1 minute reading
About Sandeep Desai
Sandeep Desai is a visionary cybersecurity and technology leader dedicated to building public trust in an era of rapid digital change. As the Chief Information Security Officer for the Arizona Department of Education, he guides security strategy while advancing ethical AI, resilient infrastructure, and governance models that prioritize people. With experience spanning government, global enterprises, and higher education, Sandeep brings a mission-driven perspective on how leaders can shape technology that is secure, resilient, and community-focused.
The “Tutoring” Model for Human Risk Management
The future of security awareness lies in personalization. This session explores how the principles of AI-driven education—such as personalized lesson plans—can be applied to corporate defense. Rather than sending generic, “one-size-fits-all” phishing campaigns that employees often ignore, the topic focuses on using AI to identify an individual’s specific weaknesses and tailoring training content to “what makes them tick”. By bridging the gap between innovation and governance, organizations can create a sustainable and accountable defense system.
Key Quotes:
- “I think utilizing um from the defensive side, right, we’re already utilizing a lot of the tools… I think that needs to come out a little bit more in the forefront”.
- “Stimulating what makes them tick”.
- “We need to have something that’s measurable repeatable reportable that we can actually give to our leadership”.
Precision Training for the Modern Workforce
Mr. Desai compares the defensive side of AI to educational tools like “Khanmigo,” which assesses a student’s strengths and weaknesses to create a custom lesson plan. He argues that corporate training should follow the same model. For example, a generic “pay this invoice” email might not resonate with a developer, but a highly specific email regarding a new tool in GitHub or a suspicious script would be much more effective at testing their awareness.
He advocates for individualized training that is industry-specific and role-relevant, such as differentiating what a nurse experiences in healthcare versus what a procurement clerk sees in a corporate office. Beyond content, Dr. Desai emphasizes the importance of governance. He believes that for any AI-driven human defense program to be successful, it must be “measurable, repeatable, and reportable”. This data-driven approach allows security leaders to demonstrate the effectiveness of their programs to organizational leadership and decide whether to continue a strategy or pivot to a new direction.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
