Compliance Unfiltered With Adam Goslin

On this episode of Compliance Unfiltered, Todd Coshow and cybersecurity expert Adam Goslin delve into the hidden dangers of AI's rapid adoption. They uncover why organizations are neglecting essential safeguards, leaving sensitive data vulnerable, and how AI is being exploited as a malware command center. With insights into recent security failures and emerging standards from ISO, NIST, and IEEE, this episode is a must-listen for security professionals and business leaders. Learn how to implement responsible AI strategies and avoid becoming a cautionary tale. Hit play to understand what's truly at stake with AI.

On this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.

In this crucial episode, of Compliance Unfiltered, the CU Guys cover some of the alarming tactics of online predators targeting children on platforms like Roblox and Discord. Discover how these predators build trust, impersonate kids, and manipulate them into dangerous situations. Learn about the hidden dangers in popular gaming spaces, the impact of recent exposés, and practical steps for parents to protect their children. This episode is essential listening for anyone concerned about children's safety in the digital world. Arm yourself with the truth and join the fight to protect the next generation.

Struggling with compliance chaos? Join the CU Guys as they uncover how adaptive solutions can transform your compliance process. In this episode, Adam shares insights from his decade of experience, revealing how to streamline compliance with dynamic mapping and adaptable tools like the TCT Portal. Learn to cut time, reduce risks, and save money by customizing workflows and eliminating redundant efforts. Perfect for compliance teams and leaders eager to see real cost savings and efficiency. Tune in to revolutionize your compliance strategy today!Episode Transcript:We're gonna chat today, Adam, about, well, about using our imagination. As a matter of fact, let's imagine using an adaptive compliance tool. Tell the folks about it. Sure. This is a topic that's, it's just, it's applicable for folks that are struggling with compliance, ones that are already familiar with the landscape, et cetera. It's a inventive and special kind of torture that people go through when you're trying to fit your compliance program into some type of a rigid structure or setup. At some point in the game, the light bulbs start going on, or maybe not, that you're spending more time screwing around with manual workarounds, bridging gaps between what you'd like to do and what you're actually doing, et cetera.And there's a lot of tooling out there and there's compliance platforms. They were built in a kind of a best case scenario mindset, initially up against a single standard, and then they started shoehorning in other ones, type of a deal. Somebody that was originally when they started doing things, this is the way they did it. So they built a whole platform around that, and now everybody that uses it is kind of stuck with it, type of a deal. So for folks that are juggling different certs or have some complexity to their engagement, they've got different divisions across the globe, et cetera, then that's where you start moving away from that kind of best case scenario type of a deal. And so it's part of the fun, the adventure that we've been on is we've seen how frustrating it can be to manage a compliance, a compliance engagement that has complexity because we've been through it ourselves.We've experienced as a organization that's gone through compliance. We've assisted and helped innumerable organizations with managing their compliance. We've worked alongside assessors and auditors. I personally spent close to two years doing level one QA work for a large international QSA firm. So it's been a rewarding adventure to navigate the waters of seeing what was out there and then being able to serve folks that are in this space. And it's also important for folks. One of the biggest things that I like to tell people is a lot of people will kind of get into this mode. They do whatever they do to be able to manage their compliance. And they get it to a point where it's almost like, I'm capable of getting this done. And so they go, oh, that's cool. We're just going to go and stick with that. So they get into this point of where it works, AKA they accomplished the objective.But my big recommendation is for those folks, especially if I look at it from the perspective of those in leadership as an example, I love to use this talking point a fair amount because I remember as a frontline person responsible for compliance for the organization, my boss would just swoop by my desk type of a deal. And hey, it's compliance season again. Good luck. Make sure that we have all our crap done by blah, blah, blah, blah, blah. And then he would flip off type of a deal. And between the good luck and where's my fucking report, There was a whole bunch of blood, sweat, tears, pain, stress, you know, but a lot of that happened.

