Compliance Unfiltered With Adam Goslin

In this episode the CU Guys explore how automation can streamline compliance processes, cutting costs and time. Discover strategies to reduce manual efforts by up to 50% using a dynamic ROI calculator. Perfect for compliance officers and IT leaders in organizations, this episode reveals how to transform compliance from a drain into a growth advantage. Tune in to learn actionable insights and empower your team with technology-driven solutions.

On this episode of Compliance Unfiltered, join the CU Guys as they give you the blueprint for Q2 2026, on how to transform compliance chaos into a manageable, continuous process. This episode reveals how shifting from a reactive, annual sprint to ongoing, automated oversight can reduce stress, enhance productivity, and fortify your security posture. Learn practical steps to automate routine tasks, manage evidence proactively, and turn compliance into a strategic business asset. Ideal for security teams and leaders eager to embed security into their company's DNA and eliminate last-minute audit stress.Episode Transcript:Adam, the security reminder as we look at it for this quarter reduce compliance management to bite sized chunks help the folks chop it up.So, you know, this is a topic, it doesn't matter whether you've been doing, you know, doing compliance for a decade already, you're brand new to the game. You know, it really doesn't matter. You know, there's a lot of organizations that will kind of approach their compliance event as this like once a year extravaganza. And so it's almost like, oh, it's, you know, I feel like I'm back in the day aging myself of course with, you know, duck season, rabbit season. You know, it's compliance season, right? You know, everybody goes from their normal day jobs into kind of compliance mode. We put our heads over into the compliance stuff frantically for some period of time, the typically last months for some of the folks on the team. And then everybody just goes back to their normal day job, you know, type of a deal until they, you know, until the bell goes off to go do it all over again.You know, it's like a real bad episode of Groundhog Day. But, you know, the purpose of, here's what's lost in a lot of organizations is that, okay, are there some companies that they go in, they're there to check the box and get their piece of paper and, you know, be able to prove to third parties that they've done these things. Sure, there's some that carry that notion. I would strongly recommend, look at your program differently if that's the way that, you know, that it's being, you know, kind of being operated. You know, really you need to look at security and compliance as this is an active measure to help to protect the company, protect the organization, protect the stakeholders, protect the clients, protect all of the people, whether it's, you know, personnel or vendors, you know, that depend on, you know, this company. You know, make it part of your DNA, you know, for the organization. You know, it's not compliance season for three months of the year. It's compliance season every fricking minute every day. And so, you know, kind of on a normal compliance engagement, there are things that are supposed to be happening, you know, that are done every day, every week, month, quarter, twice a year, and once a year. You know, but a lot of organizations will kind of pop up at that once a year moment and then try to gather everything for the year. You know, and, you know, realistically, those periodic tasks, those are the ones that, you know, really are assisting with the active protection of the company, you know. So, you know, if you're only going in and, you know, dusting these things off once a year, you're not running a security and compliance program. You're just surviving an audit, so. Sure, that makes sense. Yeah, I mean, so as you go from, you know, compliance season over to, you know, something different, which is, you know, kind of more a regular recurring rigor, you know, et cetera, at TCT and literally, when we created the portal back in 2015, I believe it was 2016 is when we jammed in operational mode. And, you know, this will spread out those tasks. And, you know, I've had a lot of folks go, well, geez, you know, why a decade ago did you, you know, did you go and turn on operational mode? Well, why?

