Podcasts about GRC

Pierre Poilievre et ses commentaires sur la GRC. Le départ de Manon Massé. La rencontre politique avec Marc-André Leclerc, analyste politique. Regardez aussi cette discussion en vidéo via https://www.qub.ca/videos ou en vous abonnant à QUB télé : https://www.tvaplus.ca/qub ou sur la chaîne YouTube QUB https://www.youtube.com/@qub_radioPour de l'information concernant l'utilisation de vos données personnelles - https://omnystudio.com/policies/listener/fr

Today's guest is Annette Muldowney, Vice President - ServiceNow Manager at MidWestOne Bank. Founded in 1934, MidWestOne Bank is a relationship-driven community bank that provides comprehensive financial solutions, including personal and business banking, lending, trust services and wealth management. Guided by values of integrity, teamwork and impact, MidWestOne Bank aims to generate meaningful outcomes for both their customers and communities.Annette is a resourceful and innovative leader with over 20 years of technical management, project implementation and customer experience expertise across private, public and Fortune 500 sectors. As a ServiceNow Platform Owner, Annette oversees roadmap creation, governance and adoption strategies to ensure seamless user experiences and measurable results. She is recognized for a collaborative leadership style, commitment to excellence and ability to deliver impactful, technology-driven organizational change.In the episode, Annette talks about:0:00 Driving financial innovation with ServiceNow for efficiency, transparency3:06 Her role driving service management transformation at MidWestOne3:52 Focusing on FSO, CSM, and emerging GRC initiatives5:32 How her team is leveraging partners to manage ServiceNow implementation8:02 Driving a phased ServiceNow implementation using crawl, walk, run approach10:56 How Executive support and right vendor critical for ServiceNow success13:12 Why building personal connection with vendors, fit and vision matter most14:35 Advice to lead by example, stay fact-based, and measure what matters18:03 The need to deeply understand the business to drive long-term platform success

Parliament convened in September, but a familiar face from the previous term wasn’t there. Progress Singapore Party’s secretary-general Leong Mun Wai was a notable presence as a Non-Constituency MP during the 14th term of Parliament, sometimes having heated exchanges with ministers and PAP MPs. But he and fellow party member Hazel Poa did not retain their NCMP spots following the General Election in May. Their PSP team for West Coast-Jurong West GRC lost to the PAP slate, which won the five-man GRC with 59.99 per cent of the vote to PSP’s 40.01 per cent. In this episode of The Usual Place, I speak with Mr Leong about steering the party in its next phase post-GE2025 and the challenges of not being in Parliament. How will PSP evolve its practices and policy communications without a Parliamentary presence, and remain relevant? Highlights (click/tap above): 4:06 Increasing online presence to explain party positions 6:05 Mr Leong on heated exchanges as NCMP 10:45 How PSP will explain its policy ideas to the public post-GE2025 19:19 What will PSP really stand for "after Dr Tan Cheng Bock"? 20:20 Wanting to lead national conversation on economy 22:55 How does PSP stand out differently from other parties? 25:00 Will PSP move beyond the electro west? 28:00 "I learnt a very hard lesson about the powerful PAP machinery": Mr Leong Read Natasha Ann Zachariah’s articles: https://str.sg/iSXm Follow The Usual Place podcast on IG: https://www.instagram.com/theusualplacepodcast Follow Natasha on LinkedIn: https://str.sg/v6DN Filmed by: Studio+65 Edited by: Teo Tong Kai and Chen Junyi Executive producers: Danson Cheong, Elizabeth Khor & Ernest Luis Editorial producer: Lynda Hong Follow The Usual Place Podcast and get notified for new episode drops every Thursday: Channel: https://str.sg/5nfm Apple Podcasts: https://str.sg/9ijX Spotify: https://str.sg/cd2P YouTube: https://str.sg/theusualplacepodcast Feedback to: podcast@sph.com.sg SPH Awedio app: https://www.awedio.sg --- Follow more ST podcast channels: All-in-one ST Podcasts channel: https://str.sg/wvz7 Get more updates: http://str.sg/stpodcasts The Usual Place Podcast YouTube: https://str.sg/4Vwsa --- Get The Straits Times app, which has a dedicated podcast player section: The App Store: https://str.sg/icyB Google Play: https://str.sg/icyX -- #tup #tuptrSee omnystudio.com/listener for privacy information.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is our sponsored guest, Khush Kashyap, senior director, GRC, Vanta. In this episode: Skip the Sermon When to coach versus command Making risk quantification useful Recognizing a distinct discipline   Huge thanks to our sponsor, Vanta Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business at https://www.vanta.com/landing/demo-grc?utm_campaign=new-way-grc&utm_source=ciso-series-podcast&utm_medium=podcast&utm_content=banner  

