September 24, 2025 • 8 mins
I spoke with Brandon Hollinder, the Vice President of eDiscovery and Cyber Solutions at Epiq, a provider of legal and business services. We discussed the proactive steps companies should take to strengthen their information governance, how AI-driven data mapping and labeling tools are changing the way companies understand and manage their data risk, and ways that AI is affecting cybersecurity.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:01):
Welcome to Reinventing Professionals,a podcast hosted by industry analyst
Ari Kaplan, which shares ideas,guidance, and perspectives from market
leaders shaping the next generationof legal and professional services.
This is Ari Kaplan and I'm speaking withBrandon Hollander, the Vice President of
(00:24):
eDiscovery and Cyber Solutions at Epic, aprovider of legal and business services.
Hi Brandon, how are you?
Hi, Ari.
I'm doing good, thanks.
Thanks for having me
today.
I'm excited to have this conversation.
So tell us about your backgroundand your role at Epic.
I'm a licensed attorney, but Ibeen working at Epic for about 17
(00:44):
years in e-discovery and helpingclients with that challenge.
For the past several years, I'vealso been working in our cyber
incident response business unit.
We're focused on helping clientswhen they have a data breach
respond to regulatory obligations.
Meet those requirements.
And more and more we're also focusedon how can we help people prevent a
breach or minimize the impact of abreach when it happens because they're
(01:06):
so plentiful at this point in time.
From a financial and operationsperspective, they really cause
a lot of challenges for people.
For us it's an opportunity totry to work with them and try
to avoid that and minimize it.
How would you gauge the level ofpreparedness for organizations
in their cyber security hygiene?
(01:26):
At a very macro level,companies are under prepared.
The biggest companies out there,those who've already gone through a
breach, they've had that wake up call.
They're starting to be very focusedon how can they prepare for this,
how can they avoid it in the future?
But many businesses , especially thosein the small and medium business space,
think it's not gonna happen to them orthink they have strong enough security.
(01:47):
And the reality is the numbersjust tell a different story.
They're not doing enough to stop it.
They're not doing enough to, train theiremployees or put the infrastructure
in place to do something like this.
So it's really a big issueand threat out there.
What steps can companies take tostrengthen their information governance
in an effort to enhance their protections?
(02:09):
That's certainly one of the thingsthat we're focusing on now, trying
to educate people about that.
The great news is there are a lotof tools out there, and every day
there's improvements in those tools.
Some really classic exampleswould be doing tabletop exercises.
A mock breach.
But some of the really exciting thingsthat are coming into play in Microsoft
365 or purview tools that lots of peoplealready have access to, some basic
(02:31):
things like data ladling, or usinga data loss prevention mechanism to
basically monitor emails with sensitivedata before they go out the door.
You can't always stopthose malicious attacks.
A lot of breaches are actually becausean employee sends the wrong file
or inadvertently shares something.
So the data labeling and the techout there now is really great
(02:51):
at preventing and helping youwith those inadvertent breaches.
How are companies starting to use some ofthese cyber review tools more proactively
and what are the benefits they're seeing?
We have technology that helps usanalyze data, understand what type
of sensitive information is in there,personal health information, et cetera.
(03:12):
But for a long time, peoplejust use that After they had
the breach, they had the breach.
They need to understand what's in thedata, because that informs them of
what kind of regulatory requirementsor obligations they might have.
The thing is those tools can beused just the same proactively.
So what companies are startingto do, and what we're certainly
advocating to do is take a littlebit of time and effort beforehand.
Use that same technology that'sso great that identifying this
(03:34):
sensitive information, but useit before you have the breach.
Use it to analyze what's in your networks,what are people saving on there to see
if you do have risk, to see if thereare things that you need to clean up.
If your employees are savingthings that maybe you weren't quite
aware they had on the network sothat you can create that plan.
So that when and if the breachhappens you don't have as
much sensitive data out there.
(03:56):
And if you do, because sometimes youhave legitimate business needs to have
customer information or social securitynumbers, depending upon your business.
But at least you know where that datais so that if you're ever breached, you
can know if it's been impacted or not.
And that's gonna help you respondmuch more efficiently, quickly,
and, in a less stressful manner.
How are new AI driven data mapping andlabeling tools changing the way companies
(04:21):
understand and manage their data risk?
Of course in the legal industry and cybertoo, we hear about ai, gen AI a lot.
Good news for cyber people and avoidingbreaches and all of these things is
there are real meaningful impacts andtech on the way to help with this.
Microsoft 365 or others allow you to dothis analysis where the data lives so
(04:42):
you don't have to export it and provideit to a vendor who's doing an analysis
someplace else, creating copies, creatingcosts more time, all those things.
So it's gonna be easier todo this because of the tech.
The other thing is historically.
To understand what's in your data, what'sbeen impacted, or how to protect it.
It's relied on things like search terms,maybe patterns, regular expressions
(05:04):
a pattern of a credit card number.
But now with Gen ai, the gen AI ismuch more powerful at accurately
finding and identifying this data.
So it's both gonna get you to theresults quicker, and it's gonna
avoid a lot of false positives.