On this episode of Compliance Unfiltered, The CU Guys dive into the often-overlooked world of service accounts. They explore the critical role these accounts play in organizational environments, ensuring seamless communication and authentication across systems. Adam shares best practices for setting up service accounts, including the importance of descriptive naming and secure password management. The episode also features cautionary tales from the trenches, highlighting common pitfalls and the importance of proper documentation and controlled testing. Tune in to learn how to enhance your organization's compliance and security posture by giving service accounts the attention they deserve.Episode Transcript:Well, today, Adam, we're going to talk about something a little different, specifically something we haven't chatted much about before. And that is service accounts. Why don't you give the listeners a high level overview of service accounts and what they're typically used for?Sure. So in an organizational environment, the systems will use accounts for communication, for authentication to the network, for interaction between web servers and database servers or file servers and basically look at it as the accounts that the infrastructure or software within the environment is leveraging to be able to effectively communicate with other systems and other infrastructure and all that fun stuff. So service accounts is kind of a, it's similar to your login when you come in in the morning and you log into the network, you put in your username and password and everything and then you can get to your email and get onto the network, et cetera.Similar type of notion, but it's an account that's just used by the systems within the environment. So it basically, those accounts kind of keep things ticking, communicating, moving, all of that fun stuff within an organization's environment.Sure. Now, what are some of the things that listeners should take into account when setting these accounts up?Well, you know, and this comes from, you know, from a year or three of, you know, kind of dealing with, you know, dealing with different organizations and, you know, and whatnot. Best practices as well, but, you know, just things have tripped across, etc.But, you know, as an example, you know, typically with a user's account, you would, you know, the different organizations have different methodologies, right? First name, dot last name, or first initial and last name, you know, type of a thing. And similarly, get into the habit of using descriptive names for your service accounts. So you actually know what these accounts are doing. With most accounts, there's an additional field that will be providing, like, a description of what this account's being used for. So you don't need to get too wordy with the naming of the account, but you put detailed descriptions in, you know, against those accounts so that it's really clear, you know. You got to remember, you know, a lot of times these accounts, a lot of times these accounts are set up and then people aren't, you know, aren't doing anything with them for extended periods of time. It may be years down the road and somebody's come back in and going, well, what the heck is, you know, XGK42C user account doing? No clue. So it helps if you name them appropriately, et cetera, because what I've seen in some environments, like, well, what's this being used for? Oh, let's shut it off. Yeah. So sometimes it doesn't end up well. You know, for those accounts, setting up long, complicated passwords, these are machine-based accounts. They don't give a hoot about entering in a 50-character password, you know, scrambled, you know, scrambled barf.

On this milestone 200th episode of "Compliance Unfiltered," The CU Guys delve into the evolving landscape of cybersecurity, focusing on how AI is being leveraged by both defenders and attackers. They explore the dual nature of AI, highlighting its potential to enhance security measures while also lowering the barriers for cybercriminals. From AI-generated malware to sophisticated social engineering tactics, this episode provides a comprehensive look at the current arms race in cybersecurity. Join Todd and Adam as they discuss the implications of these advancements and the importance of staying vigilant in an ever-changing digital world.Episode Transcript:Honestly, we have to go do some digging and some research, but I'm not sure how many compliance-related pods have 200 episodes. So I think it's fair to say we're in a relatively elite group, if you will, but no, it's been fun doing what we do. It's fun to be able to bring data, information, topics, and discussions to folks in the compliance space. Hopefully, they've enjoyed the ride as much as we have, but hey, we'll keep cracking. You and I were talking a little bit ago, we'll do something a little more spectacular for episodes like 250 or something, as we get to that point. It's been fun, been a good ride, but I'd also echo the notion, for the folks that are listening, do us a favor, honestly, what do you want to hear about? Did you hear about something cool, some new topic in the security or compliance space that you want to know more about, something that, in your retrospective, you think that we haven't quite covered in its entirety, something else that we could hit? Follow me, give us the ideas. We love receiving the feedback and the input, always looking for neat new stuff to chat about, so pretty cool. Absolutely. Well, today we're going to chat about, you know, a hot topic, I would say, and that's specifically how hackers are using AI in 2026.So there is a lot of talk of AI being used for good, but at a high level, how is AI helping the bad actors out of it? Well, I mean, with any technology, as it goes from its infancy and starts to blossom, if you will, it has the capability for being used to help those which are protecting organizations or that are outsourcing security-related functions to companies, things along those lines. And so, for the good guys, there are certainly added benefits to the notion of AI, but most certainly, there's no question that the bad actors out there, they similarly, it's almost like getting into an arms race, where they're able to use that same technology for evil.And taking advantage of capabilities for increased speed, automation, more advanced attacks, things along those lines. So, we'll get into a number of those topics today, but now it's being used on both sides of the fence, and it very much feels like an arms race unfolding, as we speak, if you will. No, no, most definitely. Now, for many cybersecurity professionals, the best offense is a great defense. But how is AI lowering barriers to entry for the bad guys? Well, you know, for the bad guys, you know, they're developing, you know, they're developing tools. It used to be that, you know, you have that or whatever. Let's say we go back 10 years, right? You know, you had to have a certain level of capability, level of skill, things along those lines that, you know, that would be, you know, that would be happening.

