Podcasts about audit manager

We're thrilled to announce a major milestone for Compliance Conversations – our 100th episode! Over the years, we've had the privilege of hosting industry experts to hear their invaluable perspective on best practices, trends, and real-world scenarios in compliance and auditing. This special episode is a celebration of our journey and the incredible community that's made it possible! Join CJ Wolf, MD, Debi Behunin (Healthicity Vice President of Product), Brian Burton (Healthicity Chief Compliance and Privacy Officer), Remo Peshkepia (Healthicity Product Manager), and Sarah Crane (Marketing and Brand Manager) for insider insights on: - The evolution of compliance and auditing. - Key milestones for Healthicity, including Audit Manager and Compliance Manager developments. - Insights from the Healthicity team on where compliance is headed. Thank you for being part of this journey! Here's to many more episodes of helping you navigate the complex (and interesting!) world of compliance.

Listen in to find out about Grant Thornton's experience after 20 months in the Bermuda market place.   Tanya Beattie is a senior qualified actuary with significant expertise across multiple areas of the Insurance industry. She leads the actuarial practice in Grant Thornton Bermuda and also Internal Audit. She brings a wealth of commercial and regulatory acumen, gained from her experience within both the Insurance industry, across Risk Management, Actuarial and Pricing roles, and also with the Irish regulator - the CBI. Tanya moved to Bermuda as part of Grant Thornton's official launch on island in January 2023, and has developed strong relationships across the market since then – working closely with the on-island service providers, particularly insurance managers and law firms – while leading numerous client advisory engagements with both captive and commercial insurers.    Karen Walrond is a qualified accountant with over 15 years of auditing experience of which 12 relate to work within the Bermuda insurance industry with captive and commercial insurers, investment holding companies, local companies and not-for-profit organizations. Her career commenced at KPMG Trinidad and KPMG Barbados before moving to Bermuda and joining Arthur Morris & Company Limited (AMC) as a senior and after a few years was promoted to Audit Manager. She also gained experience at an Insurance Management company where she worked on captive and commercial insurers before joining Grant Thornton Bermuda as an Audit Director in May 2024. She brings a wealth of knowledge, gained from her experience in the audit and insurance management industries.   Sponsor – Grant Thornton  graphic link to: https://www.grantthornton.bm/

Welcome to episode 264 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin, Jonathan, Ryan (and eventually) Matthew are all on hand this week  – and *announcement noise* this week it's the return of the Cloud Journey Series! There's also a lot of news from Re:inforce, a ground-breaking partnership between Oracle and Google Cloud, and updates to GKE. The guys also look ahead to Finops ‘24.  Titles we almost went with this week: First, AI came for Writers/Artists, then it came for Developers, and now it comes for Security… What’s Next?  Amazon Reinforces my Lack of Interest in Attending – JPB rl Object Storage Malware protection, everyone, please copy it! Amazon is the last man out in Oracle next-gen partnerships Dear Google, A partnership with Oracle is not Groundbreaking when Azure already did it AWS Announces some “We finally got around to it feature updates” Protect your S3 buckets from themselves with Amazon Guard Duty The CloudPod and AI play Guess Who? with IAM Access Analyzer. A big thanks to this week's sponsor: We're sponsorless! Want to reach a dedicated audience of cloud engineers? Send us an email, or hit us up on our Slack Channel and let's chat!  AWS  01:04 Simplify risk and compliance assessments with the new common control library in AWS Audit Manager   AWS Audit Manager is introducing a common control library that provides common controls with predefined and pre-mapped AWS data sources.  This makes it easy for the GRC teams to use the common control library to save time when mapping enterprise controls into Audit Manager for evidence collection, reducing their dependence on IT teams.  You can view the compliance requirements for multiple frameworks such as PCI or HIPAA, associated with the same common control in one place, making it easier to understand your audit readiness across multiple frameworks simultaneously.  Interested in pricing? You can find that info here.  01:37 Ryan – “It’s the dream! Automated evidence generation. And now with the context of known frameworks. Yeah; because that’s always the challenge, you know, are the last step of the translation – this is the control. Hey, we need all these controls to do this level of compliance.” 04:36 Centrally manage member account root email addresses across your AWS Organization 2017 Justin is really digging all these quality-of-life features coming out, and we like to think that AWS has just finally gotten to our pile of feature requests from back then.   This week, it’s now easier for AWS Organizations customers to centrally manage the root email address of member accounts across their organization using the CLI, SDK and Organizations Console.  

Renita and I had a late night conversation about how these corporations are removing remote work in the quest to gain complete control of our time.   Renita Rhodes is a Vice President, Audit Manager in Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls.She supports coverage in areas such as- Cyber Threat Fusion Center,- Data Loss Protection,- Security Information and Event Management,- Cryptographic Services, and- Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.

Renita and I had a blunt discussion about what to look out for when evaluating a course offered by a tech job influencer. We discussed our perspectives on what we uncovered during our research for this episode. We also discussed some trustworthy courses and programs if you are looking for training.  You can reach out to either one of us at https://www.tekordie.com/contact/ if you have any questions, comments, etc. Renita Rhodes is a Vice President, Audit Manager in Cyber Security for a well-known worldwide bank, supporting the coverage of the bank's core Cybersecurity controls. She supports coverage in areas such as - Cyber Threat Fusion Center, - Data Loss Protection,- Security Information and Event Management, - Cryptographic Services, and - Network Security Management.Renita also works as a Cybersecurity and Information Systems Adjunct Professor at Maryville University and Harris Stowe State University, teaching the; Cyber Law, Policy and Compliance, Security Information and Event Management, Introduction to Information Security, Applied Programming - Python and Systems Analysis and Design courses.

Hello Bright Minds, this is a special season finale involving six guests who are making full time work work with  young children. I wanted to do this episode after I read a statistic that didn't shock me as much as sadden me in a report published earlier this year called “CAREERS AFTER BABIES”. 848 women took part in the research which found 85% of women leave the full-time workforce within three years of having children.Upfront disclaimer, all voices in this episode are women who are in a partnership with the father of their children. The guests are drawn from our Instagram community where I put up a poll one Saturday morning in February asking whether they worked FT or PT. I was surprised that the majority in our community answered that they work full time and then thought…haha, let's do a podcast about working full time and ask these mamas to be part of it. I didn't hear from anyone who is solo parenting and working full time and so we've got the voices who volunteered to chat to me.When I reflect on the DM's people sent me on instagram and the voices of the women you're about to hear, there appear to be four key factors that enable women to continue to work FT when they become parents. Mindset and attitude of the individual: wanting to work full time and enjoying your work.Your employer having a positive and supportive attitude towards of compressed hours.Your employer having a positive and supportive attitude to working from home. And number four relates to a woman's partner: having a partner who is positive about you working FT and is committed to sharing the load equally at homeIn this episode you're going to hear those factors brought to life. My guests are:Carina Hoskisson, Engineer at Caterillar.Caoimhe Burins, Audit Manager at Dell.Rebecca Knight, an Executive Assistant in financial services.Kirsty Trude, HR business partner in an international charity.Chrissy, who works in the NHS."Anna" who works in the police.MORE FOR YOU DM Jessica on instagram @comebackcommuk Join a free expert 'Comeback Conversation' Q&A event Read Mothers Work! How to Get a Grip on Guilt and Make a Smooth Return to Work by Jessica Chivers. Watch five coachees talk about working with us Tell your HR team about Comeback Community with this 1 minute explainer film

Coach Wanda has lived an incredible life filled with challenges, growth, and success.She lost her father at the young age of nine, which changed everything for her family.Despite this, she went on to become a Certified Public Accountant and Audit Manager by working in multinational companies like EY and Emirates.In her first year as an OF in 2006, she did extraordinary ways to save money for her to be able to pay-off all her debts in just one year!Everything was going well for her as she slowly started investing in properties and other investments.But being in a highly demanding job was tough for her as a mother of two and in 2014, Wanda suffered from burnout.It was then that Wanda realized that she wasn't alone in her struggles, and many others were suffering from stress and burnout just like her.This event led her on a new path, one that saw her become an international career coach and trainer for working individuals and organizations.In 2021, she became the Number 1 Most Influential Filipina on LinkedIn, a testament to her hard work and dedication.Wanda's mission now is to end the epidemic of stress and burnout by sharing life tools that education lacks through training and coaching.Her journey is a testament to the power of resilience, determination, and faith.This episode is PACKED with so much learning, so make sure you give it a listen!

In this episode, we're talking to Ateeb Khan, a Karachi-born, Ireland-based Pakistani. Ateeb tells us about his journey from Karachi to Dublin. Tune in to this episode to hear about Ateeb's unique journey from Karachi to Ireland! #Ireland #podcast #ACCA #CA He is an accountant/auditor by profession, trained within big4 firms. He is currently working as an Audit Manager in Grant Thornton Ireland. He moved to Dublin to join Ernst & Young professional firm in early 2019 from Doha, Qatar where he worked with KPMG for a short period of time. He is an ACCA member by qualification and CA Pakistan finalist.

For this podcast, we've asked Randy Ossege, Parts & Audit Manager at R.A Jones and Marketing Communications Director Jason Stover to explain exact what a specialized audit involves, how to know if you need one and the latest technology used.

For this podcast, we've asked Randy Ossege, Parts & Audit Manager at R.A Jones and Marketing Communications Director Jason Stover to explain exact what a specialized audit involves, how to know if you need one and the latest technology used.

Ignacio launched his career as an Audit Manager at the “Big Four” firm Deloitte & Touche, where he helped make a positive impact for clients such as Direct TV, Perry Ellis, Florida Power & Light, Elizabeth Arden, Baptist Health System and the Miami Dolphins. After leaving Deloitte & Touche, he worked at MasterCard as the Director of Accounting for the Latin America Region. Upon making the leap into the hospitality industry, Ignacio worked at Shula's Steak Houses for five years as Vice President of Finance and was instrumental to the company's sustained financial success. From 2011 to 2014, he joined 50 Eggs Restaurant Group as Executive Vice President and Chief Financial Officer, where he managed all business functions of the 400-employee company, including negotiating and closing the $24-million sale of its Lime Fresh Mexican Grill division to Ruby Tuesday. He also negotiated development deals with the Sands Corp and assisted in the development and operation of James Beard Award semi-finalists Yardbird Southern Table & Bar and Khong River House, among others. In 2014, he joined Grove Bay Hospitality Group as Co-Founder and Chief Executive Officer. In just a few years, Grove Bay Hospitality Group has experienced tremendous growth and success while receiving numerous awards along the way. In 2018, Restaurant Hospitality Magazine named Grove Bay Hospitality Group as one of the Top 25 Innovative Multi-concept Restaurant Groups in the United States, it was listed by Entrepreneur Magazine at #250 for the Best Entrepreneurial Companies in America and was awarded the 2018 Business of the Year by the South Florida Business Journal. In addition, Ignacio has been recognized in the community by the South Florida Business Journal Magazine as one of its “Top Movers and Shakers” and in 2018, he was recognized by Ernst & Young as an Entrepreneur of the Year Florida Awards finalist. This award recognizes entrepreneurs who demonstrate excellent and extraordinary success in areas such as financial performance, innovation and commitment to their businesses and communities. In 2020, Ignacio was recognized as one of the most influential restaurant CEO's in the country by Nation's Restaurant News. A true reflection of a career both diverse and successful at every milestone. Ignacio holds a Bachelor of Science in Accounting from the University of Florida, a Master of Accounting from Florida International University, and a Certificate of Foodservice Management from Cornell University. He also serves as Board Member – Florida Restaurant & Lodging Association.

Related Report: Suicide Prevention Coordinators Need Improved Training, Guidance, and OversightReport Summary: As part of the Veterans Health Administration's (VHA) suicide prevention strategy, suicide prevention coordinators at VA medical facilities are required to reach out to veterans referred from the Veterans Crisis Line. Coordinators provide access to assessment, intervention, and effective care; encourage veterans to seek care, benefits, or services with the VA system or in the community; and follow up to connect veterans with appropriate care and services after the call. VHA's Office of Mental Health and Suicide Prevention is responsible for issuing policy and guidance for managing crisis line referrals. The VA Office of Inspector General (OIG) conducted this review to evaluate whether coordinators properly managed crisis line referrals to ensure at-risk veterans were reached.The OIG found that coordinators mistakenly closed some veteran referrals because coordinators lacked the proper training, guidance, and oversight necessary to maximize chances of reaching at-risk veterans referred by the crisis line. VHA lacked comprehensive performance metrics to assess coordinators' management of crisis line referrals, and coordinators lacked clear guidance on how to manage crisis line referrals. Until VHA provides appropriate training, issues adequate guidance, and improves performance metrics, coordinators could miss opportunities to reach and assist at-risk veterans.The OIG made five recommendations to the under secretary for health that include improving data integrity, training coordinators on using patient outcome codes, developing additional guidance, monitoring compliance with requirements to space calls over three days, and evaluating program data for additional opportunities to improve services for referred veterans.

