Reading Time: 12 minutes

The People-First CISO Jake Bernardes Redefining Security, Governance, and Trust Through Data and Transparency

Anecdotes: The People-First CISO Jake Bernardes Redefining Security | The Enterprise World

Technology continues to evolve at a remarkable speed, reshaping industries, redefining business models, and changing the way organisations operate. Yet amid constant transformation, one principle remains unchanged: trust. Whether in leadership, security, or governance, lasting success depends not simply on innovation itself, but on the confidence people place in the systems, decisions, and relationships that support it.

For Jake Bernardes, CISO at Anecdotes, this philosophy has become the foundation of his leadership journey. He believes effective governance begins with transparency, resilient organisations are built on visibility, and meaningful leadership starts by empowering people. As artificial intelligence continues to accelerate change, Jake is helping redefine how organisations approach security and governance through a vision rooted not only in technology but in trust, accountability, and data that reflects reality.

The Making of a People First Security Leader

Jake Bernardes’ professional journey has been shaped by curiosity, adaptability, and a deep passion for technology. From an early age, he was fascinated by understanding how technology worked, spending his time building PCs, experimenting with software, exploring code, and learning how systems operated behind the scenes.

Following a church mission in Germany, he pursued studies in Chinese, German, and Business before beginning his career at IBM, where he worked with mainframes. His move to KPMG marked an important phase in his journey, exposing him to business strategy and providing a deeper understanding of how successful organisations operate. A later opportunity to transition into cybersecurity felt like a natural progression, combining technology, business, problem-solving, and human behaviour into a single discipline.

A defining turning point came during his time at NCC Group, where leadership mentorship and international experience accelerated both his professional and personal growth. His first CISO opportunity emerged unexpectedly when MemSQL, now SingleStore, invited him to build and lead its security program following a security assessment engagement.

Over the years, Jake’s leadership philosophy has evolved around trust, accountability, and empowering people, with success measured not by titles but by the growth and achievements of those he helps develop.

A Day in Jake Bernardes’s Life

Balancing leadership with family, focused work, and intentional moments of disconnection, his day is built around productivity, relationships, and maintaining meaningful personal time.

Anecdotes: The People-First CISO Jake Bernardes Redefining Security | The Enterprise World
  • 7–9 am: Family time and school run with the kids — no phone, just dedicated time together.
  • 9–11 am: Check emails, connect with the team in Tel Aviv, and address any overnight developments from the USA.
  • 11 am–1 pm: Exercise and spend quality time with my wife through running, biking, walking, and meaningful conversations.
  • 1–5 pm: Deep-focus work session — tackling tasks and making progress before the USA workday fully begins.
  • 5–9 pm: Back-to-back calls with internal teams, customers, advisory discussions, and podcast recordings.
  • 9–11 pm: Wrap up work, help put the kids to bed, and spend time with my wife before sleep.

Rethinking Governance for a Changing World

Jake Bernardes recognised a longstanding disconnect within enterprise governance. While businesses across industries had embraced data-driven decision-making, compliance processes often continued to rely on screenshots, spreadsheets, interviews, and point-in-time audits that offered only limited visibility into operational realities.

This challenge aligned closely with the vision behind Anecdotes, which was built to create a more effective approach to governance. Rather than depending on carefully curated snapshots of information, the focus was placed on leveraging operational data directly from the systems organisations use every day.

Over time, that vision expanded beyond traditional compliance objectives. Jake believes governance, risk, and compliance should be built upon complete and trustworthy datasets rather than static reports or simplified indicators. As artificial intelligence continues to influence enterprise environments, he sees reliable data becoming even more critical, with organisations needing confidence that the information guiding decisions reflects reality. At its core, the goal remains clear: empowering businesses to make stronger and more informed decisions through data they can trust.

Beyond Control and Compliance

Jake believes one of the biggest misconceptions in enterprise environments is treating governance and security as the same challenge when they are fundamentally different problems. From a governance perspective, he has seen growing concerns around AI governance frameworks struggling to keep pace with the technology they were designed to regulate. Standards such as ISO 42001 and the NIST AI Risk Management Framework were created with strong intentions, but AI is evolving so rapidly that frameworks risk becoming outdated before organisations fully adopt them. For Jake, this reinforces an important lesson that governance cannot become a checklist exercise. Organisations need flexible, risk-based approaches aligned with their business priorities, risk appetite, and practical AI use cases.