On this episode, buckle up, as the CU Guys walk you thorugh how to revolutionize compliance management with AI-driven engagement scoping that transforms hours into minutes, saving up to a man-month per team. Automate tedious tasks, standardize decision-making, and streamline operations for efficiency. Discover TCT's latest AI features that enhance strategic insights, risk mitigation, and client satisfaction. Learn from Adam Goslin about crafting tailored project templates and boosting accuracy and consistency, leading to increased profitability, reduced stress, and happier teams.Episode Transcript:Today, we're going to chat a little bit about AI and some other cool stuff that's happening with TCT.Now, you have a great time playing around with the buzzword AI. Tell us why you find joy in that.Okay, when AI kind of hit the scene, at this point in the game, I'm going to call it maybe about 18 to 24 months ago, when it first came on the scene, there was, you know, if you use the words AI, then, oh man, it must be amazing, it must be cool, we must do it at all costs. You know, it was just, I love referring to it as the zombie walk toward AI. And, you know, and the funniest part is, is that as I'm seeing these things coming out, oh, you too can use AI to do the, and I'm sitting there going, it's not really using much in the way of actual intelligence, artificial intelligence, it's just they stuck some automation into their system and, you know, called it AI. And I'm like, well, shit, if that was the, if that's the definition that we're all going on with AI, well, hell, I had AI in the TCT portal back in 2015. So I just, I have a, I have some fun, you know, kind of poking at, you know, the folks out there that are, you know, just blasting AI all over the place.I love to make the distinction, we actually had some fun with it, I think, starting with the last PCI conference that we were at last year. You know, where we, you know, threw up a thing about AI and automated intelligence, because, you know, honestly, there's a, yes, there's a blend between the two, you know, you're using, using artificial intelligence really to, you know, to act kind of act independently, or did you just build some automation and call it AI? So now I love, I love screwing around with it a little bit. And, you know, really, part of the fun for me is really giving the folks that are just absolutely abusing the buzzword, you know, giving them a little bit of hell.Nothing wrong with that. Now we have some new functionality coming out to the TCT compliance world. T this one up for us, Adam.Yeah, we've got, you know, we decided to, we've been kind of contemplating this one for a bit and that is, you know, putting some kind of AI style capabilities into the portal where we've got, you know, right now it has to do all to do with engagement scoping. So we're trying to basically mitigate the amount of time that folks have to spend on this. And it's been, you know, kind of a target goal objective of ours for some time. So this functionality actually be coming out, you know, be coming out this coming weekend on the, what is it, the 3rd of April.So no, 4th, my bad, 4th of Saturday, apparently my math's not math thing here. So I got, you know, but we wanted to be able to take engagement scoping and, you know, where, you know, folks would have to spend hours of, you know, going through engagements and getting them, you know, kind of lined up, etc. We've got, you know, we've got this kind of integrated, you know, AI style scoping tool that's intended to remove a lot of the busy work that folks have to do in the beginning of the engagements.

On this episode, unlock the secrets to making SOC 2 compliance a strategic advantage with host Todd Coshow and expert Adam Goslin. Learn how to streamline your process, leverage existing frameworks, and implement continuous compliance strategies. This episode is perfect for security leaders and tech founders looking to simplify SOC 2 and enhance client trust. Tune in to transform compliance from a burden into a superpower.Episode Transcript:We're gonna be talking about the journey Adam. That's right This sock to journey and most importantly how to simplify your sock to journey So as we jump in maybe you can let the folks know The sock to feel so gosh darn hardWell, the major difference is just, you know, structurally in general, you know, compliance is an arena that can get messy. It's got a lot of manual engagement in it. It's overwhelming at times.You know, the talk too adds complexity because it's not a checklist style of, you know, of a compliance standard. There's not some checklist that we go down, you know, check these boxes and hopefully, you know, hopefully get there. You know, at the end of the day, you know, folks are looking to make the process a little bit easier and, you know, we're here to help.Sure, I appreciate that. Now for the novices out there, myself included, what is SOC 2, actually?It's kind of a directional framework where there are criteria that, you know, criteria that need to be met. And so, you know, the kind of the job, if you will, the assessor's job is to kind of look at that directional framework, you know, of these criteria or objectives that need to be met.And then they need to evaluate the kind of controls that the organization has put in place and the testing steps for those controls to validate, you know, has the organization fundamentally met the, you know, met the objective of the criteria of that particular section, you know, that, you know, the focus that is that aspect of the control set. So it's more of a directional framework and not nearly as prescriptive.That's interesting. Speaking of prescriptive search, for the listeners of this show, they're more familiar with, say, PCI.As you're looking at SOC 2 versus PCI, there's got to be a mindset shift, right? What's the difference, really?Well, in the PCI world, and I mean, honestly, for a long time, the very first standard that I had to go up against was PCI. And in many ways, it's easier. If I want to go handle access control, then I do these 35 things, and if I can be compliant. So PCI is far more prescriptive, and it's been that way for a long time.Where other standards, you know, like we're talking about SOC 2 today, but HIPAA falls into a similar boat, you know, where it's more meet this objective. How do you go about meeting that objective? Well, you got to prove out that, you know, the things that you're doing for your organization are, you know, are in alignment with the criteria. So it's a different style of an approach to how to go about meeting the requirements of the standard.Well, why does SOC 2 get so complicated?Well, I mean, because it, when they've got, you know, where you need you to meet this criteria, right? Well, I mean, that'd be like me, you know, whatever. You're, you're, you're, you're in California. I'm in Michigan, right?Um, you know, I want you to, you know, I want you to, I want you to lay out the route that one would take to get from California to Michigan. Well, I mean, shit, I mean, I go, I go up the west coast, cut across by Canada. Uh, you know, like I go through Canada, I could, you know, cut the, the closest diagonal, I could decide to go on a coast East coast road trip, all of them are going to get me there, right? Um, you know, there's, there's, there's a million ways that you can, that you can go about doing these and, uh, you know, what, what I've seen on the, on the SOC 2 engagements