On this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity.Episode Transcript:So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction.But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera.But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization.So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera. And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.

Join the CU Guys on this special New Year edition of Compliance Unfiltered. As they reflect on the past year and look forward to 2026, the guys discuss the evolution of compliance standards, the role of artificial intelligence in streamlining client engagements, and the importance of client feedback in shaping the future of TCT. Tune in for insights on how TCT plans to enhance its platform to better serve the diverse needs of its clients in the compliance space.

On this festive edition of Compliance Unfiltered the CU Guys delve into the challenges and joys of the compliance season. With a focus on gratitude and reflection, they discuss the importance of operational mode in easing compliance burdens and share insights on how TCT is making compliance management more manageable. Tune in for a heartfelt conversation filled with appreciation for clients and colleagues, and a sneak peek into TCT's future innovations. Don't miss this engaging episode that promises to make your compliance journey a little brighter. #ComplianceUnfiltered #TCT #ComplianceManagement

On this episode of "Compliance Unfiltered," The CU Guys dive into the intricacies of compliance management programs. They explore various implementation approaches, from manual spreadsheets to sophisticated systems, and discuss the importance of organizations owning their data. Adam shares insights on the potential pitfalls of relying solely on assessor systems and emphasizes the efficiencies gained by leveraging internal systems. Check out this episode to discover how to streamline your compliance processes and make your organization's compliance journey more efficient and effective.

The CU Guys dive into the heightened risks hotels face during the holiday season. They discuss the importance of maintaining cybersecurity vigilance amidst increased traffic and seasonal hiring. The conversation covers best practices for background checks, training, and physical security, emphasizing the need for diligence to prevent data breaches. Tune in to learn how to protect your organization during the busiest time of the year.