The security challenge presents a different reality. Jake has seen AI amplify the long-standing issue of shadow IT, allowing employees to access tools, generate code, connect systems, and automate processes faster than security teams can track them. While this creates opportunities for innovation, it also introduces risks around vulnerabilities, third-party dependencies, software quality, and data exposure. The biggest lesson for Jake has been simple: resilience matters more than perfection.

The Cost of Moving Faster Than Visibility

Anecdotes: The People-First CISO Jake Bernardes Redefining Security | The Enterprise World

Jake believes the most significant risk many organisations continue to underestimate is the speed at which artificial intelligence is transforming business operations. Historically, security teams had time to adapt as new technologies were introduced gradually through structured processes. In his view, AI has fundamentally changed that dynamic.

One of the primary concerns Jake identifies is visibility. Employees can now generate code, build automations, connect systems, analyse data, and deploy workflows with unprecedented ease, often without involving security teams. As a result, many organisations underestimate how deeply AI is already integrated into their operations and how many critical processes rely on it.

He also points to the impact on software development. AI has significantly increased development speed, enabling teams to innovate faster. However, vulnerabilities, insecure dependencies, and poor design decisions can also move through development cycles at the same pace, creating new challenges for security teams.

Jake also believes resilience remains one of the most overlooked priorities. Rather than focusing solely on prevention, organisations must be prepared to detect, respond, recover, and adapt effectively when failures inevitably occur.

A Different Lens on Governance 

Jake believes that many traditional GRC platforms have historically focused on workflows, dashboards, and process management. In his view, the real distinction lies in data, and he sees this becoming important in the age of artificial intelligence.

Jake often refers to a simple but powerful principle when discussing AI: “garbage in, garbage out.” He believes that when the underlying data is incomplete, inaccurate, or overly simplified, AI does not solve the problem. Instead, it amplifies existing weaknesses and creates larger challenges.

This perspective has strongly shaped his thinking around the future of governance. Rather than reducing complex operational realities into a series of green checkmarks, Jake believes organisations need richer and more complete operational data that captures the full picture. He sees this as essential for creating stronger visibility across risk, compliance, and security while also establishing a more reliable foundation for AI-driven analysis and automation.

For Jake, the future of GRC will not belong to organisations with the most impressive dashboards. It will belong to those with the strongest and most meaningful data.

Risk as the Foundation

Everything begins with risk. While this may appear to be a straightforward principle, Jake has observed that many organisations spend significant time discussing controls, frameworks, audits, and compliance requirements before fully understanding the risks they are trying to reduce.

Jake has consistently adopted a different approach throughout his leadership journey. He believes every tool, service, process, and budget decision should map directly to a specific risk. When a risk does not have a meaningful mitigation strategy, it often signals the need for additional investment. Likewise, if a particular initiative is not contributing toward reducing risk, he believes its value should be carefully reassessed.

This way of thinking creates clarity across the organisation. It simplifies prioritisation, budgeting, planning, and decision-making because discussions continue to return to a fundamental question: what risk is actually being reduced?

For Jake, risk should not be treated as a reporting exercise. He believes it should serve as the operating system that guides security and governance decisions across the organisation.

Better Visibility, Better Decisions

Anecdotes: The People-First CISO Jake Bernardes Redefining Security | The Enterprise World

Through his work at Anecdotes, Jake has repeatedly seen organisations discover that their compliance programs sometimes create a false sense of confidence. Many businesses assume they have complete visibility into their controls because they rely on periodic reports, dashboards, and audit outcomes. However, Jake has observed that when operational systems are connected and examined more comprehensively, a different picture can emerge.

One example involved an organisation that believed it had established a mature vulnerability management program. Monthly reports consistently reflected strong compliance with internal requirements, creating confidence that processes were functioning effectively. However, by analysing complete datasets across multiple security tools rather than relying on sampled evidence, previously unnoticed gaps in patch coverage and asset visibility began to surface.

For Jake, the challenge was never about a lack of controls. The issue was incomplete visibility. He believes that the real value comes from enabling organisations to understand what is truly happening within their environments rather than relying on assumptions.

In his view, stronger compliance is often a by-product. The greater transformation lies in creating clearer visibility, improving risk awareness, and empowering better decisions across the organisation.

Three Principles of Trust

For Jake, trust remains the foundation of every relationship between organisations and the people they serve. He believes that regardless of how advanced technology becomes, its value ultimately depends on whether customers have confidence in how their information is collected, protected, and used.

Jake approaches this responsibility through three principles: security, transparency, and control. 

