Fellow security leader — this is my favorite kind of post, because you're starting in exactly the right place. Most people learn Claude Code and agents by asking "what can it do?" and bolt security on later. You're starting from the threat model, which means you'll skip about 80% of the rework the rest of us did. I'm a CTO/CISO and I run an AI/software studio, so I've had to build this muscle for my own org and for clients living under SOC 2 / ISO 27001. Two frames have served me well: how I practice, and how I actually build. 1) ENGAGEMENT & PRACTICE — treat your learning environment as production-adjacent. • All org AI usage runs through sequestered, domain-bound tooling. For us that's been ChatGPT Teams locked to our org domain, and I'm mid-migration to Claude (Team/Enterprise) now. Personal/free accounts touching org data is a hard no. • Experiments live in a homelab or remote lab — never onsite. My own OpenClaw build runs externally on a hardened Hostinger VPS in Docker, fully off the internal network, and I require the same of everyone, IT team included. Nobody's first agent experiment gets to touch the corporate LAN. • I run hands-on AI-usage + security trainings for staff and constituents, and we just wrapped two rounds of an ethical-AI course in our LMS. Hands-on beats slideware every time. If you want one recent reason this posture is correct: the OpenClaw skills supply chain got hit hard this year — the ClawHub registry was poisoned at scale (several of the most-downloaded skills turned out to be malware), and Microsoft issued an enterprise advisory on it. That's the entire case for "experiments live in the lab, not on the network" in a single news cycle. So, practice advice: stand up an isolated lab (VPS or local VM + Docker), get a real Anthropic Team/Enterprise seat for actual work, and learn by building small agents in that sandbox before anything earns network access. 2) DEVELOPMENT & TOOLING — where I'd actually start, in order. Everything I ship has to survive a Drata-driven SOC 2 / ISO 27001 audit. Commit to an security/audit framework like one of the 2 above (talk to your CISO or supe about that), and it will guide a lot. The privacy + integration work for the web & mobile apps I lead my dev team building, hardening Entra/Active Directory, Salesforce, and the surrounding infra taught me the core lesson: an agent is just a privileged non-human identity — so I treat it like one. Start with the official material, then layer the security frameworks.