In this episode of GRC Chats, we explored vital mindset shifts for GRC professionals navigating crisis situations. Caroline Stokes, leadership coach and author of "Aftershock to 2030: A CEO's Guide to Reinventing in the Age of AI, Climate, and Societal Collapse," shares her expertise on fostering resilience and mental health in risk management, cyber security, and governance. Discover how these tireless professionals can prioritize self-care without compromising their mission-critical roles. We discussed the challenges faced by Chief Risk Officers, cyber security leaders, and sustainability advocates, including burnout, work-life balance, and career development. Caroline highlights strategies, including the importance of taking moments to reset, leveraging coaching, and rethinking systems for long-term success. Her insights are essential for anyone in risk management, governance, or defense industries. Aftershock to 2030 book: Amazon: https://www.amazon.co.uk/dp/B0FB5BKFGL Thinkers 50 Leadership Award announcement: https://www.linkedin.com/posts/ocarolinestokes_thinkers50-leadership-regeneration-activity-7378448096940298240-iXXs?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAD7q70Bk40-vywCY4O_4l7zVHq6e1LRqpE If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Inquiry.

Access the Pathlock podcast to hear an expert in GRC discuss how to simplify compliance and reduce operational risk by combining SAP identity management (IDM) and access control solutions on a single platform. Learn how agencies are leveraging integrated GRC solutions to future-proof SAP environments, simplify critical operations and optimize user experience.

CISO Roles, Talent Crisis & AI Tools | DailyCyber 276 with Michael Reichstein ~ Watch Now ~In this episode of DailyCyber, I'm joined by Michael Reichstein, a global cybersecurity executive with more than 20 years of experience leading security programs across multiple continents. His journey spans military service, enterprise GRC integration, and Fortune 500 leadership. Michael brings a people-first perspective to security, emphasizing communication, culture, and aligning security with business goals. 

Jonathan Armstrong remains on assignment. Today, Tom Fox visits with fellow Texan Jim LaRoe, CEO of Symphion, to discuss data privacy, data protection, and compliance related to printer security in one of the most interesting podcasts Tom has done in some time. Jim provides insight into how 20-30% of network endpoints are printers, and alarmingly, 99% of these are unprotected. Printers, despite being integral to business functions, are typically left vulnerable, making them prime targets for sophisticated phishing and cyber-attacks. Jim shares his journey from a trial lawyer to founding Symphion in 1999 and explains Symphion's groundbreaking work in developing comprehensive security software for printers. Jim highlights the importance of a culture of compliance in managing endpoint security and the multifaceted challenges that come with securing printers.  He emphasizes the collaborative effort needed among GRC compliance teams, IT, and supply chain departments to manage printer security effectively, and offers actionable steps for businesses to mitigate these risks. Learn more about your ad choices. Visit megaphone.fm/adchoices