Struggling with compliance chaos? Discover how to transform it into clarity and confidence with Adam Goslin's expert insights. This episode of Compliance Unfiltered unveils a practical framework to streamline your compliance efforts, making them efficient and scalable. Learn how to avoid common pitfalls like over-relying on IT and siloed processes that hinder growth. Adam shares real-world strategies, including leveraging third-party consultants and creating centralized repositories, to protect against personnel turnover and enhance transparency. Whether you're starting out or refining your program, this episode offers actionable guidance to build a resilient compliance operation that supports growth and reduces risk. Perfect for compliance officers, IT leaders, and CEOs ready to stop firefighting and start leading with confidence. Tune in to learn how to turn compliance from a daunting task into a strategic advantage.

On this episode, the CU Guys uncover the latest cyber threats, from AI-driven breaches to cloud misconfigurations, that put your data at risk. Learn about real-world examples of high-profile breaches and simple social engineering tricks that can compromise your security. Discover the role of AI and quantum computing in cyberattacks and get practical steps to enhance your defenses. Perfect for cybersecurity professionals and anyone serious about data protection, this episode offers essential insights to stay ahead of cybercriminals. Don't wait for a breach, arm yourself with knowledge and strategies today.

In this episode, the CU Guys discuss the hidden dangers of AI adoption without proper security measures. Discover shocking examples of AI breaches, from rogue agents deleting databases to deepfake scams. Learn how to protect your organization with strategies for transparency, compliance, and robust security policies. Essential listening for anyone responsible for AI security and compliance. Equip yourself with the knowledge to safeguard your data and reputation. Listen now to stay ahead of the AI security curve.

On this episode of Compliance Unfiltered, Todd Coshow and cybersecurity expert Adam Goslin delve into the hidden dangers of AI's rapid adoption. They uncover why organizations are neglecting essential safeguards, leaving sensitive data vulnerable, and how AI is being exploited as a malware command center. With insights into recent security failures and emerging standards from ISO, NIST, and IEEE, this episode is a must-listen for security professionals and business leaders. Learn how to implement responsible AI strategies and avoid becoming a cautionary tale. Hit play to understand what's truly at stake with AI.

On this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.

In this crucial episode, of Compliance Unfiltered, the CU Guys cover some of the alarming tactics of online predators targeting children on platforms like Roblox and Discord. Discover how these predators build trust, impersonate kids, and manipulate them into dangerous situations. Learn about the hidden dangers in popular gaming spaces, the impact of recent exposés, and practical steps for parents to protect their children. This episode is essential listening for anyone concerned about children's safety in the digital world. Arm yourself with the truth and join the fight to protect the next generation.

Struggling with compliance chaos? Join the CU Guys as they uncover how adaptive solutions can transform your compliance process. In this episode, Adam shares insights from his decade of experience, revealing how to streamline compliance with dynamic mapping and adaptable tools like the TCT Portal. Learn to cut time, reduce risks, and save money by customizing workflows and eliminating redundant efforts. Perfect for compliance teams and leaders eager to see real cost savings and efficiency. Tune in to revolutionize your compliance strategy today!Episode Transcript:We're gonna chat today, Adam, about, well, about using our imagination. As a matter of fact, let's imagine using an adaptive compliance tool. Tell the folks about it. Sure. This is a topic that's, it's just, it's applicable for folks that are struggling with compliance, ones that are already familiar with the landscape, et cetera. It's a inventive and special kind of torture that people go through when you're trying to fit your compliance program into some type of a rigid structure or setup. At some point in the game, the light bulbs start going on, or maybe not, that you're spending more time screwing around with manual workarounds, bridging gaps between what you'd like to do and what you're actually doing, et cetera.And there's a lot of tooling out there and there's compliance platforms. They were built in a kind of a best case scenario mindset, initially up against a single standard, and then they started shoehorning in other ones, type of a deal. Somebody that was originally when they started doing things, this is the way they did it. So they built a whole platform around that, and now everybody that uses it is kind of stuck with it, type of a deal. So for folks that are juggling different certs or have some complexity to their engagement, they've got different divisions across the globe, et cetera, then that's where you start moving away from that kind of best case scenario type of a deal. And so it's part of the fun, the adventure that we've been on is we've seen how frustrating it can be to manage a compliance, a compliance engagement that has complexity because we've been through it ourselves.We've experienced as a organization that's gone through compliance. We've assisted and helped innumerable organizations with managing their compliance. We've worked alongside assessors and auditors. I personally spent close to two years doing level one QA work for a large international QSA firm. So it's been a rewarding adventure to navigate the waters of seeing what was out there and then being able to serve folks that are in this space. And it's also important for folks. One of the biggest things that I like to tell people is a lot of people will kind of get into this mode. They do whatever they do to be able to manage their compliance. And they get it to a point where it's almost like, I'm capable of getting this done. And so they go, oh, that's cool. We're just going to go and stick with that. So they get into this point of where it works, AKA they accomplished the objective.But my big recommendation is for those folks, especially if I look at it from the perspective of those in leadership as an example, I love to use this talking point a fair amount because I remember as a frontline person responsible for compliance for the organization, my boss would just swoop by my desk type of a deal. And hey, it's compliance season again. Good luck. Make sure that we have all our crap done by blah, blah, blah, blah, blah. And then he would flip off type of a deal. And between the good luck and where's my fucking report, There was a whole bunch of blood, sweat, tears, pain, stress, you know, but a lot of that happened.