In this week's episode of Unleash the Superhuman In You I have Robert Hercus as my guest. Robert is a Health Coach who is on a mission to help busy professionals have more

About ClintonClinton Herget is Principal Solutions Engineer at Snyk, where he focuses on helping our large enterprise and public sector clients on their journey to DevSecOps. A seasoned technologist, Clinton spent his 15+ year career prior to Snyk as a web software engineer, DevOps consultant, cloud solutions architect, and technical director in the systems integrator space, leading client delivery of complex agile technology solutions. Clinton is passionate about empowering software engineers and is a frequent conference speaker, developer advocate, and everything-as-code evangelist.Links:Try Snyk for free today at:https://app.snyk.io/login?utm_campaign=Screaming-in-the-Cloud-podcast&utm_medium=Partner&utm_source=AWS TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.  Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode features Clinton Herget, who's a principal solutions engineer at Snyk. Or ‘Snick.' Or ‘Cynic.' Clinton, thank you for joining me, how the heck do I pronounce your company's name?Clinton: That is always a great place to start, Corey, and we like to say it is ‘sneak' as in sneaking around or a pair of sneakers. Now, our colleagues in the UK do like to say ‘Snick,' but that is because they speak incorrectly. We will accept it; it is still wrong. As long as you're not saying ‘Sink' because it really has nothing to do with plumbing and we prefer to avoid that association.Corey: Generally speaking, I try not to tell other people how to run their business, but I will make an exception here because I can't take it anymore. According to CrunchBase, your company has raised $1.4 billion. Buy a vowel for God's sake. How much could it possibly cost for a single letter that clarifies all of this? My God.Clinton: Yeah, but then we wouldn't spend the first 20 minutes of every sales conversation talking about how to pronounce the company name and we would need to fill that with content. So, I think we're just going to stay the course from here on out.Corey: I like that. So, you're a principal solutions engineer. First, what does that do? And secondly, I've known an awful lot of folks who I would consider problem engineers, but they never self-describe that way. It's always solutions-oriented?Clinton: Well, it's because I worked for Snyk, and we're not a problems company, Corey, we're a solutions company.Corey: I like that.Clinton: It's an interesting role, right, because I work with some of our biggest customers, a lot of our strategic partners here in North America, and I'm kind of the evangelist that comes out and says, “Hey, here's what sucks about being a developer. Here's how we could maybe be better.” And I want to connect with other engineers to say, “Look, I share your pain, there might be an easier way, if you, you know, give me a few minutes here to talk about Snyk.”Corey: So, I've seen Snyk around for a while. I've had a few friends who worked there almost since the beginning and they talk about this thing—this was before, I believe, you had the Dobermann logo back in the early days—and I keep periodically seeing you folks in a variety of different contexts and different places. Often I'll be installing something from Docker Hub, for example, and it will mention that, oh, there's a Snyk scan thing that has happened on the command line, which is interesting because I, to the best of my knowledge, don't pay Docker for things that I do because, “No, I'm going to build it myself out of popsicle sticks,” is sort of my entire engineering ethos. But I keep seeing you in different cases where as best I am aware, I have never paid you folks for services. What is it you do as a company because you're one of those folks that I just keep seeing again and again and again, but I can't actually put my finger on what it is you do.Clinton: Yeah, you know, most people aren't aware that popsicle sticks are actually a CNCF graduated project. So, you know, that's that—Corey: Oh, and they're load-bearing in almost every piece of significant technical debt over the last 50 years.Clinton: Absolutely. Look at your bill of materials; it's there. Well, here's where I can drop in the other fun fact about Snyk's name, it's actually an acronym, right, stands for So, Now You Know. So, now you know that much, at least. Popsicle sticks, key component to any containerized infrastructure. Look, Snyk is a developer security company, right? And people hear that and go, “I'm sorry, what? I'm a developer; I don't give a shit about security.” Or, “I'm a security person”—Corey: Usually they don't say that out loud as often as you would hope, but it's like, “That's not true. I say that I care about security an awful lot.” It's like, “Yeah, you say that. Therein lies the rub.”Clinton: Until you get a couple of drinks in them at the party at re:Invent and then the real stuff comes out, right? No, Snyk is always been historically committed to the open-source community. We want to help open-source developers every bit as much as, you know, we're helping the engineers at our top-tier customers. And that's because fundamentally, open-source is inextricably linked to the way software is developed today, right? There is nobody not using open-source.And so we, sort of, have to be supporting those communities at the same time. And that fundamentally is where the innovation is happening. And you know, my sales guys hate when I say this, right, but you can get an amazing amount of value out of Snyk by using the freemium solution, using the open-source tooling that we've put out in the community, you get full access to our vulnerability database, which is updated every day, and if you're working on public projects, that's going to be free forever, right? We're fundamentally committed to making that work. If you're an enterprise that happens to have money to spend, I guess we'll take that too, right, but my job is really talking to developers and figuring out, you know, how can we reduce the amount of pain in your life through better security tooling?Corey: The challenging part is that your business, although I confess is significantly larger than my business, we're sort of on some level solving the same problem. And that sounds odd to say because I focus on fixing AWS bills and you're focused on improving developer security. But I'm moving up about six levels to the idea that there are only two big problems in the world of technology, in the world of companies for that matter. And the problem that we're solving is the worst one of the two. And that is reducing risk exposure.It is about eliminating downside. It's cost optimization, it's security tooling, it is insurance, et cetera, et cetera, et cetera. And the other problem, the one that I've always found, that is the thing that will get people actually excited rather than something they feel obligated to do is speeding up time to market, improving feature velocity, being able to deliver the right things sooner. That's the problem companies are biasing towards investing in extremely heavily. They'll convene the board to come up with an answer there.That said, you stray closer into that problem space than most security companies that I'm aware of just because you do in fact, speed up the developer process. It let people move faster, but do it safely at least is my general understanding. If I'm completely wrong on this, and, “Nope, we are purely risk mitigation, then this is going to look fairly silly, but it wouldn't be the first time I put my foot in my mouth.”Clinton: Yeah, Corey, it sounds like you really read the first three words of the website, right? “Develop fast. Stay secure.” And I think that fundamentally gets at the traditional alignment, where security equals slow, right, because risk mitigation is all about preventing problematic things from going into production. But only doing that as a stop gate at the end of the process, right, by essentially saying we assume all developers are bad and want to do bad things, and so we're going to put up this big gate and generate an 1100 page PDF, and then throw it back to them and say, “Now, go figure out all of the bad things you did and how to fix them. And by the way, you're already overshooting your delivery target.” Right? So, there's no way to win in that traditional model unless you're empowering developers earlier with the right context they need to actually write more secure code to begin with, rather than remediating after the fact when those fixes are actually most expensive.Corey: It's the idea of the people who want to slow down and protect things and not break are on the operation side of the world, and then you have developers who want to ship things. And you have that natural tension, so we're going to smash them together and call it DevOps, which at least if nothing else, leads to interesting stories on stages. Whether it actually leads to lasting cultural transformation is another thing entirely. And then someone said, “Well, what about security?” And the answer is, “We have a security department?” And the answer is, “Yeah, you know, those grumpy people that say no all the time whenever we ask if we could do anything.” “Oh, that security department. I ignore them and go around them instead.” And it's, “All right, well, we need help on that so we're going to smash them in, too.” Welcome to DevSecOps, which is basically buzzword-driven cultural development. And here we are. But there is something to be said for you can no longer be the Department of No. I would argue that you couldn't do that successfully previously, but at least now we're a little more aware of it.Clinton: I think you could certainly do that when you were deploying software a couple times a year, right? Because you could build in all of the time to very expensively and time consumingly fix things after the fact, right? We're no longer in that world. I think when you're deploying every few seconds or a few minutes, what you need is tooling that, first of all, runs at that speed, that gives developers insights into what risk are they bringing on board with that application once it will be deployed, but then also give them the context they actually need to fix things, right? I mean, regardless of where those vulnerabilities are found, it still ultimately is a line of code that has to be written by a developer and committed and pushed through a pipeline to make it back into production.And that's true, whether we're talking about application security and proprietary code, we're talking about vulnerabilities in open-source, vulnerabilities in the container, infrastructure as code. I mean, it used to be that a network vulnerability was fixed by somebody going into the data center, unplugging a Cat 5 cable and plugging it in somewhere else, right? I mean, that was the definition of network security. It was a hardware problem. Now, networking is software-defined. I mean [laugh]—Corey: Oh, the firewall I trust is basically a wire cutter. Yeah, cut through the entire cable, and that is the only secure firewall. And it's like, oh, no, no, there are side-channel attacks. It's not completely going to solve things for you. Yeah.Clinton: You know, without naming names, there are certainly vendors in the security space that still consider mitigation to be shutting down access to a workload, right. Like, let's remediate by taking this off of the internet and allowing it to no longer be accessible.Corey: I don't think it's come from a security standpoint, but that does feel like it's a disturbing proportion of Google's product strategy.Clinton: [laugh]. Absolutely. But you know, I do think maybe we can take the forward-looking step of saying there are ways to fix issues while keeping applications online at the same time. For example, by arming engineers with the security intelligence they need when they're making decisions about what goes into those applications. Because those wire cutters now, that's a line in a YAML file, right?That's a Kubernetes deployment, that's a CloudFormation template, and that is living in code in the same repo with everything else, with all of the other logic. And so it's fundamentally indistinguishable at the point where all security is really now developer security, except the security tooling available doesn't speak to the developer, it doesn't integrate into their workflow, it doesn't enable them to make remediations, it's still slapping them on the wrist. And this is why I think when you talk about—to invoke one of the most overused buzzwords in the security industry—when you talk about shifting left, that's really only half the story. I mean, if you're taking a traditional solution that's designed to slow things down, and shifting that into the developer workflow, you're just slowing them down earlier, right? You're not enabling them with better decision-making capacity so they can say, “Oh, I now understand the risks that I'm bringing on board by not sanitizing a string before I dump it into a SQL, you know, query. But now I understand that better because Snyk is giving me that information at the right time when I don't have to context switch out of it, which is, as I'm writing that line of code to begin with.”Corey: When I look at your website—and I'm really, really hoping that your marketing folks don't turn me into a liar on this one between the time we have recorded this and the time it sees the light of day in a week or so—it's notable because you are a security vendor, but you almost wouldn't know that from your website. And that is a compliment because at no point, start to finish, on the landing page at snyk.io do I see anything that codes to, “Hackers are coming to kill you. Give us money immediately to protect yourself.”You're not slinging FUD. You're talking entirely about how to improve velocity. The closest it gets to even mentioning security stuff is, “Ship on time with peace of mind.” That is as close as it gets to talking about security stuff. There is no fear based on this, and you don't treat people like children and say, “Security is extremely important.” “Thank you, Professor, I really appreciate that helpful tip.”Clinton: Yeah, you know, again, I think we take the very controversial approach that developers are not bad people who want to make applications less secure, right? And I think again, when you go into that 40-year trajectory of that constant tension between the engineering and the security sides of the house, it really involves certain perceptions about what those other people are like: security are bad and want to shut everything down; developers are, you know, wild cowboys who don't care about standardization and are just introducing a bunch of risk, right? Where Snyk comes in is fundamentally saying, “Hey, we can actually all live together in a world where we recognize there's pain on both sides?” And look, Corey, I'm coming to you after essentially waking up every day for 20 years and writing code of some kind or other, and I can tell you, developers are already scared enough, man. It is a fearful and anxiety ridden experience to know that you're not completely in command of what happens to that application once it leaves your IDE, right?You know at some point you're going to get that PDF dumped on you; you're going to have a build block, you're going to have a bug report come in from a very important customer at three o'clock in the morning and you're going to have to do something about it. I think every software engineer in the world carries that fear around with them. They don't have to be told you have the capacity to do bad stuff here and you should be better at it. What they need is somebody to tell them here's how to do things better, right? Here's not necessarily even why a cross-site scripting attack is dangerous—although we can certainly educate you on that as well—but here's what you need to do to remediate it. Here's how other developers have fixed that in applications that look like yours.And if you get that intelligence at the right point, then it becomes truly—to go back to your original question—it becomes about solutions rather than about problems, right? The last thing we ever want to do is adopt that traditional approach of saying, “You did a bad thing. It's your fault. You have to go figure out what to do. And then by the way, you have to do all the refactoring on top of that because we didn't tell you you did the bad thing until three weeks later when that traditional SaaS tool finally finished running.”Corey: Exactly. It's a question of how much can you reduce that feedback loop? If I get pinged 60 seconds after I commit code that there's a problem with it, great. I still have that in my head. Mostly. I hope. But if it's six months later it's, “Who even wrote this?” And I pull up git blame and, “Ah, crap, it was me. What was I possibly thinking back then?” It's about being able to move rapidly and fix things, I guess, as early in the process as possible, the whole shift-left movement. That's important. That's valuable.Clinton: Yeah, the context switching is so expensive, right, because the minute you switch away from that file, you're reading some documentation. You're out of that world. Most of the developer's time is spent getting into and out of different contexts. Once you're in there, I mean, you could rattle off 40 lines of code in a sitting and actually clear a ticket and you feel really good about yourself, right? The next day, when that comes back from QA saying you did something wrong here, that's the painful part of having to get back in.And by the time you've already done that, you've doubled the amount of time you've spent on that feature. So, it's all about integrating the right intelligence in the right context at the right time, and doing so in such a way that we're not throwing around blame, that we're not saying, “You should have known better.” We're saying, “We want to help you do this better because, you know, ultimately, you're going to write another SQL query. That's okay. We hope that maybe this will inspire you to sanitize those strings properly, and we're going to give you some suggestions on how to do that.”Corey: Yeah. Developer time is way more expensive than the infrastructure. That is, I think, a little understood facet of how this works from an engineering perspective because an awful lot of us came up in this industry considering our time to be free. Because we were doing this as a hobby in some cases, it was. When I was in my dorm room back many years ago, as I was basically in the process of being expelled from boarding school, it was very clearly my time was not worth a whole hell of a lot to anyone at that point.Speaking of expensive things, I want to talk for a minute about your pricing. And what I like about this is, let me be clear here. I am a big fan of taking shortcuts wherever I can, and one of the shortcuts I love doing—and I don't know if I've talked about it on this show before—is when I'm talking to a company and I need to figure out do they know what they're doing or are they clowns, I cheat and I go to the pricing page. And there are two big things that I look for, and you have them both.The first is that over on the far left side of the spectrum, it's do you have a free option? And yes, you do. And, “Click here to get started immediately.” Great because it's three in the morning, I need to get something done, I'm under a deadline, I do not have time for a conversation with sales, and as an engineer, I absolutely don't want to deal with that type of sales process because it feels weird to go and ask my boss to go ahead and sign off on something because I feel like my spending authority is capped at $20. Now that I have a little more context, I understand exactly why [laugh] my spending authority was capped at $20 back when I was an engineer.Clinton: Yeah, exactly right. And so it's not only that commitment to ensuring every software engineer in the world can have access to Snyk immediately by making one click because, you know, ultimately, we're committed to that community, right? There's 