Video Interviews 

Bridging the Gap: CSA’s AI Security Initiatives at RSAC

Avatar photo by Alan Shimel on March 31, 2026

Alan sits down with longtime friend and cybersecurity veteran Rich Mogull to discuss his new role as chief analyst at the Cloud Security Alliance. They cover everythng from the rapid rise of agentic AI to how CSA is working to bridge the gap between high-level security frameworks and the practitioners who actually need to implement them.

Mogull explains how CSA is approaching AI security through two major initiatives. The first is the AI Security Maturity Model, a framework designed to give organizations a practical roadmap for evaluating and improving their AI security posture. The second is the launch of CSAI, a dedicated nonprofit arm focused specifically on AI security research and guidance. Together, these efforts aim to move the conversation beyond abstract principles and into something security teams can actually use.

They also touch on the expanding role of CSA’s enterprise membership program, which is designed to give larger organizations more direct input into the research and standards the alliance produces. Mogull describes how this creates a feedback loop between the people building security programs and the people writing the guidance those programs rely on.

Mogull then shares a story about using AI-generated code during a live incident response, illustrating both the promise and the unpredictability of these tools in real-world security operations.

Alan Shimel , , , ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 170 posts and counting.See all posts by alan