POPULARITY
Categories
In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale. As CEO of RegScale, he oversees their Continuous Controls Monitoring platform, which enables rapid GRC outcomes for organizations like Wiz, Keybank, and the US Department of Energy. In this episode: [02:15] How an interest in computer science led Travis to pursue a career in security [03:20] Working in “the Major Leagues of cyber” at the National Nuclear Security Administration [06:20] Moving fast in highly-regulated environments [07:10] Securing the world's fastest supercomputer at Oak Ridge National Laboratory [10:30] Supporting digital transformation at enormous scale at Bechtel Corp [15:15] How outdated compliance processes inspired Travis to co-found RegScale [18:15] How RegScale acquired its first high-profile clients through "hustle and luck" [19:20] The challenges of building the first version of RegScale [21:15] Taking the pain out of compliance [23:20] The biggest GRC roadblocks teams are facing right now [25:10] Practical advice for moving the needle on your automation program [27:33] Eliminating redundancy and inefficiency in federal compliance programs [32:30] What's next for RegScale [33:45] The best applications of AI (and which decisions should "never" be made AI) [35:45] Navigating regulatory uncertainty when it affects your whole business model [38:40] What SecOps and compliance teams might look like in the future [40:20] What the best compliance teams do to build rapport with security, IT and other business functions [43:30] Why AI adoption is a risk-based conversation every organization should be having with their CISO [46:00] Connect with Travis Where to find Travis Howerton: LinkedIn RegScale Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The CISO Society 2025 State of Continuous Control Monitoring Report
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin interviews Chris Maguire about his professional journey and what led him to focus on the intersection of legal, compliance, and innovation. This leads to a discussion about AI and predictive analytics. Chris shares examples of General Counsel and compliance offices using AI to improve risk forecasting and decision-making. Chris comments on the expanding role of Compliance in the General Counsel's office. Listen to Chris's take on the importance of values. He shares some of the core values of Thomson Reuters. Key Takeaways: [:01] About RIMS and RIMScast. [:17] About this episode of RIMScast. We will talk about how technology is driving innovation in compliance, risk, and the legal profession, with Chris Maguire of Thomson Reuters. [:41] RIMS-CRMP Workshops! The next RIMS-CRMP-FED Exam Prep will be presented in conjunction with AFERM and led by instructor Joseph Mayo. This is a two-day course, June 2nd and 3rd. Register by May 26th. [1:02] The next RIMS-CRMP Exam Prep Workshop will be presented in conjunction with NAIT on June 10th and 11th. Register by June 9th. That course will be led by former RIMS President, Nowell Seaman. [1:20] Links to these courses can be found on the Certification Page of RIMS.org and through this episode's show notes. [1:27] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM”, and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:45] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:56] We are already making preparations for the RIMS ERM Conference 2025 on November 17th and 18th in Seattle, Washington. RIMS is accepting educational session submissions through May 20th. [2:14] The best submissions will address current and future challenges facing ERM practitioners as well as provide leading practices and concrete takeaways for a diverse audience of risk professionals from industries or organizations of varied sizes, disciplines, functions, and roles. [2:30] These include officers, leaders, managers, and students. The link to the submission form is in this episode's show notes. If you are listening on the day of this episode's release, this is the last call for submissions, so get them in! [2:46] Let's get on with the show! How is your organization navigating regulatory uncertainty in 2025? Are you leveraging advancements in technology to help achieve your goals? Our guest this week is Chris Maguire, the General Manager for Corporates Risk at Thomson Reuters. [3:06] We are going to talk about how technology is driving innovation in compliance, risk, and legal. We will talk about how AI and predictive analytics are reshaping corporate legal and compliance functions, and more. Let's get to it! [3:22] Interview! Chris Maguire, welcome to RIMScast! [3:29] Chris Maguire started in a Big Four firm in the '90s, in the auto practice. It was a great way to learn business and how they worked, focusing on understanding financial controls and risk, and how to make sure that companies were behaving correctly. [3:59] After an MBA, Chris started working for Thomson Reuters. He has been with them for about 20 years in the legal tech space. He started on the strategy side and transitioned after