In episode 156 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager are joined by Stephanie Gass, Sr. Director of Information Security at Center for Internet Security® (CIS®), and Angelo Marcotullio, Chief Information Officer at CIS. Together, they explore how CIS practices what it preaches by using CIS products and services internally, which includes implementation of the CIS Critical Security Controls® (CIS Controls®) and CIS Benchmarks®, automation, and alignment to compliance frameworks. Their discussion highlights how CIS builds a strong cybersecurity foundation while adapting to evolving threats and regulatory requirements.The conversation dives into practical applications, cultural alignment, and the importance of repeatable processes for scaling security across new products and services. It also touches on the role of privacy regulations, cyber risk quantification, and the community-driven approach that underpins CIS best practices. Here are some highlights from our episode:01:12. Why CIS “drinks its own champagne” when it comes to cybersecurity02:56. Three ways the CIS Controls help modern enterprises defend against threat actors04:02. The importance of pulling together security lessons learned in a way that's translatable10:03. Our use of the CIS Controls to align to SOC 2, ISO 27001, and other frameworks12:01. How governance, risk, and compliance (GRC) engineering works with automation to help build repeatable processes22:43. The role of collaboration and communication in building a cybersecurity program27:17. Privacy regulations as a catalyst for security innovation30:24. The CIS Community Defense Model and evidence-based practices32:40. How CIS leverages lessons learned to improve our security best practicesResourcesEpisode 146: What Security Looks Like for a Security CompanyImplementation Guide for Small and Medium-Sized Enterprises CIS Controls IG1How to Construct a Sustainable GRC Program in 8 StepsMapping and Compliance with the CIS ControlsCIS Completes SOC 2 Type II Audit Using CIS Best PracticesEpisode 74: The Nexus of Cybersecurity & Privacy LegislationCIS Community Defense Model 2.0Episode 121: The Economics of Cybersecurity Decision-MakingEpisode 77: Data's Value to Decision-Making in CybersecurityCIS CommunitiesIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP's modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD's SWFT, SRG, and RMFSubscribe now

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Cisco's routers just exposed more than two million networks thanks to a "security optional" SNMP setup that's being actively exploited—Steve and Leo break down why this is a worst-case scenario for the industry and how easily it could have been avoided. Gmail's spam filtering false-positive spree. iOS 26's Safari randomizes its fingerprint by default. Cisco's SNMP stands for "Security Not My Problem". Windows' "stuck" Extended Security Updates (ESU). Europe complains, gets 1-year of ESU with no strings. Where to get $6 TLS certs (really) while they last. The lessons to learn from Jaguar Land Rover's mess. The NEON app: get paid to have your voice recorded. Bluesky's age verification, now coming to Ohio. What is "Kids Web Services" for age verification. More than 10K Ollama instances publicly exposed. GRC's DNS Benchmark reaches "release candidate" Show Notes - https://www.grc.com/sn/SN-1045-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: vanta.com/SECURITYNOW 1password.com/securitynow Melissa.com/twit threatlocker.com/twit zapier.com/twit

Davis Cup Double FaultFor credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/bonus-episode-4-davis-cup-double-fault/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

What happens when governance, risk, and compliance (GRC) collide with the everyday realities of the healthcare supply chain? On this episode of Power Supply, we're joined by David Williams, a healthcare supply chain leader with deep expertise in finance, risk, and compliance, to explore how cybersecurity, finance, procure-to-pay, and AI are all connected under the GRC umbrella. From process risks hiding in daily workflows to the growing urgency of cyber hygiene and AI governance, David explains why alignment across supply chain, finance, and IT is critical to protecting both operations and patient safety. Whether you're in the C-suite or working on the loading dock, this conversation breaks down what GRC really means for supply chain—and how to balance the equation for a smarter, safer future! Once you complete the interview, jump on over to the link below to take a short quiz and download your CEC certificate for 0.5 CECs! – https://www.flexiquiz.com/SC/N/ps15-07 #PowerSupply #Podcast #AHRMM #HealthcareSupplyChain #SupplyChain #GRC #Risk #Compliance #Governance #Cybersecurity

SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.    