On this episode of Compliance Unfiltered, The CU Guys dive into the often-overlooked world of service accounts. They explore the critical role these accounts play in organizational environments, ensuring seamless communication and authentication across systems. Adam shares best practices for setting up service accounts, including the importance of descriptive naming and secure password management. The episode also features cautionary tales from the trenches, highlighting common pitfalls and the importance of proper documentation and controlled testing. Tune in to learn how to enhance your organization's compliance and security posture by giving service accounts the attention they deserve.Episode Transcript:Well, today, Adam, we're going to talk about something a little different, specifically something we haven't chatted much about before. And that is service accounts. Why don't you give the listeners a high level overview of service accounts and what they're typically used for?Sure. So in an organizational environment, the systems will use accounts for communication, for authentication to the network, for interaction between web servers and database servers or file servers and basically look at it as the accounts that the infrastructure or software within the environment is leveraging to be able to effectively communicate with other systems and other infrastructure and all that fun stuff. So service accounts is kind of a, it's similar to your login when you come in in the morning and you log into the network, you put in your username and password and everything and then you can get to your email and get onto the network, et cetera.Similar type of notion, but it's an account that's just used by the systems within the environment. So it basically, those accounts kind of keep things ticking, communicating, moving, all of that fun stuff within an organization's environment.Sure. Now, what are some of the things that listeners should take into account when setting these accounts up?Well, you know, and this comes from, you know, from a year or three of, you know, kind of dealing with, you know, dealing with different organizations and, you know, and whatnot. Best practices as well, but, you know, just things have tripped across, etc.But, you know, as an example, you know, typically with a user's account, you would, you know, the different organizations have different methodologies, right? First name, dot last name, or first initial and last name, you know, type of a thing. And similarly, get into the habit of using descriptive names for your service accounts. So you actually know what these accounts are doing. With most accounts, there's an additional field that will be providing, like, a description of what this account's being used for. So you don't need to get too wordy with the naming of the account, but you put detailed descriptions in, you know, against those accounts so that it's really clear, you know. You got to remember, you know, a lot of times these accounts, a lot of times these accounts are set up and then people aren't, you know, aren't doing anything with them for extended periods of time. It may be years down the road and somebody's come back in and going, well, what the heck is, you know, XGK42C user account doing? No clue. So it helps if you name them appropriately, et cetera, because what I've seen in some environments, like, well, what's this being used for? Oh, let's shut it off. Yeah. So sometimes it doesn't end up well. You know, for those accounts, setting up long, complicated passwords, these are machine-based accounts. They don't give a hoot about entering in a 50-character password, you know, scrambled, you know, scrambled barf.