We can really focus our efforts andcompanies can focus their efforts on
the actual data that is important.
(05:25):
And not just all thenoise in the background.
What's the biggest mindset shiftyou are seeing when it comes
to information governance andcyber risk management in 2025?
For a CISO or someone like them, they'veknown about this for a long time.
It's a big focus for them.
It's their expertise.
I think the biggest shift thatwe're seeing is now at the general
(05:45):
council level or the a GC level.
People who are legal and they'resmart, but they're not cyber experts.
They're very aware of thisthreat and this risk now.
And so they're trying to come to termswith as the gc, how do I handle this?
How do I respond and how do I balanceand get that ROI and timing, right
of preparing and being proactive toavoid the breach, but spending money
(06:06):
to do it versus the ramificationsof if you actually have a breach.
I think that's what people are startingto realize in these leadership positions.
If you look at a Breach that happened. They were not probably prepared enough.
They didn't have a plan.
The net result is they get attackedand they're down for weeks, losing,
customer sales, stock share goesdown, all because they didn't spend
(06:28):
enough time and effort upfront.
These are real wake up calls forthe rest of the legal community,
and the CISOs are using that to gettheir message to resonate with other
people who are leading organizationslike the GC or like the C-Suite.
How do you see AI affectingcybersecurity as we move ahead?
(06:49):
The positive impacts Gen AI hasin our ability to find sensitive
data or know what's in our data.
On the scary side of things, you knowthe threat actors can use it too.
They're sophisticated, they'rereally motivated 'cause these
attacks make them money.
So we're seeing them useAI and Gen AI and really.
Bold and new and effective ways.
So increasing their ability to usesocial engineering, creating voice
(07:12):
replications, video replications ofreal people pretending and accurately
mimicking that they're someone inyour IT organization and getting
credentials into your environment.
That's one of the ways that threat actorsare using Gen AI to portray themselves and
it's being really successful, it's a timewhere CISOs and others trying to prevent
these attacks are really trying to catchup both from their ability to identify
(07:36):
this, but then also educating peoplewithin the organization they represent
that you really have to be careful now.
It used to be don't click on a link.
They can be suspicious.
Look for misspellings, things like that.
Those kind of easy to spot thingsdon't exist anymore with gen ai.
This is Ari Kaplan speaking with BrandonHollander, the Vice President of e
(07:59):
Discovery and Cyber Solutions at Epic, aprovider of legal and business services.
Brandon, thanks so very much,
Ari.
Thank you very much for having me.
It was great to speak with you and Ihope you have a great rest of your day.
Thank you for listening to theReinventing Professionals Podcast.
Visit reinventing professionals.com orari kaplan advisors.com to learn more.
Welcome to Reinventing Professionals,a podcast hosted by industry analyst
Ari Kaplan, which shares ideas,guidance, and perspectives from market
leaders shaping the next generationof legal and professional services.
This is Ari Kaplan and I'm speaking withBrandon Hollander, the Vice President of
(00:24):
eDiscovery and Cyber Solutions at Epic, aprovider of legal and business services.
Hi Brandon, how are you?
Hi, Ari.
I'm doing good, thanks.
Thanks for having me
today.
I'm excited to have this conversation.
So tell us about your backgroundand your role at Epic.
I'm a licensed attorney, but Ibeen working at Epic for about 17
(00:44):
years in e-discovery and helpingclients with that challenge.
For the past several years, I'vealso been working in our cyber
incident response business unit.
We're focused on helping clientswhen they have a data breach
respond to regulatory obligations.
Meet those requirements.
And more and more we're also focusedon how can we help people prevent a
breach or minimize the impact of abreach when it happens because they're
(01:06):
so plentiful at this point in time.
From a financial and operationsperspective, they really cause
a lot of challenges for people.
For us it's an opportunity totry to work with them and try
to avoid that and minimize it.
How would you gauge the level ofpreparedness for organizations
in their cyber security hygiene?
(01:26):
At a very macro level,companies are under prepared.
The biggest companies out there,those who've already gone through a
breach, they've had that wake up call.
They're starting to be very focusedon how can they prepare for this,
how can they avoid it in the future?
But many businesses , especially thosein the small and medium business space,
think it's not gonna happen to them orthink they have strong enough security.
(01:47):
And the reality is the numbersjust tell a different story.
They're not doing enough to stop it.
They're not doing enough to, train theiremployees or put the infrastructure
in place to do something like this.
So it's really a big issueand threat out there.
What steps can companies take tostrengthen their information governance
in an effort to enhance their protections?
(02:09):
That's certainly one of the thingsthat we're focusing on now, trying
to educate people about that.
The great news is there are a lotof tools out there, and every day
there's improvements in those tools.
Some really classic exampleswould be doing tabletop exercises.
A mock breach.
But some of the really exciting thingsthat are coming into play in Microsoft
365 or purview tools that lots of peoplealready have access to, some basic
(02:31):
things like data ladling, or usinga data loss prevention mechanism to
basically monitor emails with sensitivedata before they go out the door.