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com        

Meter: Visit https://meter.com/itcareer to book a demoCybersecurity is changing faster than ever — and the jobs of the future may not look like the ones you picture today. Everyone talks about hacking, red teaming, and pen testing, but there's a side of cybersecurity that's just as critical and often overlooked: GRC (Governance, Risk, and Compliance).In this episode, I sit down with  @UnixGuy  (Abed Hamdan) to talk about the future of cybersecurity, why GRC might be the biggest hidden career opportunity, and what it really takes to break into the field. We'll cover who should consider GRC, the skills you need to succeed, and how AI and automation are reshaping the industry.Whether you're brand new to tech or looking to pivot your career, this conversation will give you insider knowledge most people miss.

The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

Thousands had data leaked in blood center ransomware attack UK Electoral Commission recovers, 3 years after China hack Npm packages with 2 billion weekly downloads targeted in supply chain attack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks. In this episode: Making organizations take their security medicine Building CISO support systems Holding the door for humans Underappreciated risks: beyond the headlines Huge thanks to our sponsor, Safe Security SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.  

In this episode, we demystify the often misunderstood world of surveillance in financial services with Emily Wright, a leading expert in compliance and risk management. Emily breaks down the complexities of employee surveillance, highlighting its real value beyond mere compliance theater. She emphasizes the critical role of human behavior in shaping effective risk management strategies. Join us as we explore how understanding these dynamics can transform your organization's approach to surveillance and foster a culture of integrity and accountability. SHOW NOTES01:25 Career Journey 08:18 Behind the Screens Book 11:43 Obstacles for Trade Surveillance 14:11 Changes for Comms Surveillance 17:35 Technology & AI Influences 22:42 Do the 3 Lines of Defense Hold?

GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.  

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance as he visits with top innovative minds, thinkers and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox visits with Lori Crooks, a seasoned professional in the field of cybersecurity and audit assessments, to discuss the evolution of auditing practices from physical infrastructure to cloud and AI.   Lori shares insights from her extensive career, highlighting key federal compliance frameworks like NIST 800-53, FedRAMP, and NIST 800-171. Lori stresses the importance of proactive compliance strategies and scalable GRC programs. As AI integration accelerates, she also touches on the challenges of adjusting compliance frameworks to keep pace with technological advancements, and the necessity of fostering collaboration within organizations to meet regulatory requirements effectively.  Key Highlights  Federal Auditing Frameworks Proactive Compliance Strategies Scalable GRC Programs AI and Compliance Landscape Future of Auditing in the Age of AI  Resources Lori Crooks on Linkedin Cadra  Tom Fox Instagram Facebook YouTube Twitter LinkedIn Check out my latest book Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.  Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group. In this episode: Vulnerability management vs. configuration control Open source security and supply chain trust Building security leadership presence AI governance and enterprise risk Huge thanks to our sponsor, Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

For the first time in Australia, a long-overdue inquiry into abuse and coercive control within cults and religious groups has been launched. The Victorian inquiry was initiated after reports of coercive behaviour at the Geelong Revival Centre, many of which were revealed by Richard Baker in the LiSTNR podcast Secrets We Keep: Pray Harder. In the series, Rich described the GRC, under the leadership of Pastor Noel Hollins, as one of Australia’s most extreme Pentecostal churches. Former members shared horrific allegations of historical child sex abuse cover-ups, tight control of their relationships, and harsh restrictions placed on the freedoms of women. In this special episode, we wanted to share episode one of Secrets We Keep Pray Harder with you. If you want to binge the rest of the series, click here for episode 2 now. The interviews in this series were recorded during Pastor Noel Hollins leadership of the Geelong Revival Centre. During production, Pastor Noel died. The experiences and allegations raised do not relate to the current leadership of the GRC. Lifeline 13 11 14.See omnystudio.com/listener for privacy information.