On this milestone 200th episode of "Compliance Unfiltered," The CU Guys delve into the evolving landscape of cybersecurity, focusing on how AI is being leveraged by both defenders and attackers. They explore the dual nature of AI, highlighting its potential to enhance security measures while also lowering the barriers for cybercriminals. From AI-generated malware to sophisticated social engineering tactics, this episode provides a comprehensive look at the current arms race in cybersecurity. Join Todd and Adam as they discuss the implications of these advancements and the importance of staying vigilant in an ever-changing digital world.Episode Transcript:Honestly, we have to go do some digging and some research, but I'm not sure how many compliance-related pods have 200 episodes. So I think it's fair to say we're in a relatively elite group, if you will, but no, it's been fun doing what we do. It's fun to be able to bring data, information, topics, and discussions to folks in the compliance space. Hopefully, they've enjoyed the ride as much as we have, but hey, we'll keep cracking. You and I were talking a little bit ago, we'll do something a little more spectacular for episodes like 250 or something, as we get to that point. It's been fun, been a good ride, but I'd also echo the notion, for the folks that are listening, do us a favor, honestly, what do you want to hear about? Did you hear about something cool, some new topic in the security or compliance space that you want to know more about, something that, in your retrospective, you think that we haven't quite covered in its entirety, something else that we could hit? Follow me, give us the ideas. We love receiving the feedback and the input, always looking for neat new stuff to chat about, so pretty cool. Absolutely. Well, today we're going to chat about, you know, a hot topic, I would say, and that's specifically how hackers are using AI in 2026.So there is a lot of talk of AI being used for good, but at a high level, how is AI helping the bad actors out of it? Well, I mean, with any technology, as it goes from its infancy and starts to blossom, if you will, it has the capability for being used to help those which are protecting organizations or that are outsourcing security-related functions to companies, things along those lines. And so, for the good guys, there are certainly added benefits to the notion of AI, but most certainly, there's no question that the bad actors out there, they similarly, it's almost like getting into an arms race, where they're able to use that same technology for evil.And taking advantage of capabilities for increased speed, automation, more advanced attacks, things along those lines. So, we'll get into a number of those topics today, but now it's being used on both sides of the fence, and it very much feels like an arms race unfolding, as we speak, if you will. No, no, most definitely. Now, for many cybersecurity professionals, the best offense is a great defense. But how is AI lowering barriers to entry for the bad guys? Well, you know, for the bad guys, you know, they're developing, you know, they're developing tools. It used to be that, you know, you have that or whatever. Let's say we go back 10 years, right? You know, you had to have a certain level of capability, level of skill, things along those lines that, you know, that would be, you know, that would be happening.

On this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity.Episode Transcript:So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction.But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera.But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization.So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera. And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.

Join the CU Guys on this special New Year edition of Compliance Unfiltered. As they reflect on the past year and look forward to 2026, the guys discuss the evolution of compliance standards, the role of artificial intelligence in streamlining client engagements, and the importance of client feedback in shaping the future of TCT. Tune in for insights on how TCT plans to enhance its platform to better serve the diverse needs of its clients in the compliance space.

On this festive edition of Compliance Unfiltered the CU Guys delve into the challenges and joys of the compliance season. With a focus on gratitude and reflection, they discuss the importance of operational mode in easing compliance burdens and share insights on how TCT is making compliance management more manageable. Tune in for a heartfelt conversation filled with appreciation for clients and colleagues, and a sneak peek into TCT's future innovations. Don't miss this engaging episode that promises to make your compliance journey a little brighter. #ComplianceUnfiltered #TCT #ComplianceManagement

On this episode of "Compliance Unfiltered," The CU Guys dive into the intricacies of compliance management programs. They explore various implementation approaches, from manual spreadsheets to sophisticated systems, and discuss the importance of organizations owning their data. Adam shares insights on the potential pitfalls of relying solely on assessor systems and emphasizes the efficiencies gained by leveraging internal systems. Check out this episode to discover how to streamline your compliance processes and make your organization's compliance journey more efficient and effective.

The CU Guys dive into the heightened risks hotels face during the holiday season. They discuss the importance of maintaining cybersecurity vigilance amidst increased traffic and seasonal hiring. The conversation covers best practices for background checks, training, and physical security, emphasizing the need for diligence to prevent data breaches. Tune in to learn how to protect your organization during the busiest time of the year.