3 million developers using Snyk currently. That's about 10% of all engineers in the world. We're very proud of that number.We expect that to continue to grow and I think it shows that there is need out there, right? And if we can enable every engineer who's up at 3 a.m. faced with some security prospect to say, you know, it is as simple as getting a free account and getting a vulnerability report, getting the remediation advice, being able to sleep easier. I think we're successful as a company, regardless of what the bottom line is. But when you look at how to scale that into the enterprise, the way security solutions are priced, I mean, it's like throwing a bunch of wet noodles at the wall and seeing what sticks, right?Corey: Yes. And that's the other piece of your pricing that I like is a lot of people are going to be listening to that, what I'm saying right now about, “Oh, well, we have a free tier. Why do you think we're clowns?” It's, “Ah. Because the other end is just as important if not more so, which is there has to be an enterprise tier, and the price for that has got to be, ‘Click here to have a conversation.'” And the reason behind that is if you work in procurement, which is very often who's going to be reaching out on something like this, you are going to need custom contracts; you are going to want a long-term enterprise deal, and if the top tier is X dollars per thing that's already there, it reeks of unsophisticated vendor to a buyer in that position, and it makes the people a big blue chip companies think, “Oh, they don't know how to deal with someone at our scale.” Pricing his messaging, and I think people lose sight of that. You absolutely say the right things on both ends. I look at this, and there's nothing I would change or improve about your pricing page, which to be honest, is really rare.Clinton: I'm not sure all of our sales leaders would agree with you there, but I will pass that feedback along. Well, and the other thing I would add to that is, what everyone who's in a pricing conversation wants is predictability about what is this going to be in the future, right? And so we base our pricing on how many developers are in your organization, right? That's probably a number you know; that's probably a number that you can predict over time. We're not going to say, “How many CPUs are we using, right? What's the footprint of the cloud resources we're deploying to scan your stuff?” These are all things that you have very little control over and there is alchemy there that introduces a financial risk into that situation. And we're all about risk mitigation at scale, right?Corey: You don't pop up halfway through a cycle of, “Oh, you've gone on a hiring spree. Time to go ahead and pay us a bunch more money you didn't plan for or budget for.” I've had vendors pop up a quarter after I signed a deal—repeatedly—and it drives me up a wall because back in my engineering days, it was, great, now I have to spend time on this that I hadn't planned for; I have to go to my boss and ask for more money, never a great conversation, and as a cherry on top, I get to look like I don't know how to manage vendors for crap. It's just everyone is angry about those conversations. And even the salespeople reaching out had the decency to act a little sheepish about having to have that conversation with me.Clinton: The best ones do, at least. Well, and on top of that, you know, maybe that tool has been capped so that now your bills are breaking because you went one over your cap, right? So, I—Corey: Yeah. I love it. When I fail in production. That's my favorite thing. It's like, “All right, we're going to wind up not scanning for security stuff anymore. And if you go five beyond your cap, we're going to start introducing vulnerabilities.” It's, “That's awesome. Just, great plan.” But I'm kidding. I'm kidding. I want to be very clear, I have never heard a whisper of an actual vendor doing that, on purpose anyway.Clinton: Exactly. Right. And you know, look. We want to make it as easy as possible, and that's why, for example, we're on AWS Marketplace. You can use your existing EDP program to, you know, buy Snyk, just as—Corey: At 50% of your spend on Snyk then winds up counting toward your spend commit, which is always an interesting approach that some people are like, “Ooh. So, we can wind up transferring the money that we're spending on a vendor to count toward our commit?” But in many cases, it's how much are you spending on other third-party vendors in this space because you're getting excited about a few tens of thousands in most cases, and you have a $50 million annual [laugh] commit. What are you doing there, buddy? That's like trying to become a millionaire via credit card points. It doesn't usually pan out that way.Clinton: Fair enough. Yeah. And then look, we're very proud of that partnership with Amazon. And look if hey, if they can lock some of our customers into $15 million a year spend contracts, we'll take a few pennies on that, right?Corey: Oh, yeah, as a vendor, you'd be silly not too. It makes sense. But you're doing significantly more than that. As of this week being re:Invent week, you are—well, tell me about it.Clinton: Yeah, Corey, we are thrilled to announce this week that AWS is now integrating with Snyk's vulnerability database within Amazon Inspector. And this is going to bring the best-of-breed security intelligence with a curated vulnerability database, including all of our proprietary research around things like exploit maturity, reachability, vulnerable conditions, social trends on vulnerabilities, all available within Amazon Inspector to any developer utilizing it. We also have an AWS code pipeline integration that makes it easy for anyone utilizing AWS for your CI/CD to get immediate feedback on vulnerabilities in your applications as they move through that pipeline. And remember, we're never just going to say, “We've identified a vulnerability. Now, you need to figure out what to do with it.” We're always going to integrate the remediation advice because our audience at the end of the day is the developer whose job it is to make the fix and who has such a wide variety of responsibility these days, the best we can do is say to them, not just, “We found something wrong,” but, “Here's the solution that we think you should implement to get that secure code back out into production.”Corey: This episode is sponsored by our friends at CloudAcademy. That's right, they have a different lab challenge up for you called, “Code Red: Repair an AWS Environment with a Linux Bastion Host.” What does it do? Well, its going to assess your ability to troubleshoot AWS networking and security issues in a production like environment. Well, kind of, its not quite like production because some exec is not standing over your shoulder, wetting themselves while screaming. But..ya know, you can pretend in fact I'm reasonably certain you can retain someone specifically for that purpose should you so choose. If you are the first prize winner who completes all four challenges with the fastest time, you'll win a thousand bucks. If you haven't started yet you can still complete all four challenges between now and December 3rd to be eligible for the grand prize. There's only a few days left until the whole thing ends, so I would get on it now. Visit cloudacademy.com/corey. That's cloudacademy.com/C-O-R-E-Y, for god's sake don't drop the “E” that drives me nuts, and thank you again to Cloud Academy for not only promoting my ridiculous non sense but for continuing to help teach people how to work in this ridiculous environment.Corey: First, congratulations. It's neat to have a first-party integration like that with an AWS service, as opposed to, you know, their somewhat storied approach of, “Hey, it's an open-source project. We're just going to implement something that's API compatible ourselves, and irritate people.” Now, to be clear, my problem is not that you should expect to build anything and not face competition. My concern is a little bit more along the lines of, “Huh. Why is that same company always the first in line to compete with something.” Which is neither here nor there.Security is also one of those areas where I think competition is important. You want it continual background level of investment in the space because this stuff is super important. What I like about Snyk and a number of companies in this space is I know exactly where you stand. Let's contrast that for a second with AWS. You're integrating with Inspector, which is a great service, but you're not, I don't believe, integrating with their other security services such as [big breath in] Amazon Detective, the Audit Manager—if you want to consider that one of them—Amazon Macie, AWS Firewall Manager, AWS Shield, the Network Firewall, IoT Device Defender, CloudTrail, Config.Amazon Inspector is in one you're there, but not really Security Hub, or GuardDuty, or IAM itself. And I look at all of these services—I mean, IAM is free, of course, but the rest are very much not—and I do some basic arithmetic and I'm starting to realize that if I can figure all the various AWS security services together and what that's going to cost me, it turns out the answer is more than the data breach. So, on some level, it's one of those—at what point is it so confusing and it starts to look like a cross-sell deal between all of the different services, and turn them all on because you could ever have too much security, we still have to ship things eventually. And their security messaging has been extraordinarily confused for a long time. At some level, the fact that you are now integrating with them on the Inspector side means that for the first time, I think I understand what Inspector does now, which is more than a little messed up. But here we are.Clinton: Indeed. Well, the first thing I would say on that is, you know, stay tuned. As we move into the new year. I think you're going to see a lot more announcements both, you know, on the AWS side, but also kind of industry-wide and terms of integration with Snyk. That Vulnerability Database feed also, as you mentioned earlier, in use in Docker Hub, so anyone with Containers and Docker Hub can get advantage by scanning with our Snyk container tool.We have other integrations with Red Hat, for example. And there are actually many other companies utilizing that DB feed to, again, get access to that best in breed vulnerability data. When you talk about that model of, you know, being outcompeted on the security front, I think that's more difficult to do when you're actually talking about data, right? Like tooling, on some level—and I might get in trouble for saying this—but tooling is commodity, right? Somebody tomorrow is going to come out with a better tool to do a thing a little bit faster in a little bit more intuitive way. What can't be easily replicated is the data and intelligence behind that, right? And so that's why—Corey: Yeah, the secret sauce that makes you folks work is not the fact of, “Ah, we can fire off or catch a web hook, and then run the following command against the codebase.” That is—sure it's handy and it's useful and you're good at that, but that is not the reason that people become your customer.Clinton: Exactly right. Look, there's a lot of tools that can resolve the dependency tree within your open-source application, right? We can do that as well. We leverage a lot of open-source to do that, you know, we're very open with that. As I mentioned earlier, a lot of Snyk tooling is available on GitHub, you can see how it works, that code is public.Really the value we're providing is in that curated security research that our dedicated team is working on day in and day out and verifying public security data that's out in CVEs. Is this actually accurate? Do we agree with the severity rating? Might there be other factors that could modify that severity rating? What happens when you are scanning an application that might have some vulnerable conditions versus others? Don't you want to prioritize those vulnerabilities differently? What happens at runtime, right? If you're deploying an application to an EC2 instance with an OpenSSH ingress into your security group, that's going to make certain vulnerabilities a lot bigger risk than if you've got your IAC configured correctly, right? So, the really the overall mission of Snyk as we move into this broader, kind of, ASPM application, you know, security posture management space, is to say, how many different signals across the SDLC can we combine in intuitive ways for the developer to understand that risk at the right time with the right context and armed with the remediation advice to make a better decision as they're writing their code, you know, rather than after the fact? If I could sum it all up, kind of, that's the vision of where we are both today and ultimately where we're going.Corey: There also needs to be an understanding of who the customer is. If I go through the launch wizard and spin up in a brand new account, my first EC2 instance, and I spin up an instance by going through the wizard, the first thing it does is yell at me. Because, “Ah, that SSH port is open to the world.” Which you need to get into it, once it's there. So, it sets that up for me and yells at me all in the same breath. And it's, this is not a promising start; I kind of need that to get into it.Conversely, if you're not someone learning this stuff for the first time, and you're, oh I don't know, a production engineer at a bank, you care quite a bit differently in that use case about things like OpenSSH groups, it's security posture, et cetera, et cetera. An awful lot of the tooling is, “Ah, you're failing this benchmark, and this benchmark, and this benchmark,” from CIS and the rest of all these rules of, oh, you're not encrypting your data at rest. Well, it's in an AWS data center environment. Yeah, if someone could break in and steal the drives from multiple facilities and somehow recombine them together and get out alive, yeah, that's really not my threat model.But it's easy to turn it on and check a box and make an auditor go away. But that's not where I would spend the bulk of my energies if I'm trying to improve my security posture. And it turns into rote checklists super easily. The thing I've always appreciated about the stuff that you're tooling in the open-source world has highlighted is it's not nonsense. And I really can't understate just how valuable that is.Clinton: Absolutely. And that comes from a combination of signals across that SDLC, from the open-source, from the container, from the proprietary code, from the IAC, but then also what's happening at runtime, right? Like, how are those containers actually deployed onto EKS? What ports are open? What running binaries are on the container that might influence, you know, what packages you choose to upgrade, versus not?All of that matters, and what—you know, the issue I think now is getting that visibility to the developer at the right time so that they can make it actionable. And the thing about infrastructure as code, that I think that's really interesting and not super well understood is a lot of those defaults are really insecure. And developers have no idea, right? Like, they might not be aware that if you don't define that encryption for your S3 bucket, it'll happily deploy unencrypted, right? Yes, that's a compliance problem, but that's also potentially exacerbator have other vulnerabilities that might be in that application.But you only see those when you can combine and have a single pane of glass that gives you the runtime signaling plus everything that's happening in the application, armed with the correct information to actually remediate that at the time, and say, “Don't you think you wanted to add, you know, AES encryption to this bucket? Don't you think you wanted to close down port 22?” And also, combine that with your internal business logic, right? Like maybe for an internal only application that never transits beyond your VPC perimeter, sure, it's fine to have port 22 open, right? There's just going to be people within your zero-trust environment authenticating to it. But for your production web application, that might be a different story.Corey: There are other concerns, too. For example, I'm sitting here complaining about the idea of encrypting at rest in an AWS environment, but if you've signed customer contracts that state that you're doing it, you'd better freaking do it, as opposed to, “Well, I know what the actual security risk is and it's no big deal.” Yeah, don't make that decision. If you are contractually obligated to do a thing. Don't YOLO it; do what you say you're going to do. That's that whole integrity thing.Clinton: Oh, sure. And look in a battle between security and compliance. Compliance always wins, right? But from a developer perspective, I don't know that we on the front lines writing code actually differentiate, right? That certainly is a matter for the people defining the policies and, you know, creating their gating mechanisms in CI to figure out.What I want to know as a developer is, is my build going to succeed, right? Or am I going to get shut down and get the nastygram that says, you know, “We couldn't launch this for x, y, and z reason.” Now, everybody on my team hates me, my lead dev is on me, now there's a bunch of merge conflicts because my branch is behind. I want to get that out into production, but in order to do that, I need information on how are all these signals going to be compiled together in a way that, you know, creates that red light or green light on the risk dashboard later on. But up until I think, you know, relatively recently, I don't have visibility into that except to launch the commit, you know, start the build and see what happens, and then I have that context-switching problem, right, because it's hours or days later, that I finally get that signal back.So yes, I think we have a compliance story to tell from the Snyk perspective as well. A lot of those same issues, you know, we're detecting, especially with regard to infrastructure as code, but it ultimately is up to various parts of the organization to work together and say, “What balance do we want to strike between security and velocity,” right? Understanding that those are not mutually opposed. What we need is tooling and more importantly a culture that takes both into account and allows us to develop securely and fast at the same time.Corey: I want to thank you so much for taking the time to speak with me about all this. If people want to learn more, where can they find you? And for God's sake, please don't say in your booth at re:Invent.Clinton: [laugh]. I will not be at re:Invent this year. I've had a little bit too much of the Vegas Strip here recently.Corey: No, I hear you. Right now, the people going are those whose employers find them expendable, which is why I'm there.Clinton: I wouldn't say that Corey. I think you'll do great, and you know, just make sure to bank all your vacation for a couple weeks after. Look, come to snyk.io start a conversation, but more importantly, just start using it, right?I don't want to give you the sales pitch; I want you to see the value in the tooling, and the easiest way to do that as an engineer is just to start using it. And if there is value there, you want to bring it to your enterprise. I would love to have that conversation and move forward. But engineer to engineer, like, figure out if this is going to work for you: does it make your life easier? Does it reduce the pain and anxiety you feel before making that commit into the production branch? And if so, then yeah, we'd love to talk.Corey: I will, of course, put links to that in the [show notes 00:33:22]. Thank you so much for speaking to me today. I really appreciate it.Clinton: Thank you, Corey. Glad to do it.Corey: Clinton Herget, principal solutions engineer at Snyk. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment yelling at Snyk about how they're a terrible company because they continually refuse to patronize your side business down at the Vowel Emporium.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