The CU Guys dive into the critical topic of central logging sanity checks. They explore the common pitfalls organizations face when they set up central logging systems and then leave them on autopilot. Adam emphasizes the importance of regular sanity checks to ensure that logging systems are functioning as expected and highlights the risks of assuming everything is working perfectly. The discussion also covers the need for compliance professionals to validate assumptions, spot-check logs, and ensure that alerts are being properly handled. Tune in to learn how to maintain a robust compliance program that truly supports organizational security.Episode Transcript:Today, we're going to talk about, you know, another central theme here, not just a central member to a band, but central logging, specifically central logging sanity checks. So a lot of companies that have mature compliance programs set up their central logging and then kind of put it on autopilot. What are the downsides there, Adam? Well, I mean, I've been for a long time, a huge fan of trust, but verify. And, you know, when the, when the companies go in and, and kind of set up their, their central logging, you know, they, they really do just kind of, okay, we're done, you know, we're done, we've, we've established all the things, you know, we've done all the checks and we've set up the system and we have all the right processes and, you know, we, the, the reviews are happening and alerts are flying and, you know, so then they just, you know, move into this mode where they just literally let her roll and, you know, and then don't tend to go back to it, you know, for, you know, for a recheck or a sanity check or, or whatnot. They just go into the guiding assumption that everything's good because it's up and it's, nothing's gone boom and, you know, blah, blah, blah.So, you know, the, the, the most important part for, for these organizations is that they, they go back in and, you know, double check, you know, is, is what I think happening, is it actually happening? You know, but, you know, they got, they got to go back in and, and just do a sanity check on, you know, on things. So, you know, that's kind of the, the, the driving force here with the, with this particular topic. Sure. Now with that in mind, what are some of the concerns that compliance professionals should be focusing on?Well, I mean, first and foremost, you know, is everything that I think is logging actually logging, you know, is it are things that I set up to, to, you know, to log, are they still logging? Did something go off the rails? Um, it's really, really easy, uh, depending on the system and the, and the structure that's set up, what checks and things that they put in place, it's really easy to, I don't know, I'm just gonna make a number up. So let's just pretend, you know, out of the gate, there were a hundred different things that were, you know, that were sending stuff to central logging. Well, you know, fast forward a couple of months or in a lot of cases, a couple of years, um, you know, the, uh, are the things that we, uh, are those hundred things still, still doing what they're doing?I mean, you know, there's, there's all sorts of possibilities for something going wrong. You know, you've got, you know, updates or patches that, you know, may go ahead and interfere with the, with the capability for those devices to push their logs. I mean, it could be something as simple as, you know, somebody was messing with a firewall rule to try to do some troubleshooting and, you know, lock down some ports so they could get some things isolated, et cetera. And then forgot to put every, put Humpty Dumpty back together, you know, back together again and blah. And in the process, you know, block the, you know, the outbound logging, you know, capability from, you know, fill in the blank device, that type of thing.

In this heartfelt episode of "Compliance Unfiltered," as the TCT Guys reflect on their journey with TCT, sharing personal stories of growth, challenges, and gratitude. Adam and Todd delve into the evolution of TCT, the invaluable input from clients, and the strong relationships built over the years. Join them as they discuss the importance of client feedback in shaping the organization's offerings and celebrate the dedicated team that makes it all possible. Tune in for an inspiring conversation about making compliance management a little less daunting and a lot more rewarding.

In this episode of "Compliance Unfiltered," the CU Guys dive into the complexities of managing multiple compliance certifications and custom request lists. They explore the challenges faced by organizations of all sizes, from small businesses to international giants, in navigating the ever-evolving compliance landscape. With insights into the common pitfalls and practical advice on streamlining processes, this episode is a must-listen for anyone involved in compliance management. Tune in to discover how to make your compliance journey less painful and more efficient.

In this episode of Compliance Unfiltered, The CU Guys dive into the challenges and strategies for retailers as they gear up for the holiday season. With cyber threats on the rise, particularly AI-driven attacks, the duo discusses the importance of proactive measures, employee training, and maintaining PCI compliance. They also explore the impact of seasonal hiring and the need for vigilance in protecting sensitive data. Tune in to learn how retailers can navigate the bustling holiday period while safeguarding their operations.

On this week's  episode of Compliance Unfiltered, The CU guys get candid and take a dive into the world of vendor relationships and the challenges faced in the marketplace. Adam shares his personal journey from working with "boneheads" to founding his own company, emphasizing the importance of genuine customer service and the pitfalls of AI hype. With a mix of humor and insight, they explore the disconnect between vendors and clients, offering a refreshing perspective on how businesses can truly serve their customers. Tune in for an unfiltered discussion that promises to be both enlightening and entertaining!

On this Episode of Compliance Unfiltered, the CU Guys delve into the complexities of HIPAA compliance for hospital systems. Adam discusses the dual nature of hospital compliance, highlighting both the advantages of early adoption and the challenges posed by the complexity of hospital systems. The conversation covers the intricacies of managing multiple compliance standards, the inefficiencies and costs associated with manual compliance processes, and the importance of maintaining control over compliance data. Adam emphasizes the need for hospital systems to regularly update their compliance controls to align with current technologies and reduce risks. All this, and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU Guys dive into their recent experiences at the PCI European Community Meeting in Amsterdam. From the city's impressive public transportation to the vibrant conference atmosphere, they share insights and anecdotes that highlight the unique charm of Amsterdam. Discover the excitement around TCT's latest technology, EasyCert, and how it resonated with attendees. Whether it's the eclectic mix of conversations or the delightful culinary adventures, this episode captures the essence of a memorable trip. Tune in for a blend of professional insights and personal stories that make for an engaging listen.