The CU Guys dive into the critical topic of central logging sanity checks. They explore the common pitfalls organizations face when they set up central logging systems and then leave them on autopilot. Adam emphasizes the importance of regular sanity checks to ensure that logging systems are functioning as expected and highlights the risks of assuming everything is working perfectly. The discussion also covers the need for compliance professionals to validate assumptions, spot-check logs, and ensure that alerts are being properly handled. Tune in to learn how to maintain a robust compliance program that truly supports organizational security.Episode Transcript:Today, we're going to talk about, you know, another central theme here, not just a central member to a band, but central logging, specifically central logging sanity checks. So a lot of companies that have mature compliance programs set up their central logging and then kind of put it on autopilot. What are the downsides there, Adam? Well, I mean, I've been for a long time, a huge fan of trust, but verify. And, you know, when the, when the companies go in and, and kind of set up their, their central logging, you know, they, they really do just kind of, okay, we're done, you know, we're done, we've, we've established all the things, you know, we've done all the checks and we've set up the system and we have all the right processes and, you know, we, the, the reviews are happening and alerts are flying and, you know, so then they just, you know, move into this mode where they just literally let her roll and, you know, and then don't tend to go back to it, you know, for, you know, for a recheck or a sanity check or, or whatnot. They just go into the guiding assumption that everything's good because it's up and it's, nothing's gone boom and, you know, blah, blah, blah.So, you know, the, the, the most important part for, for these organizations is that they, they go back in and, you know, double check, you know, is, is what I think happening, is it actually happening? You know, but, you know, they got, they got to go back in and, and just do a sanity check on, you know, on things. So, you know, that's kind of the, the, the driving force here with the, with this particular topic. Sure. Now with that in mind, what are some of the concerns that compliance professionals should be focusing on?Well, I mean, first and foremost, you know, is everything that I think is logging actually logging, you know, is it are things that I set up to, to, you know, to log, are they still logging? Did something go off the rails? Um, it's really, really easy, uh, depending on the system and the, and the structure that's set up, what checks and things that they put in place, it's really easy to, I don't know, I'm just gonna make a number up. So let's just pretend, you know, out of the gate, there were a hundred different things that were, you know, that were sending stuff to central logging. Well, you know, fast forward a couple of months or in a lot of cases, a couple of years, um, you know, the, uh, are the things that we, uh, are those hundred things still, still doing what they're doing?I mean, you know, there's, there's all sorts of possibilities for something going wrong. You know, you've got, you know, updates or patches that, you know, may go ahead and interfere with the, with the capability for those devices to push their logs. I mean, it could be something as simple as, you know, somebody was messing with a firewall rule to try to do some troubleshooting and, you know, lock down some ports so they could get some things isolated, et cetera. And then forgot to put every, put Humpty Dumpty back together, you know, back together again and blah. And in the process, you know, block the, you know, the outbound logging, you know, capability from, you know, fill in the blank device, that type of thing.

In this heartfelt episode of "Compliance Unfiltered," as the TCT Guys reflect on their journey with TCT, sharing personal stories of growth, challenges, and gratitude. Adam and Todd delve into the evolution of TCT, the invaluable input from clients, and the strong relationships built over the years. Join them as they discuss the importance of client feedback in shaping the organization's offerings and celebrate the dedicated team that makes it all possible. Tune in for an inspiring conversation about making compliance management a little less daunting and a lot more rewarding.

In this episode of "Compliance Unfiltered," the CU Guys dive into the complexities of managing multiple compliance certifications and custom request lists. They explore the challenges faced by organizations of all sizes, from small businesses to international giants, in navigating the ever-evolving compliance landscape. With insights into the common pitfalls and practical advice on streamlining processes, this episode is a must-listen for anyone involved in compliance management. Tune in to discover how to make your compliance journey less painful and more efficient.

In this episode of Compliance Unfiltered, The CU Guys dive into the challenges and strategies for retailers as they gear up for the holiday season. With cyber threats on the rise, particularly AI-driven attacks, the duo discusses the importance of proactive measures, employee training, and maintaining PCI compliance. They also explore the impact of seasonal hiring and the need for vigilance in protecting sensitive data. Tune in to learn how retailers can navigate the bustling holiday period while safeguarding their operations.

On this week's  episode of Compliance Unfiltered, The CU guys get candid and take a dive into the world of vendor relationships and the challenges faced in the marketplace. Adam shares his personal journey from working with "boneheads" to founding his own company, emphasizing the importance of genuine customer service and the pitfalls of AI hype. With a mix of humor and insight, they explore the disconnect between vendors and clients, offering a refreshing perspective on how businesses can truly serve their customers. Tune in for an unfiltered discussion that promises to be both enlightening and entertaining!

On this Episode of Compliance Unfiltered, the CU Guys delve into the complexities of HIPAA compliance for hospital systems. Adam discusses the dual nature of hospital compliance, highlighting both the advantages of early adoption and the challenges posed by the complexity of hospital systems. The conversation covers the intricacies of managing multiple compliance standards, the inefficiencies and costs associated with manual compliance processes, and the importance of maintaining control over compliance data. Adam emphasizes the need for hospital systems to regularly update their compliance controls to align with current technologies and reduce risks. All this, and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU Guys dive into their recent experiences at the PCI European Community Meeting in Amsterdam. From the city's impressive public transportation to the vibrant conference atmosphere, they share insights and anecdotes that highlight the unique charm of Amsterdam. Discover the excitement around TCT's latest technology, EasyCert, and how it resonated with attendees. Whether it's the eclectic mix of conversations or the delightful culinary adventures, this episode captures the essence of a memorable trip. Tune in for a blend of professional insights and personal stories that make for an engaging listen.

On this episode of Compliance Unfiltered, the CU Guys dive into the critical role of inventory management within large-scale engagements. They explore why inventory is central to security and compliance programs, share insights on integrating inventory into daily operations, and discuss common pitfalls organizations face. With Adam's practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their compliance strategies. Special thanks to listener Heidi for suggesting this topic! Tune in and discover how to make inventory a core element of your compliance DNA, on this week;'s Compliance Unfiltered!