APMG International presents our popular weekly panel Q&A show. Level Up your Cyber Resilience with the Host: Ellie Bowett and Question Master: Suchitra Jacob, Panelists: Etienne Shardlow, Mostafa AlShamy, Melanie Oldham, Sarbojit Bose and Simon Roller. An opportunity to have your real-life questions answered, driving the panel discussion before moving onto the focus topic: Bring Your Own Device (BYOD) with Melanie Oldham. Host: Ellie Bowett, APMG-International Question Master: Suchitra Jacob, APMG-International Panelists: Etienne Shardlow, Senior Consultant, Symphonise Consulting Mostafa AlShamy, Consultancy and Audit Manager, EGYBYTE Melanie Oldham, CEO, Bobs Business Ltd Sarbojit Bose, Owner and Managing Director of Training and Consultancy Services, Cyberservices, Singapore Simon Roller, Director and Principal Consultant, SR Advisory

In this episode, we had the opportunity to sit down with Vince Small and Mike Maurer from FD Fund Administration, for an interview.  This interview continued our mini-series on "A Look Behind the Curtain of a Private Equity Fund".If you have never heard of a Fund Administrator, this is a great episode to listen to. Remember, this is your MBA. Have a notepad handy and get ready to take some notes!Below are few topics that we covered during the interview:✅  What exactly is a Fund Administrator?✅  What type of operators are most likely to use a Fund Administrator?✅  Complexity of fund valuations when evaluating a multi-asset fund✅  Looking at predictions in the commercial real estate market✅  And More....Vince's Bio:Vince has over 20 years of experience in the financial services industry and partnership accounting, with the last five years, focused on Real Estate. Prior to joining “FD Fund Administration”, he held the position of Controller for a multi-billion dollar real estate family of funds, overseeing the accounting and reporting for several of their Real Estate partnerships with over $2 billion in commitments.Earlier in his career, Vince was Chief Financial Officer and Chief Compliance Officer for an investment advisor with over $800 million in assets under management. He spent six years with PwC as an Audit Manager in their financial services group, where he focused primarily on audits of large mutual fund companies and alternative investment clients.Mike's Bio:Mike has over 20 years of experience in finance and analytics, including nine years in commercial real estate and five in private equity. Prior to joining “FD Fund Administration”, he was Director of the valuations and analytics functions for a multi-billion dollar real estate family of funds. Mike also held various roles with Capmark Financial Group (formerly GMAC Commercial Mortgage) in its Global Treasury and Financial Planning and Analysis groups. Early in his career, he led accounting and risk management operations in the telecommunications, technology and healthcare sectors.You can reach out to connect and speak with Vince and Mike by going to their website at www.fd-fa.com.Please subscribe to the Real Estate Investor MBA Podcast on the following platforms:   YouTube  iTunes  Spotify  Stitcher  iHeart Radio   TuneIN  Google Podcast  If you like what we are doing and see that we are providing a lot of value, please be sure to leave us a 5-star review and positive comment.  In doing so, this helps us continue to attract the highest quality type guests to interview and for you to listen to.Check out our website at www.realestateinvestormba.com Follow us on Social Media: ✔️  Facebook✔️  LinkedIn

Dikla Czaczkes Akselbrad is the Executive Vice President and Chief Financial Officer of PolyPid, a global clinical-stage biopharmaceutical company focused on developing, manufacturing, and commercializing novel, locally administered therapies to improve surgical outcomes. Before joining PolyPid seven years ago, she served as CFO at both Compugen and Packet Technologies and as Audit Manager at Ernst & Young Israel. She holds an MBA in Finance and a BA in Accounting & Economics, both from Tel Aviv University, and is a certified public accountant in Israel. 

I've been sitting on a secret for quite some time… We recently brought on Tyler Lyons as a partner at Asym Capital.  Tyler's background as an Audit Manager at Deloitte and the Director of Accounting at Herman Miller provided him with the perfect balance to my background and skillset, and we couldn't be happier that he is part of our team. He has made a huge impact in just a few short months, and we're already starting to see it across all the major metrics of our business. If you are either growing your own real estate firm, or are an investor with Asym Capital, or both… I highly suggest listening to this episode to hear a bit about how we thought through this major investment in Asym, as well as both of our outlooks on the future of the company and deal flow... In this episode, you'll hear… How Tyler and I originally got connected and how it played a huge role in him coming on as a partner Tyler's view of the investment space and what asset classes he is most excited about over the next 3-5 years Where the opportunity in senior living might be, especially given the concerns in the market surrounding Covid-19 What Tyler is going to be focusing on and how it will allow us to do more quality deals, without giving up our attention to due diligence Now that we have successfully onboarded Tyler, it has freed up both of our time so we can do what we are best at... Finding compelling opportunities for our investors. In fact, we have a few opportunities we are working on now that I'm sure you'll be interested in. Make sure to keep an eye out for my forthcoming emails on that matter. Interested in investing in ATMs? Check out our webinar.   Please note that investing in private placement securities entails a high degree of risk, including illiquidity of the investment and loss of principal. Please refer to the subscription agreement for a discussion of risk factors. Tired of scrambling for capital?  Check out our new FREE webinar -  How to Ensure You Never Scramble for Capital Again (The 3 Capital-Raising Secrets). Click Here to register.   CFC Podcast Facebook Group

Carrie Pokrefke is an Audit Manager for BECU, the nation's largest Community Credit Union, based in Seattle, Washington. She is an accomplished and experienced leader with over 20 years of experience in financial services as both an internal auditor and as a state and federal regulator. She enjoys building inclusive, high-performing teams through developing and mentoring employees, building relationships, and connecting people. Carrie serves on the SENG (Supporting Emotional Needs of the Gifted) Board of Directors and Executive Committee as the Finance Officer and is also Co-Chair of the Development Committee. She is a trained SENG Model Parent Group (SMPG) facilitator and presented at the 2020 SENG Annual Conference. Carrie loves to travel and has achieved her goal of visiting all seven continents. Besides traveling, she is a photographer, drummer, painter, writer, and humanitarian. Carrie enjoys public speaking. Carrie was recently selected to BECU's 2021 Building Inclusion and Leveraging Differences (BILD) Council. She serves on the National Association of Federally-Insured Credit Unions' (NAFCU) Compliance/BSA/Risk Network Steering Committee and the Northwest Credit Union Association's (NWCUA) Awards Committee. She holds a Bachelor in Science in Banking and Finance with a minor in Speech Communication from the University of Southern Mississippi.TAKEAWAYS FROM THIS EPISODE:It is normal for gifted people to feel stupid! Doubting you are gifted is a good indicator of giftedness!Imposter Syndrome is something a lot of gifted adults struggle with. It helps understanding it and taking it for what it is!It can be hard for gifted people to see their own giftedness, yet they usually have no difficulties seeing giftedness in other gifted children and adults.The giftedness journey is usually a continuous research for more resources and insights into the giftedness theory and experiences.The gifted population has this tendency to want to fit in. Being identified gifted can feel like you are even further away from the normal populations simply from a statistical standpoint. Gifted adults may have perfectionism tendencies. The word “gifted” has this connotation that things are easy for us, but things are not always easy and it's not always a gift.It's important for us to roll with the word gifted. There are people who want to change it, but the value in labelling it is that we know which rabbit hole it is!If you are gifted, finding a therapist who understands or is gifted themselves is really helpful.Usually you realize that most of your friends are also gifted!Understanding one's giftedness and neurodivergence helps to become a better leader! SENG stands for the Supporting Emotional Needs of the Gifted and was founded by Dr. James T. Webb in 1981. There is a gap in reaching the gifted adults!MENTIONED IN THIS EPISODE:Carrie Pokrefke LinkedIn photography website and InstagramShareYourMeTooStorySENG.orgDabrowski's OverexcitabilitiesOverexcitabilities and the gifted: SENG resourceThe Gottman InstituteSupport the show (https://www.paypal.com/paypalme/UnleashMonday)

Arjun Patnaik is Head of Pricing & Commercial Finance at Pine Labs. He used to work at GE as an Audit Manager.  In this episode, Arjun talks about how the role of pricing is richer in subscription businesses than any traditional business as it allows you to pull many pricing levers. He shares how triangulating the three important factors of knowing your value, communicating it, and figuring out people's willingness to pay drives the whole point of pricing.    Why you have to check out today's podcast:  Learn to differentiate and understand how pricing works in a traditional versus subscription business Learn about the whole customer lifecycle and lifetime value in pricing subscription Find out the three pillars of subscription pricing where everything flows from there   “Don't undervalue yourself. Don't leave money on the table. Do the hard work. Don't just go for a cost-plus or competition-based pricing. Spend the time, talk to your customers, understand their value equation and willingness to pay. It's going to pay off. So, spend time, money, and effort on pricing, and it will pay you back.”   - Arjun Patnaik    Topics Covered:  01:46 - Arjun's accidental entry into the world of pricing  02:46 - What pricing for him is  03:56 - What was GE's pricing approach, as he used to work there  06:13 - How was it like for him moving from cost-plus pricing to value-based pricing  08:51 - Why is the role of pricing much richer in subscription business than any regular sales business  10:18 - What he thinks of subscription pricing  14:11 - The business he was involved in at GE  14:56 - Talking about businesses transitioning from traditional ones to subscription  15:58 - His thoughts over Finance people being the wrong people to run pricing  17:59 - The need to marry data and solid customer research    Key Takeaways:  "When I think about pricing, I need to think about the whole customer lifecycle, especially in my business, right? So, I need to think about, at what price is my sales team acquiring customers efficiently? So, at what price can I maximize productivity and lower the cost of acquisition? - Arjun Patnaik  "Beyond just the core product that I'm selling, which I'm getting the recurring revenue for, how do I sell more services to this customer because it's much easier, you get a much larger bang for the buck, monetizing compared to acquiring." - Arjun Patnaik  "I think that's why we need to marry data, which we have an abundance of, with solid customer research. Because if someone says the customer wants this versus that and they're not able to prove that, it just comes down to, like, a bit of faith, experience, and gut feel. But then I just believe in customer research, and there are so many tools in pricing to figure out what the price range is." - Arjun Patnaik    Resource Mentioned:  GE: https://en.wikipedia.org/wiki/General_Electric   Connect with Arjun Patnaik:  LinkedIn: https://www.linkedin.com/in/arjun-patnaik-63abb56/   Connect with Mark Stiving:    Email: mark@impactpricing.com LinkedIn: https://www.linkedin.com/in/stiving/

