On CISO Tradecraft, host G Mark Hardy welcomes back JP Bourgeet to discuss what “AI readiness” means for organizations, framing it as both a data governance challenge and a change-management problem. JP defines readiness for CISOs as strong threat protection, data security/governance, and device management, with the biggest gaps typically in labeling, DLP/DSPM, and poor information architecture (e.g., commingled data in SharePoint/Drive). They cover re-architecting past and future data into role-based structures so Copilot can honor permissions and sensitivity labels, plus the value of visibility, auditability, and insider-risk alerting for file access and LLM prompts. JP also discusses agentic systems and upcoming identity challenges for AI agents, compares AI readiness to platform engineering, emphasizes use-case-driven adoption (lunch-and-lear ...