On this week's episode of Compliance Unfiltered, The CU Guys discuss the launch of EZ Cert, a new feature in the TCT Portal, designed to simplify compliance tasks for end users. Adam explains how EZ Cert streamlines the interface, making it more accessible and efficient for users who only occasionally interact with the system. The conversation highlights the business value of EZ Cert, emphasizing its ability to reduce bottlenecks and improve the efficiency of compliance engagements. The episode also touches on the benefits of EZ Cert for assessors. All this and more on this week's Compliance Unfiltered.

On this week's episode of Compliance Unfiltered, the CU Guys dive into their enriching experience at the PCI North American Community Meeting in Fort Worth, Texas. Discover how the conference exceeded expectations with improved organization and engaging interactions, and learn about the exciting new features like EasyCert that were unveiled. From exploring the immaculate public transportation to savoring local culinary delights, they share personal anecdotes and insights. Whether you're a compliance professional or just curious, this episode offers a unique glimpse into the vibrant world of PCI compliance. All on this week's Compliance Unfiltered.

On this episode, The CU Crew delve into the innovative approach of environment splitting to streamline compliance processes. Discover how this strategy not only enhances efficiency but also ensures adherence to regulatory standards. Join us as we explore real-world applications and expert insights that reveal the transformative power of environment splitting in today's compliance landscape. All this and more on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU Guys dive into the intricate world of report writing for compliance assessors. Discover why this seemingly straightforward task is fraught with challenges, from the complexities of manual processes to the orchestration required for quality assurance. Learn how the TCT portal is revolutionizing the way assessors handle report writing, saving valuable time and enhancing efficiency. Whether you're a seasoned assessor or new to the field, this episode offers insights into overcoming the hurdles of report writing and maximizing your ROI. Tune in to explore how technology is making compliance management more manageable and effective, all on this week's Compliance Unfiltered!

On this week's insightful episode of Compliance Unfiltered, the CU guys delve into the 2025 PCI North American Community Meeting, happening from September 16th to 18th in Fort Worth, Texas. Adam shares why you should join TCT in attending, for the latest updates in compliance management, connect with industry experts, and explore innovative solutions that make compliance life easier. Whether you're a QSA, a compliance professional, or part of an organization serving compliant customers, this event offers something for everyone. Tune in to learn how to maximize your experience at this must-attend event on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU guys delve into the critical role of cybersecurity and compliance in the manufacturing sector. As technology advances, the industry faces increasing threats and regulatory challenges. Join us as we explore how manufacturers can safeguard their operations, protect sensitive data, and ensure compliance with ever-evolving standards. Discover expert insights and practical strategies to fortify your manufacturing processes against cyber threats. Learn why cybersecurity is not just an IT issue but a vital component of modern manufacturing success, on this week's Compliance Unfiltered.

*** There was some audio issues with the initial post of this interview, that have now have been corrected. (Thanks Paul!)On this episode of Compliance Unfiltered, the CU Guys are pleased to be joined by Tom Fox from the Compliance Podcast Network to delve into the intricate challenges of implementing compliance programs. They explore the common misconceptions at the executive level, the critical role of internal controls, and the necessity of integrating compliance into business operations. Tom shares his journey from law to becoming a compliance evangelist, emphasizing the importance of ethical business practices in combating global issues like bribery and corruption. All these insights and more on this week's Compliance Unfiltered!Connect with Tom and explore all the great shows on the Compliance Podcast Network, here: www.compliancepodcastnetwork.net

On this episode of Compliance Unfiltered, the CU guys delve into the critical need for AI policies within organizations. As AI technology rapidly evolves, many companies find themselves unprepared, risking exposure of sensitive data through platforms like ChatGPT. Adam emphasizes the urgency of implementing AI policies to protect against potential data breaches and compliance issues. Discover why having a robust AI policy is not just a best practice but a necessity in today's digital landscape. All this, and more, on this episode of Compliance Unfiltered.

On this episode of Compliance Unfiltered, it is that time again! You guessed it, time for all of the spicy security stories that were, and the critical security reminders for, the third quarter of 2025. Curious about learning some tips on how to impress your assessor? Wondering how you can maximize your knowledge of space, to minimize the struggles associated with your engagements? Then you're not going to want to miss this episode of Compliance Unfiltered!