About AJAJ Yawn is a seasoned cloud security professional that possesses over a decade of senior information security experience with extensive experience managing a wide range of cybersecurity compliance assessments (SOC 2, ISO 27001, HIPAA, etc.) for a variety of SaaS, IaaS, and PaaS providers.AJ advises startups on cloud security and serves on the Board of Directors of the ISC2 Miami chapter as the Education Chair, he is also a Founding Board member of the National Association of Black Compliance and Risk Management professions, regularly speaks on information security podcasts, events, and he contributes blogs and articles to the information security community including publications such as CISOMag, InfosecMag, HackerNoon, and ISC2.Before Bytechek, AJ served as a senior member of national cybersecurity professional services firm SOC-ISO-Healthcare compliance practice. AJ helped grow the practice from a 9 person team to over 100 team members serving clients all over the world. AJ also spent over five years on active duty in the United States Army, earning the rank of Captain.AJ is relentlessly committed to learning and encouraging others around him to improve themselves. He leads by example and has earned several industry-recognized certifications, including the AWS Certified Solutions Architect-Professional, CISSP, AWS Certified Security Specialty, AWS Certified Solutions Architect-Associate, and PMP. AJ is also involved with the AWS training and certification department, volunteering with the AWS Certification Examination Subject Matter Expert program.AJ graduated from Georgetown University with a Master of Science in Technology Management and from Florida State University with a Bachelor of Science in Social Science. While at Florida State, AJ played on the Florida State University Men's basketball team participating in back to back trips to the NCAA tournament playing under Coach Leonard Hamilton.Links: ByteChek: https://www.bytechek.com/ Blog post, Everything You Need to Know About SOC 2 Trust Service Criteria CC6.0 (Logical and Physical Access Controls): https://help.bytechek.com/en/articles/4567289-everything-you-need-to-know-about-soc-2-trust-service-criteria-cc6-0-logical-and-physical-access-controls LinkedIn: https://www.linkedin.com/in/ajyawn/ Twitter: https://twitter.com/AjYawn TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist Corey Quinn. This weekly show features conversations with people doing interesting work in the world of Cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Lumigo. If you've built anything from serverless, you know that if there's one thing that can be said universally about these applications, it's that it turns every outage into a murder mystery. Lumigo helps make sense of all of the various functions that wind up tying together to build applications. It offers one-click distributed tracing so you can effortlessly find and fix issues in your serverless and microservices environment. You've created more problems for yourself; make one of them go away. To learn more, visit lumigo.io.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined this week by AJ Yawn, co-founder, and CEO of ByteChek. AJ, thanks for joining me.AJ: Thanks for having me on, Corey. Really excited about the conversation.Corey: So, what is ByteChek? It sounds like it's one of those things—‘byte' spelled as in computer term, not teeth, and ‘chek' without a second C in it because frugality looms everywhere, and we save money where we can by sometimes not buying the extra letter or vowel. So, what is ByteChek?AJ: Exactly. You get it. ByteChek is a cybersecurity compliance software company, built with one goal in mind: make compliance suck less. And the way that we do that is by automating the worst part of compliance, which is evidence collection and taking out a lot of the subjective nature of dealing with an audit by connecting directly where the evidence lives and focusing on security.Corey: That sound you hear is Pandora's Box creaking open because back before I started focusing on AWS bills, I spent a few months doing a deep dive PCI project for workloads going into AWS because previously I've worked in regulated industries a fair bit. I've been a SOC 2 control owner, I've gone through the PCI process multiple times, I've dabbled with HIPAA as a consultant. And I thought, “Huh, there might be a business need here.” And it turns out, yeah, there really is.The problem for me is that the work made me want to die. I found it depressing; it was dull; it was a whole lot of hurry up and wait. And that didn't align with how I approach the world, so I immediately got the hell out of there. You apparently have a better perspective on, you know, delivering things companies need and don't need to have constant novel entertainment every 30 seconds. So, how did you start down this path, and what set you on this road?AJ: Yeah, great question. I started in the army as a information security officer, worked in a variety of different capacities. And when I left the military—mainly because I didn't like sleeping outside anymore—I got into cybersecurity compliance consulting. And that's where I got first into compliance and seeing the backwards way that we would do things with old document requests and screenshots. And I enjoyed the process because there was a reason for it, like you said.There's a business value to this, going through this compliance assessments. So, I knew they were important, but I hated the way we were doing it. And while there, I just got exposed to so many companies that had to go through this, and I just thought there was a better way. Like, typical entrepreneur story, right? You see a problem and you're like, “There has to be a better way than grabbing screenshots of the EC2 console.” And set out to build a product to do that, to just solve that problem that I saw on a regular basis. And I tell people all the time, I was complicit in making compliance stuff before. I was in that role and doing the things that I think sucked and not focused on security. And that's what we're solving here at ByteChek.Corey: So, I've dabbled in it and sort of recoiled in horror. You've gone into this to the point where you are not only handling it for customers but in order to build software that goes in a positive direction, you have to be deeply steeped in this yourself. As you're going down this process, what was your build process like? Were you talking to auditors? Were you talking to companies who had to deal with auditors? What aspects of the problem did you approach this from?AJ: It's really both aspects. And that's where I think it's just a really unique perspective I have because I've talked with a lot of auditors; I was an auditor and worked with auditors' hand-in-hand and I understood the challenges of being an auditor, and the speed that you have to move when you're in the consulting industry. But I also talked to a lot of customers because those were the people I dealt with on a regular basis, both from a sales perspective and from, you know, sitting there with the CTOs trying to figure out how to design a secure solution in AWS. So, I took it from the approach of you can't automate compliance; you can't fix the audit problem by only focusing on one side of the table, which is what currently happens where one side of the table is the client, then you get to automate evidence collection. But if the auditors can't use that information that you've automated, then it's still a bad process for both people. So, I took the approach of thinking about this from both, “How do I make this easier for auditors but also make it easier for the clients that are forced to undergo these audits?”Corey: From a lot of perspectives, having compliance achieved, regardless of whether it's PCI, whether it's HIPAA, whether it's SOC 2, et cetera, et cetera, et cetera, the reason that a companies go through it is that it's an attestation that they are, for better or worse, doing the right things. In some cases, it's a requirement to operate in a regulated industry. In other cases, it's required to process credit card transactions, which is kind of every industry, and in still others, it's an easy shorthand way of saying that we're not complete rank amateurs at these things, so as a result, we're going to just pass over the result of our most recent SOC 2 audit to our prospective client, and suddenly, their security folks can relax and not send over weeks of questionnaires on the security front. That means that, for some folks, this is more or less a box-checking exercise rather than an actual good-faith effort to improve processes and posture.AJ: Correct. And I think that's actually the problem with compliance is it's looked at as a check-the-box exercise, and that's why there's no security value out of it. That's why you can pick up a SOC 2 report for someone that's hosted on AWS, and you don't see any mention of S3 buckets. You can do a ctrl+F, and you literally don't see anything in a security evaluation about S3 buckets, which is just insane if you know anything about security on AWS. And I think it's because of what you just described, Corey; they're often asked to do this by a regulator, or by a customer, or by a vendor, and the result is, “Hurry up and get this report so that we can close this deal,”—or we can get to the next level with this customer, or with this investor, whatever it may be—instead of, let's go through this, let's have an auditor come in and look at our environment to improve it, to improve this security, which is where I hope the industry can get to because audits aren't going anywhere; people are going to continue to do them and spend thousands of dollars on them, so there should be some security value out of them, in my opinion.Corey: I love using encrypting data at rest as an example of things that make varying amounts of sense because, sure, on your company laptops, if someone steals an employee's laptop from a coffee shop, or from the back of their car one night, yeah, you kind of want the exposure to the company to be limited to replacing the hardware. I mean, even here at The Duckbill Group, where we are not regulated, we've gone through no formal audits, we do have controls in place to ensure that all company laptops have disk encryption turned on. It makes sense from that perspective. And in the data center, it was also important because there were a few notable heists where someone either improperly disposed drives and corporate data wound up on eBay or someone in one notable instance drove a truck through the side of the data center wall, pulled a rack into the bed of the truck and took off, which is kind of impressive [laugh] no matter how you slice it. But in the context of a hyperscale cloud provider like AWS, you're not going to be able to break into their data centers, steal a drive—and of course, it has to be the right collection of drives and the right machines—and then find out how to wind up reassembling that data later.It's just not a viable attack strategy. Now, you can spend days arguing with auditors around something like that, or you can check the box ‘encrypt at rest' and move on. And very often, that is the better path. I'm not going to argue with auditors about that. I'm going to bend the knee, check the box, and get back to doing the business thing that I care about. That is a reasonable approach, is it not?AJ: It is, but I think that's the fault of the auditor because good security requires context. You can't just apply a standard set of controls to every organization, as you're describing, where I would much rather the auditor care about, “Are there any public S3 buckets? What are the security group situation like on that account? How are they managing their users? How are they storing credentials there in the cloud environment as well?Are they using multiple accounts?” So, many other things to care about other than protecting whether or not someone will be able to pull off the heist of the [laugh] 21st century. So, I think from a customer perspective, it's the right model: don't waste time arguing points with your auditors, but on the flip side, find an auditor that has more technical knowledge that can understand context, because security work requires good context and audits require context. And that's the problem with audits now; we're using one framework or several frameworks to apply to every organization. And I've been in the consulting space, like you, Corey, for a while. I have not seen the same environment in any customers. Every customer is different. Every customer has a different setup, so it doesn't make sense to say every control should apply to every company.Corey: And it feels on some level like you wind up getting staff accustomed to treating it as a box-checking exercise. “Right, it's dumb that we wind up having to encrypt S3 buckets, but it's for the audit to just check the box and move on.” So, people do it, then they move on to the next item, which is, “Okay, great. Are there any public S3 buckets?” And they treat it with the same, “Yeah, whatever. It's for the audit,” box-checking approach? No, no, that one's actually serious. You should invest significant effort and time into making sure that it's right.AJ: Exactly. Exactly. And that's where the value of a true compliance assessment that is focused on security comes into play because it's no longer about checking the box, it's like, “Hey, there's a weakness here. A weakness that you probably should have identified. So, let's go fix the weakness, but let's talk about your process to find those weaknesses and then hopefully use some automation to remediate them.”Because a lot of the issues in the cloud you can trace back to why was there not a control in place to prevent this or detect this? And it's sad that compliance assessments are not the thing that can catch those, that are not the other safeguard in place to identify those. And it's because we are treating the entire thing like a check-the-box exercise and not pulling out those items that really matter, and that's just focusing on security. Which is ultimately what these compliance reports are proving: customers are asking for these reports because they want to know if their data is going to be secure. And that's what the report is supposed to do, but on the flip side, everyone knows the organization may not be taking it that serious, and they may be treating it like a check-the-box exercise.Corey: So, while I have you here, we'll divert for a minute because I'm legitimately curious about this one. At a scale of legitimate security concern to, “This is a check-the-box exercise,” where do things like rotating passwords every 60 days or rotating IAM credentials every 90 days fall?AJ: I think it again depends on the organization. I don't think that you need to rotate passwords regularly, personally. I don't know how strong of a control that is if people are doing that, because they're just going to start to make things up that are easy—Corey: Put the number at the end and increment by one every time. Great. Good work.AJ: Yep. So, I think again, it just depends on your organization and what the organization is doing. If you're talking about managing IAM access keys and rotating those, are your engineers even using the CLI? Are they using their access keys? Because if they're not, what are you rotating?You're just rotating [laugh] stale keys that have never been used. Or if you don't even have any IAM users, maybe you're using SSO and they're all using Okta or something else and they're using an IAM role to come in there. So, it's just—again, it's context. And I think the problem is, a lot of folks don't understand AWS or they don't understand the cloud. And when I say, folks, I mean auditors.They don't understand that, so they're just going to ask for everything. “Did you rotate your passwords? Did you do this? Did you do that?” And it may not even make sense for you based off of your environment, but again, is it worth the fight with the auditor, or do you just give them whatever they want and so you can go about your way, whether or not it's a legit security concern?Corey: Yeah. At some point, it's not worth fighting with auditors, but if you find yourself wanting to fight the auditor all the time, at some level, you start to really resent the auditor that you have. To put that slightly more succinctly, how do you deal with non-technical auditors who don't understand your environment—what they're looking at—without strangling them?AJ: Great question. I think it goes back to before you hire your auditor. Oftentimes, in the sales process, there's questions around, “Who's come from the Big Four on your staff?” Or, “What control frameworks do you all specialize in?” Or, “How long will this take? How much will it cost?” But there's very rarely any questions of, “Who on your staff knows AWS?”And it's similar to going to the doctor: you wouldn't go to an eye doctor to get foot surgery. So, you shouldn't go to an auditor who has never seen AWS, that doesn't know what EC2 is, to evaluate your AWS environment. So, I think organizations have to start asking the right questions during the sales process. And it's not about price or time or anything like that when you're assessing who you're going to work with from an auditing firm. It's, are they qualified to actually evaluate the threats facing your organization so that you don't get asked the stupid question.If you're hosted on AWS, you shouldn't be getting asked where are your firewall configurations. They should understand what security groups are and how they work. So, there's just a level of knowledge that should be expected from the organization side. And I would say, if you're working with a current auditor that you're having those issues with, continue to ask the hard questions. Auditors that are not technical—I have a blog post on our website, and it says this is the section your auditors are the most scared of, and it's the logical access section of your SOC 2 report.And auditors that are not technical run away from that section. So, just keep asking the hard questions, and they'll either have to get the knowledge or they realize they're not qualified to do the assessment and the marriage will split up kind of naturally from there. But I think it goes back to the initial process of getting your auditor. Don't worry about cost or time, worry about their technical skills and if they're qualified to assess your environment.Corey: And in 2021, that's a very different story than it was the first few times I encountered auditors discovering the new era. At a startup, the auditor shows up. “Great, how do we get access to your Active Directory?” “Yeah, we don't have one of those.” “Okay, how do we get on the internet here?” “Oh, here's the wireless password.” “Wait, there's not a separate guest network?” “That's right.” “Well, now I have privileged access because I'm on your network.”It's like, “Technically, that's true because if you weren't on this network, you wouldn't be able to print to that printer over there in the corner. But that's the only thing that