Today's guest is Yogesh Ailawadi, Head of Products & Innovation - Identity, Safety and Security at Alert Enterprise. Founded in 2007, Alert Enterprise's mission is the seamless convergence of advanced physical access control, identity management and workspace automation. Their solutions are designed to empower businesses with secure, flexible and efficient work environments, catering to the dynamic needs of today's workforce. They understand that in the digital era, the security of physical and digital assets is paramount.Yogesh leads Alert Enterprise's global product management and solutions engineering teams and brings over 15 years of experience in information security, identity and access governance across IT, Physical and OT systems. He has led global deployments of PIAM/IAM solutions for Fortune 100/500 customers across various industries. Yogesh is well versed in industry regulatory standards with a deep understanding of engineering concepts and technologies, and their usage in the security domain.In the episode, Yogesh discusses:0:00 An insight into his 20-year career in security, product and innovation3:10 Pioneering physical security governance across critical industries at Alert Enterprise5:27 Expanding physical GRC by integrating with the ServiceNow platform8:04 Seeing a high-demand from large, regulated industries using ServiceNow workflows10:07 Product live on ServiceNow with focus on AI-driven access solutions11:39 Focusing on product innovation, scaling through global partners13:42 Bringing physical security workflows and AI use cases to ServiceNow

Dave Sobel interviews John Harden, the director of strategy and technology evangelism at Auvik, discussing the evolution of SaaS management and its growing adoption in the industry. Since Auvik's acquisition of SaaSlio in 2022, the company has invested significantly in engineering efforts to enhance its SaaS management capabilities. Harden highlights the increasing need for visibility into SaaS applications due to rising cybersecurity threats and the growing importance of AI in business environments. He emphasizes that many organizations are now recognizing the necessity of understanding their SaaS assets, particularly in light of the proliferation of AI tools.The conversation delves into the different ways organizations are consuming AI, with smaller companies typically using AI through SaaS applications, while larger organizations may develop their own models via APIs. Harden explains how Auvik's SaaS management platform provides visibility into both categories, allowing businesses to monitor AI usage and manage potential risks associated with shadow IT. He also discusses the recent release of SaaSOps, which enhances visibility and integrates with popular tools to provide deeper insights into API usage and license management.As organizations begin to shift back to on-premises servers due to the high costs associated with AI workloads, Auvik has responded by introducing server management capabilities. Harden notes that this new feature allows for comprehensive monitoring of on-premises infrastructure, ensuring that businesses can effectively manage their IT assets regardless of where they are hosted. This adaptability is crucial as companies navigate the complexities of their IT environments, whether they are utilizing cloud services or traditional on-premises solutions.Looking ahead, Harden expresses optimism about the growth of compliance and governance, risk, and compliance (GRC) solutions, which he believes will foster stronger relationships between managed service providers (MSPs) and their clients. He emphasizes the importance of asset visibility in achieving compliance and cybersecurity goals, as well as in developing AI strategies. By continuing to expand its asset visibility portfolio, Auvik aims to support MSPs in meeting the evolving needs of their customers in a rapidly changing technological landscape. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Today, we conclude our 3-part podcast series sponsored by Diligent with Jessica Czeczuga, Amanda Carty and Neta Meidav In this Part 3, Tom is joined by Neta Meidav, Managing Director of Ethics & Compliance at Diligent for a dive into technology innovations at Diligent.     In this episode, Tom visits with Neta about her recent transition to Diligent following its acquisition of her GRC entity Vault. Neta discusses the strategic reorganization at Diligent that underscores their commitment to compliance technology, and how this alignment bodes well for the future of their technology. She also sheds light on the integration of AI within compliance solutions, exploring its transformative impact on risk prediction, investigation processes, and operational efficiency, while emphasizing the enduring importance of human expertise in ethical decision-making.   Key Highlights   ·      The Acquisition Journey ·      Role and Responsibilities at Diligent ·      AI and Compliance Technology ·      Predictive Risk and Future of AI in Compliance   Resources: ⁠Neta Meidav on LinkedIn ⁠⁠Diligent⁠   Tom Fox ⁠Instagram⁠ ⁠Facebook⁠ ⁠YouTube⁠ ⁠Twitter⁠ ⁠LinkedIn

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.  