several years to driving the commercial teams in the risk business. [4:24] Now, Chris has the role of looking at product and industry strategy for corporations. Thomson Reuters is at the intersection of legal, risk, and compliance, and how they affect enterprises. [5:07] Chris says that 20 years ago, AI was not a fast-moving industry. There have been dramatic changes in the last few years. AI adoption by Thomson Reuters customers has doubled in the last year. Generative AI has been seen in a wide range of tasks. It started with drafting NDAs. [5:38] Salespeople are always asking for NDAs and how they can be drafted more quickly and easily. Now AI conducts legal research or helps draft a research memo or a complaint from a particular point of view. We're seeing it in drafting HR employment policies and rote tasks. [6:21] Chris explains the use of AI prompts tied to data sources, such as your data, data from Thomson Reuters, or other data providers. Chris is also seeing big data AI used a lot in analyzing outside spending and looking for cost savings. [7:14] Chris tells how AI helps in decision-making, using the example of knowing the vendors you choose for your supply chain and knowing your customers. AI can weed through all the news out there to make sure you're not dealing with a sanctioned entity. [8:22] AI can help with reputation risk. Is there forced labor in your supply chain? That matters to your reputation. It's not just whether a country is sanctioned, but what the individual entities in your supply chain are doing. There's a lot of focus on reputation today. [9:10] Justin recently had the Chief Impact Officer of EcoVadis on RIMScast Episode 329. They talked about forced labor and human trafficking in the supply chain. Use AI to help identify where forced labor and human trafficking are big risks, avoid them, and report them. [9:35] This is important on the corporate side and the government side of the business. Chris says it will be interesting to see the effect of tariffs. Thomson Reuters has updated about 50 million changes to its global trade products so far this year, compared to 100 million in 2024. [10:16] Plug Time! RIMS Webinars! We are back on May 22nd, with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [10:33] On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?”. [10:413] On June 17th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. [10:54] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [11:05] Spencer Educational Foundation's Grants program is starting soon. Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [11:23] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [11:43] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [11:54] Back to the Conclusion of my Interview with Chris Maguire of Thomson Reuters! [12:27] Chris refers to RIMScast Episode 335 with Jeff from Academy Sports. Jeff talked about how the Compliance function now sits in the General Counsel's office. At Thomson Reuters, more of the Compliance group has moved into the General Counsel's office in the last year. [12:48] The General Counsels are being charged with understanding the full weight of risk across an organization, from reputational risk to who you should or should not do business with. [13:16] The Sales organization at Thomson Reuters has discussed that a lot with the GC office, from a reputation, sanctions, and everything perspective. A lot of GC offices now include the Compliance role. [13:50] Chris's ERM philosophy is Trust. Companies need to trust who they are doing business with. Companies need to trust that their employees have what they need to make decisions not to deal with a risky customer, but to follow the laws and rules of global companies. It's trust. [14:29] There is so much change going on. Chris talks about values that resonate. One Thomson Reuters value is Act Fast, Learn Fast. You have to move and learn. Companies can help you, but it is on individuals to take the responsibility to act fast and learn fast about what is changing. [14:59] Thomson Reuters is bound by the Trust Principles. It started with Reuters in the 1940s around WWII, but it goes back to its 150 years of legal content. [15:17] The information Thomson Reuters provides its customers has to be free from bias. It has to be right. It has to be updated. It can't be an opinion about a philosophy. It has to be fact-based. It has to provide customers with the information they need to get work done. [15:36] Applying AI on top of trusted, unbiased, correct, up-to-date information is going to be vital, moving forward. Act fast, learn fast, and trust. [15:57] Chris believes the legal industry hasn't always been the fastest-moving industry. The technology is now there to allow us to move more quickly and learn more quickly. That's an exciting thing! [16:23] Chris says AI is no longer a future concept. It's here. It's transforming our lives; it's starting to transform our business environment. If you don't adapt quickly, you're going to be at a significant disadvantage. [16:36] For