On the 34th episode of Enterprise AI Defenders, hosts Evan Reiser and Mike Britton talk with Micah Czigan, Chief Information Security Officer at Georgetown University. Micah leads security across Georgetown’s global campuses, overseeing a complex digital environment that spans education, research, and enterprise operations.
Georgetown has embraced AI not as a novelty but as an enterprise imperative. “We didn’t wait for the perfect policy,” Micah said. “We wanted to give people a clear starting point.” The university quickly introduced separate guidelines for instructional and administrative uses, then launched pilot programs to test tools like Gemini. These experiments are supported by a secure enclave architecture, which allows sensitive financial or research data to be used while keeping it private and inside the university’s environment.
Micah’s team is also using AI to empower faculty and researchers. One initiative builds profiles from each researcher’s publications and automatically finds relevant grant opportunities. The system flags whether a grant requires environments that meet certain compliance levels, saving time and preventing missteps. Another project, led by Georgetown’s Massive Data Institute, is developing a dedicated AI platform for researchers to use internally.
While AI opens new doors, it also introduces faster and more sophisticated threats. “Phishing emails don’t look like blasts anymore,” Micah said. “They look like they’re written just for you.” To counter this, Georgetown is deploying AI tools that inspect messages, links, and attachments in real time. Training is another priority. Instead of relying on annual compliance sessions, Georgetown runs a continuous cycle of short, trend-based modules. Some are even personalized based on user behavior and threat exposure.
One of the more complex challenges Micah faces is shadow AI. “Shadow AI happens when people don’t feel they have a path to yes,” he explained. Rather than defaulting to blocking tools, his team scans for unauthorized applications and meets with users to find approved alternatives. “We don’t want to just say no. We want to help them get to 80 or 90 percent of what they need in a secure way.”
Micah also discussed how Georgetown is profiling what he calls advisory targets—people whose data or decisions carry greater risk. The goal is to use AI to monitor not just email threats but browsing behavior and system activity. “We’re building a holistic profile, not to spy, but to protect people in roles where they might be targeted,” he said. These systems will operate entirely within Georgetown’s secure environment and can flag risky behavior in real time without exposing personal data.
His Navy experience shapes Micah’s belief in proactive innovation. “When you’re at sea, no one’s coming to save you,” he said. “You have to fix it yourself. You try anything and everything.” That mindset now fuels his willingness to experiment with new AI security models and train his team to think like adversaries. He sees AI as a powerful tool—but only if defenders are willing to move just as fast as attackers.
Listen to Micah’s episode here and read the transcript here.
