Guest: Dr. Matilda Reyes, ITIL v4 Managing Professional
Host: George
Duration: ~25 minutes
Topic: Service management transformation in operational technology environments

What to Remember

ITIL v4 isn't about IT departments—it's about any organization delivering managed services to paying customers under contractual obligations, whether those services run on servers or battery storage systems.

The Core Problem (0:00-3:00)

A global battery energy storage (BESS) company was world-class at operational technology but struggled with:

• Stuck customer satisfaction scores
• Inconsistent SLA performance
• Burnout from heroic individuals keeping systems running
• Scaling challenges as they grew

Key Insight: They weren't selling hardware—they were selling uptime, response times, and grid reliability under 20-year service agreements.

The Three Forms of Resistance (3:00-8:00)

1. "We're Not IT" Objection

Problem: Teams reject ITIL as irrelevant to operational technology Reframe: ITIL stands for Information Technology Infrastructure Library, but it covers any organization delivering managed services using people, processes, technology, and partners Test Question: Do you deliver managed services to paying customers under contractual obligations?

2. "I Have 20+ Years Experience" Objection

Problem: Experienced leaders see frameworks as unnecessary Response: ITIL makes hard-won knowledge transferable, auditable, and scalable beyond individual expertise Critical Question: What happens to service quality when you're not personally available?

3. Performative Compliance

Problem: Teams say the right words but don't change how they work Solution: Make adoption measurable, tie to customer outcomes, create visible dashboards, recognize early adopters

The Transformation Structure (8:00-15:00)

Organizational Restructure

Before: Traditional departmental structure
After: Five clear divisions aligned to service delivery:

1. Program Management and Strategy - Strategic projects, business analysis
2. Global Asset Intelligence - Elevated from small team to major division
3. Service Engineering - Costs, risk, Field Services Center of Excellence
4. Regional Operations - Americas, Europe, APAC territories
5. Sales Support - Deal support, offer design

Coverage Audit Results

• Before restructure: 79% coverage (27 of 34 ITIL practices had clear owners)
• After restructure: 85% coverage (29 of 34 practices covered)
• Key gaps closed: Architecture Management, Project Management, Obsolescence Management

From Heroics to Systems (15:00-20:00)

The Shift in Practice

Old Way: Brilliant individuals working extraordinary hours
New Way: Predictable systems that scale beyond any individual

Concrete Examples

• Problem Management: Known Error Database captures tribal knowledge organizationally
• Incident Management: Every fault has defined owner, escalation path, resolution clock
• Change Management: All updates assessed, authorized, tested with rollback plans
• Service Level Management: Continuous feedback loop from commitment to delivery

Customer Impact

• Faster incident resolution
• Fewer repeat failures
• Proactive communication about maintenance
• Transparent SLA reporting
• Self-service portal that works
• Field teams arrive knowing site history

The One Degree Principle (20:00-23:00)

Core Operating Principle

Every team member must be at most one degree of separation from paying customers:

• First degree: Directly serving customers (field, calls, incidents)
• One degree: Directly enabling customer-facing teams

Internal Dependencies

• No "internal customers" - creates service hierarchies optimizing for internal satisfaction
• Use Operational Level Agreements (OLAs) - internal commitments that enable external SLAs
• SLAs face outward, OLAs coordinate inward

Critical Success Factors (23:00-25:00)

The Artefact and Dependency Register

What it captures:

• What does each team produce?
• What do other teams depend on from you?
• What inputs do you need from others?

Example: Digital Service Center produces KPI dashboards → Field Operations needs dashboards → But depends on clean data from Regional Operations

Making It Stick

1. Map roles to one degree of separation test
2. Audit ITIL coverage - identify practice ownership gaps
3. Reframe resistance - focus on managed services, not technology type
4. Target heroic dependencies - document knowledge before people leave
5. Commission dependency mapping - make invisible dependencies visible

Key Timestamps

• 0:00 - The $50M contradiction: Why OT adopted ITIL
• 3:00 - Three forms of resistance and how to address them
• 8:00 - Organizational restructure and coverage audit
• 15:00 - From reactive heroics to predictive systems
• 20:00 - One degree of separation principle
• 23:00 - Artefact mapping and success factors

Resources

• ITIL 4 Foundation Syllabus - Official overview of all 34 practices
• ITIL 4 Practice Guides - Free excerpts for specific practices
• RACI Matrix Templates - Free responsibility assignment templates

Episode Resources

• Cheat Sheet
• Full Script
• Curriculum

View full show notes

Guest: Dr. Matilda Reyes, Cybersecurity Researcher & AI Safety Expert
Duration: ~25 minutes
Release: Secure AI Podcast

What to Remember

AgentShroud is a transparent security proxy that sits between AI agents and external services, providing defense-in-depth protection without requiring any changes to the agent's code.