On this episode of Compliance Unfiltered, Adam and Todd have a heart to heart on what makes a successful operation tick, from a cybersecurity and I.T. perspective. Curious about the specialized expertise required for success? Wondering where Trust but Verify fits in? Worried about your upcoming assessment? Well, you're in luck! Answers on all these topics and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys have a chat about the wonderful world of acquisitions, specifically in the hotel space. Adam gives a solid background on the Hotel acquisition arena and shares some key details with the listeners about where to get started from a compliance perspective. Wondering what tools folks are using in the space? Looking for ways to avoid the common pitfalls of the process? Just trying to get your footing on how to be best prepared? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, Todd and Adam walk through the challenges faced by organizations looking to take control of their compliance management. Adam shares a bit about his journey and provides some profound advice to listeners looking to take their compliance program to the next level. All these topics, and more, on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, the CU guys address the proverbial elephant in the room - Why service providers to compliant organizations need to take their security seriously. Wondering why there is variability for service providers in the security arena? Curious if "trust but verify" is really that important? Trying to understand how you can get the most assurance from your vendor relationships? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered.

On this episode of Compliance Unfiltered, the CU guys are serving up hot, fresh takes on compliance for the Hospitality space can be a five-star experience with the plan in place. Wondering why compliance can be so tricky in the hospitality space? Curious how adopting technology can ease your pain? Just hoping to discover a better way? Well, you're in luck! All this answers and more on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU Guys take on a topic suggested to us by one of our listeners! The Struggle is real when attempting to get service provider responsibility matrices, is a challenge many in the assessment world face. Have a listen and see if you relate! As a reminder, if YOU have a topic you think we should cover, please let us know. Send an email to complianceunfiltered@totalcompliancetracking.com and we will add your topic to the list for a future episode.

On this episode of Compliance Unfiltered, The CU Guys revisit the topic of Compliance Management in the Higher Education space. However, this time around the focus is on the granular nuts and bolts, as opposed to a broad overview. Curious about spreadsheet struggles in Higher Ed? Wondering about evidence collection and communication strategies? Hoping to simply find a better way? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered!

On this week's episode of Compliance Unfiltered the CU Guys chat at length regarding the challenges of managing compliance in the retail space. *Spoiler Alert* It sucks. Curious why it's so tough? Wondering how organizations can adapt and overcome? Hoping to find some strategy to help you combat your challenging compliance issues? Well, you're in luck - All these answer and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, Todd and Adam take an in depth look at the interesting arena of Penetration Testing. Curious about the difference between vulnerability scans and penetration testing? Wondering about the differences in approach to penetration testing? Fretting about how long it actually takes? Well, you're in luck! All these answers and more on this week's Compliance Unfiltered!

On this Episode of Compliance Unfiltered, the CU Guys have a spirited chat about the perils of managing compliance in the Higher Education space. Wondering why Higher Ed is just a complex environment? Curious about ways overcome these challenges? Wondering how to manage your complex compliance landscape in a way that doesn't feel like herding cats? Well you're in luck, as all these answers, and more, can be found on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys take a tough look at the topic costly time wasting and inefficiencies in the IT arena. Having high priced resources, or "Gearheads" as Adam affectionately calls them, stuck in processes that cost organizations time and money, is a killer. Curious if security and compliance resources are considered high priced? Wondering where most of the time wasting resides? Trying to figure out how to cut those costs? You're in luck, all these answers and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys tackle the tough topic of managing compliance in industries like hospitality and retail. Curious about the impact turnover has on these businesses? Wondering why attrition in this space is so common? Just want to know how to overcome this challenge with the efficiency of a compliance management program? Then you're in luck! All these answers and more await, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, it is that time again! You guessed it, time for all of the spicy security stories that were, and the critical security reminders for the second quarter of 2025. Wondering about phishing, vishing, and smishing? Then you're not going to want to miss this episode of Compliance Unfiltered!

On this episode of Compliance Unfiltered, the CU guys give the audience a solid understanding of where a company's headspace might be, when first considering rolling out a full-fledged compliance program. Find answers to common questions, common fears, and a enjoy some Adam-Spun wisdom for the folks just getting started. All this and more this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered. Adam and Todd have what might be an uncomfortable conversation for some, regarding the perils of entrusting your organization's cybersecurity to your I.T. team or your external I.T. resources. Curious about the difference between an I.T. and cybersecurity professional? Wondering about companies that offer both, I.T. and cybersecurity services? Need a cost-effective strategy? Well you're in luck as all these answers, and more, can be found in this episode of Compliance Unfiltered.

On this episode of Compliance Unfiltered, Adam and Todd have a sound chat on the value of request lists when it comes to building in efficiencies to your compliance process. Everyone is looking to do what they do better, faster and cheaper. Curious how to reduce redundancies? Wondering what you can do to create more hours in your team's day? You're in luck, all these answers and more on this week's Compliance Unfiltered.