On this episode of Compliance Unfiltered, the CU Guys dive into the critical role of inventory management within large-scale engagements. They explore why inventory is central to security and compliance programs, share insights on integrating inventory into daily operations, and discuss common pitfalls organizations face. With Adam's practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their compliance strategies. Special thanks to listener Heidi for suggesting this topic! Tune in and discover how to make inventory a core element of your compliance DNA, on this week;'s Compliance Unfiltered!

On this week's episode of Compliance Unfiltered, The CU Guys discuss the launch of EZ Cert, a new feature in the TCT Portal, designed to simplify compliance tasks for end users. Adam explains how EZ Cert streamlines the interface, making it more accessible and efficient for users who only occasionally interact with the system. The conversation highlights the business value of EZ Cert, emphasizing its ability to reduce bottlenecks and improve the efficiency of compliance engagements. The episode also touches on the benefits of EZ Cert for assessors. All this and more on this week's Compliance Unfiltered.

On this week's episode of Compliance Unfiltered, the CU Guys dive into their enriching experience at the PCI North American Community Meeting in Fort Worth, Texas. Discover how the conference exceeded expectations with improved organization and engaging interactions, and learn about the exciting new features like EasyCert that were unveiled. From exploring the immaculate public transportation to savoring local culinary delights, they share personal anecdotes and insights. Whether you're a compliance professional or just curious, this episode offers a unique glimpse into the vibrant world of PCI compliance. All on this week's Compliance Unfiltered.

On this episode, The CU Crew delve into the innovative approach of environment splitting to streamline compliance processes. Discover how this strategy not only enhances efficiency but also ensures adherence to regulatory standards. Join us as we explore real-world applications and expert insights that reveal the transformative power of environment splitting in today's compliance landscape. All this and more on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU Guys dive into the intricate world of report writing for compliance assessors. Discover why this seemingly straightforward task is fraught with challenges, from the complexities of manual processes to the orchestration required for quality assurance. Learn how the TCT portal is revolutionizing the way assessors handle report writing, saving valuable time and enhancing efficiency. Whether you're a seasoned assessor or new to the field, this episode offers insights into overcoming the hurdles of report writing and maximizing your ROI. Tune in to explore how technology is making compliance management more manageable and effective, all on this week's Compliance Unfiltered!

On this week's insightful episode of Compliance Unfiltered, the CU guys delve into the 2025 PCI North American Community Meeting, happening from September 16th to 18th in Fort Worth, Texas. Adam shares why you should join TCT in attending, for the latest updates in compliance management, connect with industry experts, and explore innovative solutions that make compliance life easier. Whether you're a QSA, a compliance professional, or part of an organization serving compliant customers, this event offers something for everyone. Tune in to learn how to maximize your experience at this must-attend event on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU guys delve into the critical role of cybersecurity and compliance in the manufacturing sector. As technology advances, the industry faces increasing threats and regulatory challenges. Join us as we explore how manufacturers can safeguard their operations, protect sensitive data, and ensure compliance with ever-evolving standards. Discover expert insights and practical strategies to fortify your manufacturing processes against cyber threats. Learn why cybersecurity is not just an IT issue but a vital component of modern manufacturing success, on this week's Compliance Unfiltered.

*** There was some audio issues with the initial post of this interview, that have now have been corrected. (Thanks Paul!)On this episode of Compliance Unfiltered, the CU Guys are pleased to be joined by Tom Fox from the Compliance Podcast Network to delve into the intricate challenges of implementing compliance programs. They explore the common misconceptions at the executive level, the critical role of internal controls, and the necessity of integrating compliance into business operations. Tom shares his journey from law to becoming a compliance evangelist, emphasizing the importance of ethical business practices in combating global issues like bribery and corruption. All these insights and more on this week's Compliance Unfiltered!Connect with Tom and explore all the great shows on the Compliance Podcast Network, here: www.compliancepodcastnetwork.net

On this episode of Compliance Unfiltered, the CU guys delve into the critical need for AI policies within organizations. As AI technology rapidly evolves, many companies find themselves unprepared, risking exposure of sensitive data through platforms like ChatGPT. Adam emphasizes the urgency of implementing AI policies to protect against potential data breaches and compliance issues. Discover why having a robust AI policy is not just a best practice but a necessity in today's digital landscape. All this, and more, on this episode of Compliance Unfiltered.