The Problem: Autonomous AI Without Security

[00:00 - 04:30] AI agents are becoming incredibly capable—reading email, browsing the web, running code, managing infrastructure—but most deployments have zero security layers between the agent and the outside world.

Five Core Security Risks:

1. Data Exfiltration - Agents leak PII, credentials, or proprietary data
2. Prompt Injection - Malicious users manipulate agents into unauthorized actions
3. Unauthorized Access - Uncontrolled API and database access
4. Invisible Actions - No audit trail of agent behavior
5. Token Abuse - Users burning through API credits in multi-user systems

The Solution: AgentShroud's Architecture

[04:30 - 12:00] AgentShroud uses a "defense in depth" approach with three security pipelines:

Inbound Pipeline (User → Agent)

• Rate limiting (e.g., 20 messages/hour for non-owners)
• User role resolution (owner/collaborator/unknown)
• Prompt injection detection
• Sensitive data redaction
• Role-specific restrictions

Outbound Pipeline (Agent → User)

• Strips hallucinated tool calls
• Blocks credential leaks (API keys, passwords)
• Redacts PII (phone numbers, SSNs)
• Filters internal infrastructure details
• Detects encoding bypass attempts

Egress Pipeline (Agent → External Services)

• Domain allowlist with deny-all default
• Human-in-the-loop approval for new domains
• Real-time Telegram notifications for approval requests
• Complete audit logging

Key Security Features

[12:00 - 18:00]

Transparent Operation

The AI agent has no idea AgentShroud exists—it thinks it's talking directly to APIs and services while every request/response flows through security inspection.

Role-Based Access Control

• Owner: Full access to tools and capabilities
• Collaborator: Zero tool access, hashed identifiers, strict rate limiting
• Unknown: Blocked entirely

Encoding Bypass Detection

Catches attempts to exfiltrate data using base64 encoding, URL encoding, or other obfuscation techniques by analyzing strings longer than 24 characters.

Fail-Closed Philosophy

Everything starts blocked; you explicitly allow what you need. Prevents unknown threats at the cost of initial configuration overhead.

Real-World Security Gaps

[18:00 - 22:00] Most AI agent deployments are missing:

1. No PII redaction on agent output
2. No egress control - agents can reach any URL
3. No audit trail of agent actions
4. No role-based access control
5. No prompt injection defense

These aren't edge cases—they're foundational gaps that attackers are already exploiting.

Current Status & Future

[22:00 - 25:00]

• Version 0.8.0: "Enforcement hardening phase" with 2,300+ automated tests
• Private beta with active development
• Version 0.9: Production hardening and performance optimization
• Version 1.0: Public release with full documentation

Key Takeaways

For Your AI Deployments:

1. Audit your current setup: Do you have PII redaction? Egress control? Audit trails?
2. Implement defense in depth: Don't rely on single security mechanisms
3. Use fail-closed defaults: Unknown activity should be blocked, not allowed
4. Require role-based access: Not every user needs the same agent permissions

Why External Security Matters:

If you embed security into the agent itself, a compromised agent can disable its own security. A transparent proxy is external—the agent can't see it, modify it, or bypass it.

Become a Collaborator

AgentShroud is in private beta and accepting collaborators — especially red team testers.

How to connect:

1. Open Telegram (download from telegram.org if you don't have it)
2. Search for @agentshroud_bot
3. Tap Start or send /start
4. That's it — you're connected. Just start chatting.

Send your registration info and you'll get approved.

Quick things to try:

• "What is AgentShroud?" — get an overview
• "How does the security architecture work?" — see the pipeline design
• "How can I help with red team testing?" — get attack ideas
• Try to get it to reveal sensitive data (that's the point!)

Note: The bot runs through a security proxy, so some things will be intentionally blocked. That's the product working, not a bug. If you find a way around the restrictions — that's exactly what we need to know.

Resources

• OWASP AI Security and Privacy Guide: Comprehensive AI security framework
• NIST AI Risk Management Framework: Official US government AI risk guidelines

"Autonomy without oversight is dangerous. But with the right security layers, we can make AI agents both powerful and trustworthy." — Dr. Matilda Reyes

Episode Resources

• Cheat Sheet
• Full Script
• Curriculum

View full show notes