artificial intelligence technologies to prevent businesses from being victimized by them, highlighting the role of employees as potential security risks. She emphasized the need for consistent policies and risk management when using AI tools like ChatGPT and Copilot, while also addressing concerns about data privacy and proper licensing in financial technology. Felicia stressed the importance of operational maturity and shared responsibility in managing resources securely, particularly for small organizations, and discussed how AI can enhance business productivity and enable better project planning when guided by experienced professionals.

Summary AI Governance and Employee Training

Felicia discussed the importance of implementing governance structures and providing training for artificial intelligence technologies to prevent businesses from being victimized by them. She highlighted that employees often serve as the weakest link in cybersecurity, using a recent incident involving the head of CISA as an example. Felicia emphasized the need for consistent policies and training, even for high-ranking officials, to avoid exceptions that can lead to security breaches.

AI Risk Management Strategies

Felicia discussed the risks associated with using AI tools like ChatGPT and Copilot, emphasizing the need for proper risk management and operational maturity when implementing such technologies. She highlighted that while these tools can be beneficial, they also pose potential risks that need to be addressed through appropriate governance, controls, and training. Felicia used the example of bank wire transfers to illustrate how even basic technologies require risk management, and she suggested that similar principles should apply to AI usage in businesses.

AI Licensing and Data Protection

Felicia explained that using AI tools like ChatGPT requires a paid plan rather than a free one, as free plans often exploit user data. She used the example of Better Tracker, a tool designed for CFOs to automate and categorize technology expenses, emphasizing the importance of proper licensing and data protection in financial technology.

FinTech Privacy and Security Concerns

Felicia discussed the functionality of FinTech tools like Better Tracker, which connects to digital banking accounts to automate transaction data population into expense management platforms. She emphasized her decision not to use Better Tracker due to concerns about data privacy, as the service required connecting bank and credit card accounts, making users the product. Felicia also shared experiences of recent data breaches involving Microsoft 365 tenants, highlighting the importance of proper licensing and security measures for businesses.

Shared Responsibility in Cloud Services

Felicia explained the shared responsibility model between service providers like Microsoft and Google, and their customers, emphasizing that customers are primarily responsible for managing their rented accounts securely and professionally. She clarified that issues with Microsoft 365 tenants cannot be resolved by switching to Google Workspace, as both platforms follow similar shared responsibility models. Felicia also highlighted that customers need to ensure proper management of their resources to maintain privacy, security, and data availability.

Operational Maturity and Security Management

Felicia discussed the importance of operational maturity and shared responsibility in managing resources, emphasizing that businesses need to meet certain expectations to avoid higher costs and inconveniences due to outages and compromises. She highlighted the need for businesses to demonstrate due care and due diligence through technical controls and regular gaps assessments with implementation plans to limit liability in case of a breach. Felicia also mentioned her previous work on legal defensibility and security models, as well as insights from a breach attorney about the importance of proving demonstrable progress in security improvements over time.

Cybersecur