On this episode of Compliance Unfiltered, it is that time again! You guessed it, time for all of the spicy security stories that were, and the critical security reminders for, the third quarter of 2025. Curious about learning some tips on how to impress your assessor? Wondering how you can maximize your knowledge of space, to minimize the struggles associated with your engagements? Then you're not going to want to miss this episode of Compliance Unfiltered!

On this episode of Compliance Unfiltered, Adam and Todd have a heart to heart on what makes a successful operation tick, from a cybersecurity and I.T. perspective. Curious about the specialized expertise required for success? Wondering where Trust but Verify fits in? Worried about your upcoming assessment? Well, you're in luck! Answers on all these topics and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys have a chat about the wonderful world of acquisitions, specifically in the hotel space. Adam gives a solid background on the Hotel acquisition arena and shares some key details with the listeners about where to get started from a compliance perspective. Wondering what tools folks are using in the space? Looking for ways to avoid the common pitfalls of the process? Just trying to get your footing on how to be best prepared? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, Todd and Adam walk through the challenges faced by organizations looking to take control of their compliance management. Adam shares a bit about his journey and provides some profound advice to listeners looking to take their compliance program to the next level. All these topics, and more, on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, the CU guys address the proverbial elephant in the room - Why service providers to compliant organizations need to take their security seriously. Wondering why there is variability for service providers in the security arena? Curious if "trust but verify" is really that important? Trying to understand how you can get the most assurance from your vendor relationships? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, the CU guys are serving up hot, fresh takes on compliance for the Hospitality space can be a five-star experience with the plan in place. Wondering why compliance can be so tricky in the hospitality space? Curious how adopting technology can ease your pain? Just hoping to discover a better way? Well, you're in luck! All this answers and more on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU Guys take on a topic suggested to us by one of our listeners! The Struggle is real when attempting to get service provider responsibility matrices, is a challenge many in the assessment world face. Have a listen and see if you relate! As a reminder, if YOU have a topic you think we should cover, please let us know. Send an email to complianceunfiltered@totalcompliancetracking.com and we will add your topic to the list for a future episode.

On this episode of Compliance Unfiltered, The CU Guys revisit the topic of Compliance Management in the Higher Education space. However, this time around the focus is on the granular nuts and bolts, as opposed to a broad overview. Curious about spreadsheet struggles in Higher Ed? Wondering about evidence collection and communication strategies? Hoping to simply find a better way? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered!

On this week's episode of Compliance Unfiltered the CU Guys chat at length regarding the challenges of managing compliance in the retail space. *Spoiler Alert* It sucks. Curious why it's so tough? Wondering how organizations can adapt and overcome? Hoping to find some strategy to help you combat your challenging compliance issues? Well, you're in luck - All these answer and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, Todd and Adam take an in depth look at the interesting arena of Penetration Testing. Curious about the difference between vulnerability scans and penetration testing? Wondering about the differences in approach to penetration testing? Fretting about how long it actually takes? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered!