You can't always stopthose malicious attacks.
A lot of breaches are actually becausean employee sends the wrong file
or inadvertently shares something.
So the data labeling and the techout there now is really great
(02:51):
at preventing and helping youwith those inadvertent breaches.
How are companies starting to use some ofthese cyber review tools more proactively
and what are the benefits they're seeing?
We have technology that helps usanalyze data, understand what type
of sensitive information is in there,personal health information, et cetera.
(03:12):
But for a long time, peoplejust use that After they had
the breach, they had the breach.
They need to understand what's in thedata, because that informs them of
what kind of regulatory requirementsor obligations they might have.
The thing is those tools can beused just the same proactively.
So what companies are startingto do, and what we're certainly
advocating to do is take a littlebit of time and effort beforehand.
Use that same technology that'sso great that identifying this
(03:34):
sensitive information, but useit before you have the breach.
Use it to analyze what's in your networks,what are people saving on there to see
if you do have risk, to see if thereare things that you need to clean up.
If your employees are savingthings that maybe you weren't quite
aware they had on the network sothat you can create that plan.
So that when and if the breachhappens you don't have as
much sensitive data out there.
(03:56):
And if you do, because sometimes youhave legitimate business needs to have
customer information or social securitynumbers, depending upon your business.
But at least you know where that datais so that if you're ever breached, you
can know if it's been impacted or not.
And that's gonna help you respondmuch more efficiently, quickly,
and, in a less stressful manner.
How are new AI driven data mapping andlabeling tools changing the way companies
(04:21):
understand and manage their data risk?
Of course in the legal industry and cybertoo, we hear about ai, gen AI a lot.
Good news for cyber people and avoidingbreaches and all of these things is
there are real meaningful impacts andtech on the way to help with this.
Microsoft 365 or others allow you to dothis analysis where the data lives so
(04:42):
you don't have to export it and provideit to a vendor who's doing an analysis
someplace else, creating copies, creatingcosts more time, all those things.
So it's gonna be easier todo this because of the tech.
The other thing is historically.
To understand what's in your data, what'sbeen impacted, or how to protect it.
It's relied on things like search terms,maybe patterns, regular expressions
(05:04):
a pattern of a credit card number.
But now with Gen ai, the gen AI ismuch more powerful at accurately
finding and identifying this data.
So it's both gonna get you to theresults quicker, and it's gonna
avoid a lot of false positives.
We can really focus our efforts andcompanies can focus their efforts on
the actual data that is important.
(05:25):
And not just all thenoise in the background.
What's the biggest mindset shiftyou are seeing when it comes
to information governance andcyber risk management in 2025?
For a CISO or someone like them, they'veknown about this for a long time.
It's a big focus for them.
It's their expertise.
I think the biggest shift thatwe're seeing is now at the general
(05:45):
council level or the a GC level.
People who are legal and they'resmart, but they're not cyber experts.
They're very aware of thisthreat and this risk now.
And so they're trying to come to termswith as the gc, how do I handle this?
How do I respond and how do I balanceand get that ROI and timing, right
of preparing and being proactive toavoid the breach, but spending money
(06:06):
to do it versus the ramificationsof if you actually have a breach.
I think that's what people are startingto realize in these leadership positions.
If you look at a Breach that happened. They were not probably prepared enough.
They didn't have a plan.
The net result is they get attackedand they're down for weeks, losing,
customer sales, stock share goesdown, all because they didn't spend
(06:28):
enough time and effort upfront.
These are real wake up calls forthe rest of the legal community,
and the CISOs are using that to gettheir message to resonate with other
people who are leading organizationslike the GC or like the C-Suite.
How do you see AI affectingcybersecurity as we move ahead?
(06:49):
The positive impacts Gen AI hasin our ability to find sensitive
data or know what's in our data.
On the scary side of things, you knowthe threat actors can use it too.
They're sophisticated, they'rereally motivated 'cause these
attacks make them money.
So we're seeing them useAI and Gen AI and really.
Bold and new and effective ways.
So increasing their ability to usesocial engineering, creating voice
(07:12):
replications, video replications ofreal people pretending and accurately
mimicking that they're someone inyour IT organization and getting
credentials into your environment.
That's one of the ways that threat actorsare using Gen AI to portray themselves and
it's being really successful, it's a timewhere CISOs and others trying to prevent
these attacks are really trying to catchup both from their ability to identify
(07:36):
this, but then also educating peoplewithin the organization they represent
that you really have to be careful now.
It used to be don't click on a link.
They can be suspicious.
Look for misspellings, things like that.
Those kind of easy to spot thingsdon't exist anymore with gen ai.
This is Ari Kaplan speaking with BrandonHollander, the Vice President of e
(07:59):
Discovery and Cyber Solutions at Epic, aprovider of legal and business services.
Brandon, thanks so very much,
Ari.
Thank you very much for having me.
It was great to speak with you and Ihope you have a great rest of your day.
Thank you for listening to theReinventing Professionals Podcast.
Visit reinventing professionals.com orari kaplan advisors.com to learn more.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.