it lets you do.” Everything else is identity-based, not IP address allow listing, so instead, it's purely just convenience to get the internet; you're about as privileged on this network as you would be at a Starbucks half a world away. And they look at you like you're an idiot. And that should have been the early warning sign that this was not going to be a typical audit conversation. Now, though in 2021, it feels like it's time to find a new auditor.AJ: Exactly. Yeah. Especially because organizations—unfortunately, last year security budgets were some of the things that were first cut when budgets were cut due to the global pandemic, S0—Corey: Well, I'm sure that'll have no lasting repercussions.AJ: Right. [laugh]. That's always a great decision. So compliance, that means compliance budgets have been significantly slashed because that's the first thing that gets cut is spending money on compliance activities. So, the cheaper option, oftentimes, is going to mean even less technical resources.Which is why I don't think manual audits, human audits are going to be a thing moving forward. I think companies are realizing that it doesn't make sense to go through a process, hire an auditor who's selling you on all this technical expertise, and then the staff that's showing up and assigned to your project has never seen inside the AWS console and truly doesn't even know what the cloud is. They think that iCloud on their phone is the only cloud that they're familiar with. And that's what happens; organizations are sold that they're going to get cybersecurity technical experts from these human auditors and then somebody shows up without that experience or expertise. So, you have to start to rely on tools, rely on technologies, and that can be native technologies in the cloud or third-party tools.But I don't think you can actually do a good audit in the cloud manually anyways, no matter how technical you are. I know a lot about AWS but I still couldn't do a great audit by myself in the cloud because auditing is time-based, you bill by the hour and it doesn't make sense for me to do all of those manual things that tools and technologies out there exist to do for us.Corey: So, you started a software company aimed at this problem, not a auditing firm and not a consulting company. How are you solving this via the magic of writing code?AJ: It's just connecting directly where the evidence lives. So, for AWS, I actually tried to do this in a non-software way prior, when I was just a typical auditor, and I was just asking our clients to provision us cross-account access to go in their environment with some security permissions to get evidence directly. And that didn't pass the sniff test at my consulting firm, even though some of the clients were open to it. But we built software to go out to the tools where the evidence directly lives and continuously assess the environment. So, that's AWS, that's GitHub, that Jira, that's all of the different tools where you normally collect this evidence, and instead of having to prove to auditors in a very manual fashion, by grabbing screenshots, you just simply connect using APIs to get the evidence directly from the source, which is more technically accurate.The way that auditing has been done in the past is using sampling methodologies and all these other outdated things, but that doesn't really assess if all of your data stores are configured in the right way; if you're actually backing up your data. It's me randomly picking one and saying, “Yes, you're good to go.” So, we connect directly where the evidence lives and hopefully get to a point where when you get a SOC 2 report, you know that a tool checked it. So, you know that the tool went out and looked at every single data store, or they went out and looked at every single EC2 instance, or security group, whatever it may be, and it wasn't dependent on how the auditor felt that day.Corey: This episode is sponsored in part by ChaosSearch. As basically everyone knows, trying to do log analytics at scale with an ELK stack is expensive, unstable, time-sucking, demeaning, and just basically all-around horrible. So why are you still doing it—or even thinking about it—when there's ChaosSearch? ChaosSearch is a fully managed scalable log analysis service that lets you add new workloads in minutes, and easily retain weeks, months, or years of data. With ChaosSearch you store, connect, and analyze and you're done. The data lives and stays within your S3 buckets, which means no managing servers, no data movement, and you can save up to 80 percent versus running an ELK stack the old-fashioned way. It's why companies like Equifax, HubSpot, Klarna, Alert Logic, and many more have all turned to ChaosSearch. So if you're tired of your ELK stacks falling over before it suffers, or of having your log analytics data retention squeezed by the cost, then try ChaosSearch today and tell them I sent you. To learn more, visit chaossearch.io.Corey: That sounds like it is almost too good to be true. And at first, my immediate response is, “This is amazing,” followed immediately by that's transitioning into anger, that, “Why isn't this a native thing that everyone offers?” I mean, to that end, AWS announced ‘Audit Manager' recently, which I haven't had the opportunity to dive into in any deep sense yet, because it's still brand new, and they decided to release it alongside 15,000 other things, but does that start getting a little bit closer to something companies need? Or is it a typical day-one first release of an Amazon service where, “Well, at least we know the direction you're heading in. We'll check back in two years.”AJ: Exactly. It's the day-one Amazon service release where, “Okay. AWS is getting into the audit space. That's good to know.” But right now, at its core, that AWS service, it's just not usable for audits, for several reasons.One, auditors cannot read the outputs of the information from Audit Manager. And it goes back to the earlier point where you can't automate compliance, you can't fix compliance if the auditors can't use the information because then they're going to go back to asking dumb questions and dumb evidence requests if they don't understand the information coming out of it. And it's just because of the output right now is a dump of JSON, essentially, in a Word document, for some strange reason.Corey: Okay, that is the perfect example right there of two worlds colliding. It's like, “Well, we're going to put JSON out of it because that's the language developers speak. Well, what do auditors prefer?” “I don't know, Microsoft Word?” “Okay, sounds good.” Even Microsoft Excel is a better answer than [laugh] that. And that is just… okay, that is just Looney Tunes awful.AJ: Yep. Yeah, exactly. And that's one problem. The other problem is, Audit Manager requires a compliance manager. If we think about that tool, a developer is not going to use Audit Manager; it's going to be somebody responsible for compliance.It requires them to go manually select every service that their company is using. A compliance manager, one, doesn't even know what the services are; they have no clue what some of these services are, two, how are they going to know if you're using Lambda randomly somewhere or, or a Systems Manager randomly somewhere, or Elastic Beanstalk's in one account or one region. Config here, config—they have to just go through and manually—and I'm like, “Well, that doesn't make any sense because AWS knows what services you're using. Why not just already have those selected and you pull those in scope?” So, the chances of something being excluded are extremely high because it's a really manual process for users to decide what are they actually assessing.And then lastly, the frameworks need a lot of work. Auditing is complex because their standards or regulations and all of that, and there's just a gap between what AWS has listed as a service that addresses a particular control that—there was a few times where I looked at Audit Manager and I had no clue what they were mapping to and why they're mapping. So, it's a typical day-one service; it has some gaps, but I like the direction it's going. I like the idea that an organization can go into their AWS console, hit to a dashboard, and say, “Am I meeting SOC 2?” Or“ am I meeting PCI?” I feel like this is a long time coming. I think you probably could have done it with Security Hub with less automation; you have to do some manual uploads there, but the long answer to say it has a long way to go there, Corey.Corey: I heard a couple of horror stories of, “Oh, my god, it's charging me $300 a day and I can't turn it off,” when it first launched. I assume that's been fixed by now because the screaming has stopped. I have to assume it was. But it was gnarly and surprising people with bills. And surprising people with things labeled ‘audit' is never a great plan.AJ: Right. Yeah, the pricing was a little ridiculous as well. And I didn't really understand the pricing model. But that's typical of a new AWS service, I never really understand. That's why I'm glad that you exist because I'm always confused at first about why things cost so much, but then if you give it some time, it starts to make a little bit more sense.Corey: Exactly. The first time you see a new pricing dimension, it's novel and exciting and more than a little scary, and you dive into it. But then it's just pattern recognition. It's, “Oh, it's one of these things again. Great.” It's why it lends itself to a consulting story.So, you were in the army for a while. And as you mentioned, you got tired of sleeping on the ground, so you went into corporate life. And you were at a national cybersecurity professional services firm for a while. What was it that finally made you, I guess, snap for lack of a better term and, “I'm going to start my own thing?” Because in my case, it was, “Well, okay. I get fired an awful lot. Maybe I should try setting out my own shingle because I really don't have another great option.” I don't get the sense, given your resume and pedigree, that that was your situation?AJ: Not quite. I surprisingly, don't do well with authority. So, a little bit I like to challenge things and question the norm often, which got me in trouble in the military, definitely got me in trouble in corporate life. But for me it was, I wanted to change; I wanted to innovate. I just kept seeing that there was a problem with what we were doing and how we were doing it, and I didn't feel like I had the ability to innovate.Innovating in a professional services firm is updating a Google Sheet, or adding a new Google Form and sending that off to a client. That's not really the innovation that I was looking to do. And I realized that if I wanted to create something that was going to solve this problem, I could go join one of the many startups out there that are out there trying to solve this problem, or I could just try to go do it myself and leverage my experience. And two worlds collided as far as timing and opportunity where I financially was in a position to take a chance like this, and I had the knowledge that I finally think I needed to feel comfortable going out on my own and just made the decision. I'm a pretty decisive person, and I decided that I was going to do it and just went with it.And despite going about this during the global pandemic, which presented its own challenges last year, getting this off the ground. But it was really—I collected a bunch of knowledge. I realized, maybe, two and a half years ago, actually, that I wanted to start my own business in this space, but I didn't know what I wanted to do just yet. I knew I wanted to do software, I didn't know how I wanted to do it, I didn't know how I was going to make it work. But I just decided to take my time and learn as much as I can.And once I felt like I acquired enough knowledge and there was really nothing else I could gain from not doing this on my own, and I knew I wasn't going to go join a startup to join them on this journey, it was a no-brainer just to pull the trigger.Corey: It seems to have worked out for you. I'm starting to see you folks crop up from time-to-time, things seem to be going well. How big are you?AJ: Yeah, we're doing well. We have a team of seven of us now, which is crazy to think about because I remember when it was just me and my co-founder staring at each other on Zoom every day and wondering if they're ever going to be anybody else on these [laugh] calls and talking to us. But it's going really well. We have early customers that are happy and that's all that I can ask for and they're not just happy silently; they're being really public about being happy about the platform, and about the process. And just working with people that get it and we're building a lot of momentum.I'm having a lot of fun on LinkedIn and doing a lot of marketing efforts there as well. So, it's been going well; it's been actually going better than expected, surprisingly, which I don't know, I'm a pretty optimistic entrepreneur and I thought things will go well, but it's much better than expected, which means I'm sleeping a lot less than I expected, as well.Corey: Yeah, at some point, when you find yourself on the startup train, it's one of those, “Oh, yeah. That's right. My health is in the gutter, my relationships are starting to implode around me.” Balance is key. And I think that that is something that we don't talk about enough in this world.There are periodically horrible tweets about how you should wind up focusing on your company, it should be the all-consuming thing that drives you at all hours of the day. And you check and, “Oh, who made that observation on Twitter? Oh, it's a VC.” And then you investigate the VC and huh, “You should only have one serious bet, it should be your all-consuming passion” says someone who's invested in a wide variety of different companies all at the same time, in the hopes that one of them succeeds. Huh.Almost like this person isn't taking the advice they're giving themselves and is incentivized to give that advice to others. Huh, how about that? And I know that's a cynical take, but it continues to annoy me when I see it. Where do you stand on the balance side of the equation?AJ: Yeah, I think balance is key. I work a lot, but I rest a lot too. And I spend—I really hold my mornings as my kind of sacred place, and I spend my mornings meditating, doing yoga, working out, and really just giving back to myself. And I encourage my team to do the same. And we don't just encourage it from just a, “Hey, you guys should do this,” but I talk to my team a lot about not taking ourselves too seriously.It's our number one core value. It's why our slogan is ‘make compliance suck less' because it's really my military background. We're not being shot at; we're sleeping at home every night. And while compliance and cybersecurity, it's really important, and we're protecting really important things, it's not that serious to go all-in and to not have balance, and not to take time off not to relax. I mean, a part of what we do at ByteChek is we have a 10% rule, which means 10% of the week, I encourage my team to spend it on themselves, whether that's doing meditation, going to take a nap.And these are work hours; you know, go out, play golf. I spent my 10% this morning playing golf during work hours. And I encourage all my team, every single week, spend four hours dedicated to yourself because there's nothing that we will be able to do as a company without the people here being correct and being mentally okay. And that's something that I learned a long time ago in the military. You spend a year away from home and you start to really realize what's important.And it's not your job. And that's the thing. We hire a lot of veterans here because of my veteran background, and I tell all the vets that come here when you're in the military, your job, your rank, and your day-to-day work is your identity. It's who you are. You're a Marine or you're a Soldier, or you're a Sailor; you're an Airman if that's a bad choice that you made. Sorry for my Air Force guys.Corey: Well, now there's a Spaceman story as well, I'm told. But I don't know if they call them spacemen or not, but remember, there's a new branch to consider. And we can't forget the Coast Guard either.AJ: If they don't call themselves Spacemen, that is their name from now on. We just made it, today. If I ever meet somebody in the Space Force, [laugh] I'm calling them the Spacemen. That is amazing. But I tell our interns that we bring from the military, you have to strip that away.You have to become an individual because ByteChek is not your identity. And it won't be your identity. And ByteChek's not my identity. It's something that I'm doing, and I am optimistic that it's going to work out and I really hope that it does. But if it doesn't, I'm going to be all right; my team is going to be all right and we're going to all continue to go on.And we just try to live that out every day because there's so many more important things going on in this world other than cybersecurity compliance, so we really shouldn't take ourselves too seriously. And that advice of just grinding it out, and that should be your only focus, that's only a recipe for disaster, in my opinion.Corey: AJ, thank you so much for taking the time to speak with me. If people want to hear more about what you have to say, where can they find you?AJ: They can find me on LinkedIn. That's my one spot that I'm currently on. I am going to pop on Twitter here pretty soon. I don't know when, but probably in the next few weeks or so. I've been encouraged by a lot of folks to join the tech community on Twitter, so I'll be there soon.But right now they can find me on LinkedIn. I give four hours back a week to mentoring, so if you hear this and you want to reach out, you want to chat with me, send me a message and I will send you a link to find time on my calendar to meet. I spend four hours every Friday mentoring, so I'm open to chat and help anyone. And when you see me on LinkedIn, you'll see me talking about diversity in cybersecurity because I think really the only way you can solve a cybersecurity skills shortage is by hiring more diverse individuals. So, come find me there, engage with me, talk to me; I'm a very open person and I like to meet new people. And that's where you can find me.Corey: Excellent. And we'll of course throw a link to your LinkedIn profile in the [show notes 00:29:44]. Thank you so much for taking the time to speak with me. It's really appreciated.AJ: Yeah, definitely. Thank you, Corey. This is kind of like a dream come true to be on this podcast that I've listened to a lot and talk about something that I'm passionate about. So, thanks for the opportunity.Corey: AJ Yawn, CEO and co-founder of ByteChek. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment that's embedded inside of a Word document.Announcer: This has been this week's episode of Screaming in the Cloud. You can also find more Corey at screaminginthecloud.com, or wherever fine snark is sold.This has been a HumblePod production. Stay humble.