On this Episode of Compliance Unfiltered, the CU Guys have a spirited chat about the perils of managing compliance in the Higher Education space. Wondering why Higher Ed is just a complex environment? Curious about ways overcome these challenges? Wondering how to manage your complex compliance landscape in a way that doesn't feel like herding cats? Well you're in luck, as all these answers, and more, can be found on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys take a tough look at the topic costly time wasting and inefficiencies in the IT arena. Having high priced resources, or "Gearheads" as Adam affectionately calls them, stuck in processes that cost organizations time and money, is a killer. Curious if security and compliance resources are considered high priced? Wondering where most of the time wasting resides? Trying to figure out how to cut those costs? You're in luck, all these answers and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys tackle the tough topic of managing compliance in industries like hospitality and retail. Curious about the impact turnover has on these businesses? Wondering why attrition in this space is so common? Just want to know how to overcome this challenge with the efficiency of a compliance management program? Then you're in luck! All these answers and more await, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, it is that time again! You guessed it, time for all of the spicy security stories that were, and the critical security reminders for the second quarter of 2025. Wondering about phishing, vishing, and smishing? Then you're not going to want to miss this episode of Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys give the audience a solid understanding of where a company's headspace might be, when first considering rolling out a full-fledged compliance program. Find answers to common questions, common fears, and a enjoy some Adam-Spun wisdom for the folks just getting started. All this and more this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered. Adam and Todd have what might be an uncomfortable conversation for some, regarding the perils of entrusting your organization's cybersecurity to your I.T. team or your external I.T. resources. Curious about the difference between an I.T. and cybersecurity professional? Wondering about companies that offer both, I.T. and cybersecurity services? Need a cost-effective strategy? Well you're in luck as all these answers, and more, can be found in this episode of Compliance Unfiltered.

On this episode of Compliance Unfiltered, Adam and Todd have a sound chat on the value of request lists when it comes to building in efficiencies to your compliance process. Everyone is looking to do what they do better, faster and cheaper. Curious how to reduce redundancies? Wondering what you can do to create more hours in your team's day? You're in luck, all these answers and more on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, Adam and Todd give the listeners the inside track on how to get their compliance ducks in a row, with help of a properly calibrated tool set. Many organizations struggle with managing the different compliance frameworks they are beholden to, effectively. Curious how you can gain hours back in your day? Looking for extra cost savings in your current process, tired of having to constantly nag people for required deliverables? Then you're in luck as you'll find all the answers to these questions, and more, on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, Adam and Todd put on their sleuth hats to help the listeners uncover the vulnerabilities hiding in their patch management process. Would you consider yourself someone who thinks turning on automatic patching solves everything? Are you the type that's pretty sure your IT department, "has this covered?" Does your organization, "not really have anything worth protecting? " Then this is the episode for you. Listen as Todd and Adam highlight the perils of dodgy patch management, and how you can best protect your organization. All on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, Adam and Todd do a quick fire roundtable on the how best to help those extra special organizations that are extremely protective of their data. Why are these clients being so careful with their data? How has the significant increase in companies being breached impacted this philosophy? Curious about some horror stories on this topic? Well you're in luck, as the CU Guys have all these answers and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU Guys are proud to be joined by, friend of the show, Pedro Fortuna of Jscrambler. Pedro Fortuna serves as Jscrambler's Co-Founder & Chief Technology Officer responsible for technology innovation, product strategy, and R&D. Pedro sits on the PCI SSC Board of Directors and is a qualified Internal Security Assessor (ISA). Pedro brings over 20 years of experience in software engineering and security, leading innovative products from concept to market. In addition to his role at Jscrambler, Pedro sits on the PCI SSC Board of Directors and is a qualified ISA himself. Check out Jscrambler Here!

On this episode of Compliance Unfiltered, Adam and Todd chat about the importance of including cybersecurity specific line items in your annual Information Technology budget. Curious how your organization should identify the drivers for your security and compliance? Wondering how you would go about figuring out how much it would cost to be properly covered? Thinking about how you're going to pitch this to your boss? Well, you're in luck, as this week's episode of Compliance Unfiltered has all these answers and more!

On this episode of Compliance Unfiltered, Adam and Todd have a very candid chat about the perils of believing that your organization is impervious to a cyber-attack. How does an organization learn that they've been attacked? What are the first things to do when a Data Breach does happen to your organization? Curious about the real world fallout from a Data Breach? Wonder what the true cost of a cyber-attack to your organization might be? Well, you're in luck as you'll find all those answers and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, Adam gives the listeners the bottom line when it comes to the use of A.I. in the compliance management landscape. Curious where to get started and what questions to ask as you're considering the wonders of A.I.? Wondering about the difference between Artificial Intelligence and Automated Intelligence? Just plain worried about how A.I. is going to impact you and your team? You're in luck - All these answers and more on this week's Compliance Unfiltered!