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox interviews Gaurav Kapoor, Vice Chairman, Co-Founder and Board Member of MetricStream, discussing his extensive professional background, from co-founding MetricStream to his current focus on customer intimacy amid AI market disruptions. Kapoor delves into the evolving landscape of risk management, emphasizing the importance of midyear reviews and integration of various risk themes like operational risk, audit compliance, and cybersecurity. He elaborates on the role of AI in GRC, stating how generative and agent AI can streamline compliance processes and enhance risk management strategies. The conversation also touches on the increasing significance of cybersecurity, geopolitical instability, and climate impact on risk assessment. Kapoor highlights the shift from compliance to a more resilient and risk-aware culture within organizations. Key highlights: Gaurav Kapoor's Professional Journey The Importance of July in Risk Management AI's Role in GRC Emerging Risks and AI Applications Counseling Boards on Risk Management Top Concerns for the Second Half of 2025 Evolving Role of Compliance and Risk Officers Resources: MetricStream Website and on LinkedIn Gaurav Kapoor on LinkedIn Tom Fox Instagram Facebook YouTube Twitter LinkedIn

In an era of black swan events, economic volatility, and rapid technological change, leaders must balance growth with governance to build organizations that endure. In this episode of CIO Talk Network, Dr. Ramesh Gopal, Chief Risk Officer for UAE & Saudi and Head of Credit Risk at CEEMEA for Deutsche Bank, joins host Sanjog Aul to share lessons from past crises, strategies for aligning agility with control, and ways to embed a risk-first mindset across the enterprise. Topics Covered: 00:00 – Introduction 02:49 – When assumptions fail: Lessons from 2008 07:12 – Thresholds, policing, and human bias in risk 10:09 – The biggest illusion of preparedness 13:05 – Appetite, tolerance, and execution 16:54 – Bridging the GRC–business gap 20:51 – Real-time, modern risk management 24:04 – Risk in the citizen development era 27:20 – Decentralizing risk ownership 33:29 – Challenges in building a risk-aware culture 36:08 – Blueprint for future-ready risk management 40:30 – An appeal to business & tech leaders 43:16 – G² + R²: Good growth and right risk

New wave of NFC relay fraud, call hijacking, and root exploits in banking sector Canada's House of Commons suffers cyberattack Zoom fixes critical Windows client flaw that could enable privilege escalation Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com    

Hack of federal court filing system exploited security flaws known since 2020 Pennsylvania attorney general says cyberattack knocked phone, email systems offline Spike in Fortinet VPN brute-force attacks raises zero-day concerns Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

The hits just keep on coming Where's the Little Dutch Boy when you need him? I felt the ransomware down in Africa Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com

North Korean crypto theft Microsoft rolls out PC back up during attack U.S. charges four in $100M global fraud scheme Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.  

Governance, risk, and compliance (GRC) has long been burdened by heavy manual processes, slow assessments, and limited visibility. In this Brand Story episode, Sean Martin and Marco Ciappelli are joined by Anders Søborg, Co-Founder of Eve, and Mark Humphrey, who brings two decades of fraud and cybersecurity experience to the team. Together, they unpack how Eve is challenging traditional GRC tools by offering something entirely different: automation with evidence-based intelligence at its core.Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve's mission. He describes a world where compliance doesn't have to mean complexity. Eve's AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.This isn't about replacing people. It's about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99Note: This story contains promotional content. Learn more.Guests:Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/ResourcesRedefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1mlLearn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrcLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

In this episode of The Ethics Experts, Nick welcomes Anitha Vittal.Anitha is recognised as a global ethics, risk, compliance and internal audit leader with proven experience and expertise in establishing Centres of Excellence at GCCs across industry verticals.A passionate professional, she has over 23 years of service in leading and developing high performing teams across India, Europe and US markets. Her engagements include - internal audit, risk management, compliance, business process and financial compliance, data privacy, SoX, GRC program management, digitisation.