In the final episode of series 2, Chris Keogh speaks to Paul Scrivens, Commercial Director at LoveLocalJobs Foundation, Fiona Camenzuli, Partner and New World. New Skills programme lead at PwC, and Danielle Quinlan, Audit Manager and Digital Accelerator at PwC, about the skills that the next generation need in an increasingly digital age, and how the current workforce can upskill themselves to be future ready.

Listen as Chris Geno CPA, Audit Manager at Saville Dodgen & Co discusses a refresher of AU-C 520, why this review is important now and differences between the current and the new audit evidence standard that you should know.

In this episode of TechChat we continue our four part re:Invent 2020 series with this episode covering Customer Engagement, Gaming, IOT and Industry, Marketplace, Misc.., and closed out with Partner Updates. For Customer Engagement, we talked about: * Contact Lens now supports real-time contact center analytics to detect customer issues on live calls * Combine this with Connect Wisdom to pull up call relevant info to the agent in real-time. I love the warranty/support example you gave here ear * Voice ID provides real-time caller authentication with no changes to the natural call flow and fall back to traditional authentication methods. * Customer Profiles give you a unified view of your customers * Connect Tasks makes it easy to prioritize, assign, track, and automate contact center agent tasks * And if you're in or have call centers Latin America, 10 new price drops for telephony rates and new inbound numbers were announced at ReInvent. For you gamers or game developers out there: * GameLifts FlexMatch now works regardless of where developers host their game. So maybe we’ll see more cross-platform multi-player games match players across their game vs just that In IOT and Industrial topics we covered: * The new Lookout family of services. First one’s for * Equipment for detecting abnormal equipment behavior and encouragin predictive maintenance * Lookout for Vision will ingest images from the product line to he automate quality inspection * And finally Lookout for Metrics, will help you apply similar anomaly detection to any of your business data and respective metrics. * If your machinery doesn’t have sensors, then you can leverage Monitron, an end-to-end system you can buy at amazon.com (http://amazon.com/) to detect abnormal equipment behavior. * And finally Table charts added to IoT SiteWise help tabulate and visualize the latest key operational metrics like equipment properties and other machine data For Marketplace updates we had: * You can now purchase Professional Services for third-party software from the Marketplace * If you’re using the Private Marketplace, you now have API access to automate and scale out your operations and access. And some general updates we’re going to group together: * IGMP is now supported in Transit Gateway to easily deploy, manage and scale multicast applications * Audit Manager helps prep for audits automating collection of data on AWS resources. * Glue Elastic Views is in Preview for creating materialized views of your data. * And Elasticsearch Service now supports Glue Elastic Views * License Manager enhances automated discovery with tag-based search and detection of software uninstalls * And also provides central management for Entitlements purchased from the Marketplace * And finally, Service Catalog AppRegistry can be used to define and describe your applications running in AWS Partner updates: * Foundational Technical Review Lens now available in the AWS Well-Architected Tool along with SaaS Lens * SaaS Factory Insights Hub helps providers gain insights with various types of content * While SaaS Boost will help partners accelerate their solutions into a SaaS offering. * Introducing the New AWS Travel and Hospitality Competency as well as the * APN Travel & Hospitality Navigate track for partner in those verticals or looking to enter. * And Finally AWS Public Safely and Disaster Response Technology Partners are goto partners to help our customers around the world improve organizational capacity to prepare, respond, and recover from emergencies and disasters.

Joining me today is Laura Crespi. Laura graduated with a degree in Biochemistry from Nottingham before joining Deloitte as an Audit Trainee. She stayed at Deloitte until Audit Manager level and undertook a secondment to the IFRS centre of excellence, where she honed her technical accounting knowledge. Having completed her secondment, the opportunity to join RELX's group accounting function arose, so she joined as a Senior Project Accountant. After progressing to Group Financial Reporting Manager, Laura decided that she needed operational finance experience so moved within the group to Elsevier. Here, she spent 2 years in Amsterdam. Having returned to the UK, Laura is currently Finance Director of Elsevier. You can also watch this interview on my YouTube channel.

We’ve all heard of the new electric vehicles that Tesla and other manufacturers are producing, but when you look at electric vehicles from a broader fleet perspective, the possibilities for reducing carbon emissions long-term are exciting! The Smart Energy Decisions team believes this issue of fleet and public transportation conversion to be a key component in moving the energy transition forward, so this conversation was especially interesting to us.   Our guests on this episode are Catherine Kummer, Climate Advisor for the American Cities Climate Challenge to the City of Charlotte, NC, and Michael Luhrs, Vice President of Market Strategy and Solutions for Duke Energy. Speaking from their unique positions, each of them provides a wonderful perspective on the issues driving the move toward fleet and public transportation electrification, how it’s being accomplished on the ground, how the issue impacts corporations, and what role utilities like Duke are playing in making the transition possible. It’s exciting to hear what’s happening and what is projected to happen in the years to come. Don’t miss this enlightening and encouraging conversation.   You will want to hear this episode if you are interested in...   Catherine Kummer’s background in renewable energy and transportation [1:44] Michael Luhrs’ work with clean energy and energy efficiency at Duke Energy [2:39] What is driving interest in electric vehicle pilot programs in cities? [3:42] The key drivers of corporate initiatives to create electrified fleets [11:06] Why utilities are embracing the move toward electrification of vehicles [13:47] Reasons cities and businesses believe electrification of vehicles is essential [17:57] Why the total cost of ownership makes the Electric Vehicle (EV) transition a total win [22:28] The role utilities need to play in the EV transition [33:21] Barriers to making the EV switch and how to overcome them [43:55] Looking 3 to 5 years into the future when it comes to vehicle electrification [49:50]   Charlotte, NC is leading the charge in electrifying its fleets   When asked what is fueling the drive behind the electrification of municipality fleets and public transportation, Catherine says that, quite honestly, it’s the cities themselves. As the Climate Advisor for the City of Charlotte, NC she has a front-row seat to the initiatives that the City Hall and City Council are taking in this important step toward the smart energy transition.    The city of Charlotte has implemented an aggressive public education campaign surrounding its clean energy goals, which include community outreach and engagement via many platforms. The city has also put into place two new policies that support electrification goals. These come directly from their Strategic Energy Action plan and aim to entirely electrify the city's fleet by 2030. Currently, as part of that plan, they are working toward the addition of 27 electric vehicles to their light-duty fleet, at an investment of over $740,000, which would make 42 total electric vehicles for the city. The city is also ensuring that the charging infrastructure required is part of that expansion. It’s cities like Charlotte that are leading the way nationwide.   Corporate & utility drivers toward electrification of vehicles   When it comes to why corporations are moving toward the electrification of their vehicles, Michael puts it best when he says it's about sustainability and efficiency — or being clean and cost-effective. Duke Energy has recognized that its constituents are taking on the mantle of the renewable energy transition. With that, corporations are adapting to provide the value to their customers that they want and need. A significant benefit can also be derived from the cost savings involved when implementing electric vehicles. Maintenance, fuel expenditures, noise and emissions pollution, and more go into these savings.    Utilities see the fundamental shift occurring globally in the form of mandates from many cities around the globe that ban emission-producing vehicles by specific dates. Utility companies like Duke can look across the value chain to both produce and deliver the resources needed. The initial load increase for utilities will only be 2% to 4% in most cases, but long term, that demand will grow. The ability to put the infrastructure needed in place is the strength of the value proposition utilities provide.    The total cost of ownership enables the cost of EVs to make sense   Much of the debate about the cost of electrifying municipal or corporate fleets and public transportation has to do with the initial outlay of cash required to get started. While it is a significant upfront investment, that should not be allowed to be the deciding factor. Why? Simply put, it’s an extremely short-sighted approach.   Both Catherine and Michael speak persuasively about the long-term benefits that come from fleet electrification in terms of cost reduction, emissions reduction, and other infrequently considered benefits. Because of this issue, Catherine has developed her own “Total Cost of Ownership” calculations to show exactly how and when cost reductions will occur in the implementation of the Charlotte plan so that all stakeholders can see the black and white of the issue and make informed decisions that benefit the big picture.     Connect With Our Guests   Catherine Kummer - Climate Advisor American Cities Climate Challenge    Catherine Kummer serves as a Climate Advisor for the City of Charlotte as part of the Bloomberg Philanthropies American Cities Climate Challenge—and in partnership with NRDC (Natural Resources Defense Council)—which works to accelerate climate action in 25 cities throughout the United States. Catherine joined the Climate Challenge advising the City of Charlotte after spending the last eight years as the Senior Director of Green Innovation for the National Association of Stock Car Auto Racing, NASCAR.  A native of Raeford, North Carolina, Catherine holds a B.A. from the University of North Carolina at Chapel Hill, an M.A. in Sustainability from Wake Forest University and Executive Education for Sustainability Leadership from Harvard University.   Follow Catherine Kummer on LinkedIn   Michael Luhrs - VP Market Strategy & Solutions   Michael Luhrs serves as Vice President of Market Strategy and Solutions for Duke Energy. In this role, he is responsible for bringing integrated solutions across the digital and physical energy infrastructure to provide unique value and solutions nationally. Michael’s strong focus on innovation, transformation and growth of customer solutions has proven successful with improving and accelerating departments through disciplined innovation, strategy alignment, revenue growth, regulatory adaptation and driving cost efficiencies.   The teams aligned under Michael’s purview are: Home & Business Services, Market Strategy, Connected Communities, Solutions Development, Solutions Partner, Transportation Electrification, and Portfolio Structuring. Collectively, the Market Strategy and Solution team generate approximately $500M in EBIT each year. The functions of these departments lead the evolution of the business from strategy to solutions development to execution across all customer segments. They cover a broad range of solutions from demand response, non-regulated products (such as behind the meter energy protection and insurance/risk mitigation services), digital infrastructure services, small cell and macro wireless, outdoor lighting, and electrification of transportation. Michael offers more than 20 years of experience in the energy industry. Known for his excellence in business strategy and operations, Michael is a creative thinker and problem solver. He has a knack for developing client-centered solutions and generating a positive impact to the bottom line.   Before assuming his current position, Michael served as General Manager of Business Excellence for Duke Energy. Prior to the merger with Progress Energy in 2012, Michael served as General Manager of Energy Supply Finance for Progress Energy. He has held several other leadership roles including Resource Planning Manager, Audit Manager, as well as roles in Generation Operations. Born in Colorado, Michael holds a Bachelor of Science degree in Chemical Engineering, as well as Bachelor of Arts degrees in both Management Finance and Economics, from North Carolina State University. He was also distinguished with Summa Cum Laude and Phi Beta Kappa honors.   Follow Michael Luhrs on LinkedIn   Connect With Smart Energy Decisions   https://www.smartenergydecisions.com/ Follow them on Facebook Follow them on Twitter Follow them on LinkedIn