Security: Jake believes security should be built into products from the beginning rather than introduced later. Protecting customer data, in his view, is not simply a feature but a responsibility that requires strong engineering practices, secure access controls, continuous monitoring, and a culture where security is shared across the organisation.

Transparency: Transparency is equally important in Jake’s leadership philosophy. He believes organisations should provide clarity around what information is collected, why it is used, and who has access to it. He sees openness as essential for building long-term confidence.

Control: Jake also believes customers should retain greater control over how sensitive information is managed. Through approaches such as Data Delegation at Anecdotes, he has supported methods that reduce unnecessary data movement while strengthening confidence in how information is handled.

As governance becomes AI-driven, Jake maintains that accountability cannot be transferred entirely to technology. While AI can strengthen decision-making, he believes responsibility for those decisions will always remain with people.

The Balance Between Speed and Responsibility

Jake believes security and compliance should enable innovation rather than slow it down. Throughout his leadership experience, he has maintained that the most effective approach lies in understanding both an organisation’s risk appetite and the way products are actually built. In his view, once these elements are clearly understood, it becomes possible to design controls that meaningfully reduce risk without creating unnecessary friction for engineering and product teams.

He also believes that strong relationships between security and engineering teams are essential to building effective programs. Jake has consistently observed that the strongest security initiatives are developed alongside engineers rather than imposed upon them.

His leadership philosophy has long been rooted in influence rather than authority. Jake believes that highly capable teams will always find ways around controls they do not believe in, making trust and credibility fundamental elements of effective leadership.

For Jake, security delivers its greatest value when teams recognise that it helps them move faster, build stronger products, and reduce risk simultaneously. In those environments, security evolves beyond a supporting function and becomes an accelerator for innovation and business growth.

From Achievement to Impact 

Leadership reshapes more than professional responsibilities; it transforms perspective, priorities, and purpose. What begins as a journey driven by personal ambition gradually evolves into a commitment to empowering others, creating meaningful impact, and building lasting success beyond oneself.

Life Before Entrepreneurial Leadership

  • Focused on personal success and career growth
  • Driven by ambition and the pursuit of the next opportunity
  • Fast-paced, impatient, and constantly looking ahead
  • Believed leaders needed to have all the answers
  • Motivated by achievement and individual milestones
  • Hungry, driven, and impulsive

Life After Entrepreneurial Leadership

  • Prioritises the growth and success of others
  • Invests in people through mentorship and support
  • Leads through listening, questioning, and collaboration
  • Embraces humility and values collective strengths
  • Focused on creating lasting impact over personal wins
  • Measured, caring, and patient

The Future Will Be Built on Continuous Trust

Predicting five years into the future feels ambitious when most of us are struggling to predict five months ahead.

Jake Bernardes

Jake believes predicting the future of artificial intelligence has become challenging as technology continues to evolve at a remarkable speed. However, he remains confident that several shifts will significantly redefine governance over the coming years.

He anticipates governance becoming automated and data-driven, alongside the emergence of a new generation of professionals known as GRC Engineers. Rather than relying on manual compliance activities, these professionals will focus on building workflows, automations, integrations, and AI-driven processes that enable more efficient and intelligent governance.

Jake also believes organisations are approaching the end of point-in-time compliance models. Customers, regulators, and boards expect greater transparency, real-time visibility, and direct access to operational data rather than depending solely on annual audits and static reports.

Looking ahead, Jake envisions a future where trust becomes more dynamic and accessible, with organisations embracing continuous assurance and machine-readable evidence. Through his work with Anecdotes, he continues to support a vision centered on transparency, stronger trust, and smarter governance.

Building the Future of Trust-Driven Security and Data-Led Governance in the Age of AI

Anecdotes: The People-First CISO Jake Bernardes Redefining Security | The Enterprise World
  1. Trust is the true foundation of modern cybersecurity leadership
  2. Governance must evolve from static compliance to real-time, data-driven intelligence
  3. AI has accelerated both innovation and hidden risk exposure
  4. Risk should be the operating system of every security decision
  5. The future of GRC will be built by “GRC Engineers” and continuous assurance models
Quick Takes
One tool or appLinkedIn 
One quote“You can’t connect the dots looking forward only looking backwards” (Steve Jobs) 
One piece of adviceYou’ll only ever regret the things you didn’t do because everything you choose to do will be for your learning or benefit.  
One bookLessons from the Frontlines: Insights from a Cybersecurity Career (Assaf Keren)  

Did You like the post? Share it now: