Posts by Tim Freestone

Tim Freestone, Chief Strategy Officer, Kiteworks

Tim joined Kiteworks as chief marketing officer in 2021 and was promoted to Chief Strategy Officer in 2026. Tim brings over 15 years of experience in marketing and marketing leadership, including demand generation, brand strategy, and process and organizational optimization. Tim was previously vice president of marketing at Contrast Security, a scale-up application security company. Before Contrast, Tim was the vice president of corporate marketing at Fortinet, a next-generation firewall and cloud security company.

Tim holds a Bachelor’s degree in Political Science and Communication Studies from The University of Montana.

How Should Enterprise AI Systems Authenticate? A Security Leader’s Guide to AI Credential Management

by Tim Freestone March 16, 2026March 16, 2026 | Cybersecurity Risk Management

Every enterprise AI system that accesses data needs credentials. That is not a new problem — applications have authenticated to data systems for decades. What is new is the attack...

Why RAG Implementations Fail Security Review — and How to Build One That Doesn’t

by Tim Freestone March 16, 2026March 16, 2026 | Cybersecurity Risk Management

The demo worked. The pilot was compelling. The business case was strong. And then the security review started. For many enterprise AI teams, this is where Retrieval Augmented Generation (RAG)...

Direct API vs. MCP vs. AI Data Gateway: How to Choose the Right AI Integration Architecture

by Tim Freestone March 13, 2026March 13, 2026 | Regulatory Compliance

Every AI engineering team building on enterprise data eventually faces the same architecture decision: how does the AI connect to the data? Three patterns dominate the current landscape. Direct API...

Zero-Trust for AI Systems: Why the Same Principles Apply — and Where They Break Down

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

Zero-trust is one of the most mature frameworks in enterprise security. The principles — never trust, always verify, assume breach, enforce least privilege — are well understood, well implemented, and...

Shadow AI Is Already in Your Organization. Here’s How to Respond Without Banning Everything

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

Your legal team is using consumer AI to review contracts. Your finance analysts are pasting quarterly data into chatbots to draft board summaries. Your clinical staff are describing patient cases...

RAG in Production: The Governance Checklist Security Teams Need Before Go-Live

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

The gap between a RAG pilot and a production deployment is not technical — it is a governance gap. Pilots are built to prove AI capability, so they take shortcuts:...

Prompt Injection, Credential Theft, and AI Trust Boundaries: What Developers Building on LLMs Need to Understand

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

Building on large language models introduces an attack surface that most application security frameworks were not designed to address. Traditional web application threats — SQL injection, CSRF, path traversal —...

How to Make the Business Case for Governed AI to a Risk-Averse Security Team

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

The AI project has executive sponsorship. The use case is compelling. The technology is ready. And then it reaches the security team, and the answer is no — or not...

5 Critical Data Security Risks Facing Financial Services in 2026

by Tim Freestone March 13, 2026March 13, 2026 | Cybersecurity Risk Management

Financial institutions operate in one of the most threat-dense environments across all industries. They hold vast volumes of customer data, process millions of transactions daily, and face relentless scrutiny from...

5 Critical Data Sovereignty Challenges for Banks in Qatar

by Tim Freestone March 13, 2026March 13, 2026 | Regulatory Compliance

Banks in Qatar operate under some of the most stringent data sovereignty requirements in the Gulf region, where regulatory compliance frameworks mandate that sensitive financial information remains within national borders...

Explore Kiteworks