Chai with Sam Dossa ® Presents Sarah Flynn is a successful property investor/ developer and business owner and has spent the last 3 years building up a portfolio with 2 main strategies of HMO's (House Shares) and flips. Sarah has invested in £1.5million worth for property in the UK, and focuses on making multiple income streams out of each property as opposed to buying a property in volume. Sarah started her career in the corporate banking world, spending almost 10 years in the financial sector, working for global giants Lloyds Banking Group, where previous positions included a number of sales operational roles, Risk and Audit Manager roles and high-level Project Management roles. Her company - KAF properties - was founded in 2016, following the tragic death of her 19-year-old brother, which had a profound impact on her life, leading her into pursuing her dream as an entrepreneur. Sarah has made a seamless transition to a successful investor and business owner using her vast knowledge and skills honed whilst working in the financial sector. Sarah's most recent venture is as the owner and host of an inspirational podcast called The Ambitious Entrepreneur - where she interviews hugely successful people such multi-million-pound business owners, Olympic gold medallists, and film producers; discussing what continues to drive them forward, and what's made them as successful as they are today. About Sam Dossa To transform into a peak performer, you need a plan to enhance your physical, mental and emotional abilities. Are you looking to create a successful life? Would you like to know how you can strengthen yourself - Physically – Mentally – Emotionally! Would you like to discover a way to become fully capable of achieving greater results? My niche is to develop and enhance individuals' Emotional Intelligence so they can operate efficiently and achieve amazing results. We are aware that the workplace can be very stressful when we have to deal with challenging leadership, giving and receiving feedback, dealing with change, achieving deadlines, and dealing with setback and failures. We can equip ourselves with skills to manage our emotions in such situations to be able to respond confidently. We do not need to be controlled by the circumstances. Learning and application of principles of Emotional Intelligence can enhance your self-awareness, self-regulation, motivation, empathy and social skills. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/sam-dossa/support

Joining me today is Dan Winters. Dan is currently Group FC at Paysafe Group Plc. He began his career in audit as a school leaver and worked his way up to Audit Manager over 9 years within the Consumer Markets space. Dan then joined Paysafe where he has spent the last 3 years, progressing to become part of the senior management team. Dan touches upon the benefit of a foundation in audit, the challenges of the ACA and dispels some common misconceptions pertaining to PE-backed businesses. You can also visit my YouTube channel for recent video and face-to-face interviews. www.successinfinance.co.uk

This week's episode features a real estate legend: Leonard Wood, the Founder and Former CEO of Wood Partners, one of the nation's leading apartment builders. Since Leonard founded Wood Partners in 1998, the company has developed over 79,000 homes with a combined value of more than $14.1 billion. Additionally, he is the Founder of the Leonard Wood Center for Real Estate Studies as a part of the Kenan-Flagler Business School. In this episode, Leonard talks about leadership lessons learned and important values for the real estate industry. Leonard also addresses potential issues for the next generation of real estate leaders as the industry moves into a post COVID world of urban development.In 2013, Leonard retired and merged GLJ Partners, a southern California apartment development company he founded in 2008, into Trammell Crow Residential. That same year, he joined the Advisory Board of Trammell Crow Residential where he continues to serve today. Before the inception of GLJ Partners, Leonard founded Wood Partners, LLC in 1998. Wood Partners was the largest multi-family builder in the U.S. in 2004, the 3rd largest in 2005, and the 6th largest in 2006 according to Builder Magazine. Leonard retired as CEO of Wood Partners in 2007, but continued to serve on the Board of Directors through the end of 2013.Prior to founding Wood Partners, Leonard joined Trammell Crow Residential (“TCR”) as Partner in charge of North Florida in 1982. During Leonard's tenure at TCR, he was responsible for the Southeast, Texas, Midwest, and Southwest Regions and started over 54,000 multi-family units representing an investment of more than $2.5 billion. In October of 1996, Homegate Hospitality, Inc. (“Homegate”) had its Initial Public Offering. Homegate combined TCR's development capabilities with Wyndham Hotel Company's management expertise to create an extended-stay hotel chain. Leonard was on the Board of Directors of Homegate. In December of 1997, Homegate merged with Prime Hospitality, a New York Stock Exchange lodging company. Subsequently, Prime sold to Marriott.Leonard is a 1972 University of North Carolina M.B.A. graduate, with an undergraduate degree from N.C. State University in 1968. As an Audit Manager with Arthur Andersen & Co., Leonard had an extensive real estate clientele, including Brandermill and Fripp Island.Leonard is a former Chairman and served on the Multifamily Leadership Board of NAHB. He also is a former Chairman and served on the Board of Directors of the National Multifamily Housing Council. Leonard is a past Governor, Trustee, and Chairman of the Multifamily Council of the Urban Land Institute. He is active in numerous charities with a particular focus on education. He has also been active with various wounded warrior programs. His youngest son, Kevin, served two tours in Iraq. He also serves on the Board of Visitors of the University of North Carolina's Kenan-Flagler Business School. In 2001, Leonard received the MBA Alumni Merit Award from the University of North Carolina. In 2007, Leonard founded the Wood Center for Real Estate Studies as a part of the Kenan-Flagler Business School and is the current Chairman of its Advisory Board. In 2018, he was awarded the Davie Award, the highest award a UNC alumni can receive. He formerly served on the Board of the Darlington School. He was also a Board member of Cole Credit Property Trust III, Inc. and Cole Corporate Income Trust, Inc. Leonard served on the Board of the Ocean Reef Club, the largest private club in the world. He is a Past President of Card Sound Golf Club in Key Largo, Florida.

Sam Kiak Tubangliu Certified Practising Accountants (SKT) based in Port Moresby, PNG prides itself on being an equal opportunities employer. 60% of their staff are female, complimented by an all-female management team. In this podcast, Emma interviews Managing Partner, Arthur Sam, and Audit Manager, Vanolla Sarry, about how SKT embraces inclusion in the workplace and what are the specific challenges facing female accountants in PNG. SKT is a national accounting firm founded by Arthur Sam, Jacob Kiak and John Tubangliu, offering accounting, auditing, taxation and business advisory services in Papua New Guinea. They are BLP approved business advisors and can be contacted via the BLP Portal. Host: Emma Crawford-FalekaonoEmma has over 15 years’ experience in chartered accountancy and commercial environments globally. She started her career in accounting before taking time out to deploy as a Military Police Officer to Southern Afghanistan. In 2014, she made the move into the tech industry and is now a Business Consultant for Business Link Pacific, delivering professional development and skills training courses to growing businesses in the Pacific region. Credits:Recorded, mixed & edited by Dave Rhodes of Dave Rhodes Productions.Music credit: Alex KhaskinBusiness Link Pacific is a private sector programme supported by the New Zealand Ministry of Foreign Affairs & Trade and DT Global. The core team is based in Auckland, New Zealand and supported by in-country partners in Fiji, Samoa, Papua New Guinea, Vanuatu, Solomon Islands and Cook Islands. For more information visit the Business Link Pacific Portal: https://businesslinkpacific.com/

Welcome to the latest episode of the Wilder Coe podcast! In this episode we are joined by Chris Abbott, an Audit Manager at Wilder Coe, to discuss our Young Professionals Network (YPN) platform. We gain an insight into the YPN, life at Wilder Coe, and Chris's journey at Wilder Coe. Subscribe to the Wilder Coe podcast to receive all of our latest updates! www.wildercoe.co.uk

The Employer Blueprint podcast is excited to present the Managing Director of Lance CPA Group, Joshua Lance, CPA, CGMA. As you can tell by the initials after his name, Josh is a Certified Public Accountant, and a Chartered Global Management Accountant. After graduating from Miami University in 2005, Josh began his journey as an Audit Manager, a Controller, and an Entity Group Manager, before opening his own firm with a mission to help small businesses, Lance CPA Group. Josh and Lance CPA Group have won multiple awards including CPA Practice Advisor 40 under 40 in 2017 and 2018, as well as 2017 AICPA Leadership Academy, and Xero Partner Advisory Council. Josh was able to accomplish so much because of his passion to help small businesses succeed. In fact, it is the model that Lance CPA Group is built on. In this episode of the Employer Blueprint Podcast you will learn how Lance CPA Group is not like many other traditional CPA firms in many ways, from the work schedule expected by its employees to the way they interact with clients.  Kyle and Josh have an excellent conversation about maintaining a company culture, and core values, while having a remote workforce. Even more challenging is also having a remote client base. Through many extra steps and the full utilization of technology, it can be possible to have remote employees who carry out a company’s core values while working with remote clients. This is an informative episode as Josh explains how he has been able to accomplish this through his firm in an industry that is known for being more traditional in the ways of interacting with employees and clients. You can find more information about Joshua Lance and Lance CPA Group by visiting https://lancecpa.com. Thank you for listening and be sure to subscribe so you don’t miss an episode of the Employer Blueprint Podcast. 

The Employer Blueprint podcast is excited to present the Managing Director of Lance CPA Group, Joshua Lance, CPA, CGMA. As you can tell by the initials after his name, Josh is a Certified Public Accountant, and a Chartered Global Management Accountant. After graduating from Miami University in 2005, Josh began his journey as an Audit Manager, a Controller, and an Entity Group Manager, before opening his own firm with a mission to help small businesses, Lance CPA Group. Josh and Lance CPA Group have won multiple awards including CPA Practice Advisor 40 under 40 in 2017 and 2018, as well as 2017 AICPA Leadership Academy, and Xero Partner Advisory Council. Josh was able to accomplish so much because of his passion to help small businesses succeed. In fact, it is the model that Lance CPA Group is built on. In this episode of the Employer Blueprint Podcast you will learn how Lance CPA Group is not like many other traditional CPA firms in many ways, from the work schedule expected by its employees to the way they interact with clients.  Kyle and Josh have an excellent conversation about maintaining a company culture, and core values, while having a remote workforce. Even more challenging is also having a remote client base. Through many extra steps and the full utilization of technology, it can be possible to have remote employees who carry out a company’s core values while working with remote clients. This is an informative episode as Josh explains how he has been able to accomplish this through his firm in an industry that is known for being more traditional in the ways of interacting with employees and clients. You can find more information about Joshua Lance and Lance CPA Group by visiting https://lancecpa.com. Thank you for listening and be sure to subscribe so you don’t miss an episode of the Employer Blueprint Podcast. 

Ms Fulufhelo Siphuma is Audit Manager, and Fitness & Wellness Specialist, originally from Limpopo Province, now living in Gauteng Province. She is being interviewed on the importance of Fitness & Wellness in our lives. The interview is in context of youth development, health & good living, and professional fitness for productivity at work. --- Send in a voice message: https://anchor.fm/sam-tsima/message

Marco Gadola has a strong executive track record in a broad range of global businesses. He rejoined Straumann in 2013 as CEO, having previously served as Chief Financial Officer and Executive Vice President Operations from 2006 to 2008, when he left to pursue a career development opportunity at Panalpina, a world leader in supply chain management. Having started as Panalpina’s Chief Financial Officer, he became Regional CEO Asia / Pacic in 2012, with overall responsibility for the regional business.   Prior to his first term at Straumann, he spent five years at Hero, the Swiss-based international food group, where he was also CFO and responsible for IT and operations. Previously, he spent nine years at the international construction tool manufacturer Hilti, where he held a number of senior commercial / sales and nance-related positions in various countries. Before that, he worked for Sandoz International Ltd, as Audit Manager, and for Swiss Bank Corporation, Basel, in Corporate Finance.   Mr. Gadola graduated from Basel University in business administration and economics. He also completed various programs at the London School of Economics and at IMD in Lausanne.   Marco Gadola is Vice Chairman of the Board of Calida Group and heads its Audit Committee. He is also a member of the Board of MCH Group, Switzerland, and heads its Audit Committee, in addition to being a panel member of the Swiss-American Chamber of Commerce.   This year, Marco was ranked seventh in the ‘Incisal Edge’ most influential people in dentistry.   www.straumann.com

As the SVP and Chief Accounting Officer for the publicly traded investment corporation, Don heads up the entire accounting and reporting function. Prior to his current role, Don spent 17 years honing his skills with Freddie Mac, Deutsche Bank, and Arthur Anderson. At Freddie, he was responsible for valuation and reporting for the company's investments. He also worked with Deutsche Bank as their Director of Accounting Policy and he was an Audit Manager at Arthur Anderson. Don holds a Bachelor's in Accounting from the University of Florida and is a CPA and CFA. In this brief interview Don reveals: • How he and his team leverage technology to reduce risk and increase value. • Why he periodically evaluates his organization to ensure they are meeting the needs of the business. • Why he chose a career path working for public companies. • What he feels are the key skills and attributes that aspiring accountants need to reach the highest levels of leadership.

As an SVP at the publicly traded, 6.5 billion dollar media giant, Kristine heads up the Technical Accounting, SEC Reporting and Accrual Accounting functions. She has developed a deep expertise in these areas during her 12 years with the company. Prior to joining Discovery, Kristine reached the Audit Manager level at PricewaterhouseCoopers. Kristine holds an MBA from the University of Texas and is a Certified Public Accountant. In this fast paced interview Kristine shares her perspective on why she’s excited about some of the current trends in public company accounting; How her department leverages technology & research tools to improve efficiency; Why it’s important to maintain the right perspective when faced with difficult career challenges.