people in General Counsel's offices, people in compliance functions, the value is your expertise, your knowledge, and you as a human, and what you can bring to the situation. [16:48] If AI can help you get there, and give you a platform on which to add your judgment and expertise, knowledge, and professional opinion, that's a hugely valuable thing. [17:01] Thomson Reuters doesn't see AI taking away jobs. We see people who use AI, potentially taking away the jobs of people who don't use AI. It all comes back to the humans and how they use it. There's never been a time when Thomson Reuter's expertise has been more important. [17:34] Chris, it has been such a pleasure to have you here on RIMScast! I do appreciate that you listened to some previous episodes! Get my unique download count up there! [I7:50] I appreciate that we're reaching a very important segment of our audience and our RIMS membership. I think they're going to learn a lot in this episode. Thank you! [18:02] Special thanks to Chris Maguire for joining us here on RIMScast. Links to RIMS coverage about AI, legal, and compliance risks are in this episode's show notes. [18:13] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [18:41] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [19:00] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [19:18 ] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [19:34] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [19:48] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [19:55] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. ERM Conference 2025 — Call for Submissions (Through May 20) RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine “Balancing Innovation and Compliance When Implementing AI” — Risk Management magazine, April 2025 RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Deadline July 30, 2025 2025 Coast-To-Coast Risk Management Challenge — Applications Open Through May 23 RIMS Webinars: RIMS.org/Webinars “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | June 17, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP-FED Exam Prep with AFERM — June 2‒3, 2025 | Presented by RIMS and AFERM RIMS-CRMP Exam Prep Virtual Workshop — June 10‒11, 2025 | Presented by RIMS and NAIT Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “(Re)Humanizing Leadership in Risk Management with Holly Ransom” “AI and Regulatory Risk Trends with Caroline Shleifer” Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Chris Maguire, General Manager, Corporates Risk at Thomson Reuters Production and engineering provided by Podfly.
We're joined by Jacob Hill, founder of the GRC Academy, a leading provider of training and consulting services in governance, risk, and compliance. In this episode, Jacob dives into the new DOD regulations for CMMC, and why it's essential for contractors to get a head start in implementing these regulations. Jacob shares insights into what the new CMMC regulations entail and the implications for businesses. He discusses how the CMMC framework is designed to ensure that companies comply with cybersecurity best practices and what steps they need to take to become certified. Additionally, Jacob introduces his new course on the GRC Academy, which focuses on helping companies understand these regulations and navigate the certification process. He explains how the course can benefit companies and help them avoid costly mistakes while preparing for CMMC compliance. This podcast is a must-listen for anyone involved in government contracting or cybersecurity, looking to understand the implications of CMMC regulations. Jacob's expertise in this area and the insights he provides will prove invaluable to anyone looking to get a head start in implementing these regulations. Tune in to hear Jacob Hill's take on CMMC regulations and what companies can do to prepare for compliance. Take the course: https://grcacademy.io/courses/cmmc-overview-training-small-medium-businesses-smb/ Understand CMMC: https://grcacademy.io/cmmc/controls/ Contacts Jacob: https://www.linkedin.com/in/jacobrhill/ #CMMC #cybersecurity #governmentcontracting #compliance #GRC #podcast #training #certification #DOD #informationsecurity #smallbusiness #riskmanagement #regulations #ITsecurity #datasecurity #manufacturingunscripted #manufacturing #manufacturingcontracts
GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains why integrated GRC and DevSecOps are non-negotiables for space startups. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom Windows 11 and Red Hat Linux hacked on first day of Pwn2Own The Internet's biggest-ever black market just shut down amid a Telegram purge Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show. Here's where you can find him: Daily Podcast on SoundCloud | YouTube | Forbes | Twitter/X | Facebook | BlueSky | Mastodon Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Host Chris Hackett leads a compelling discussion on the intersection of business, security, and governance with Nordic industry experts. Carl-Johan Ekelund, Head of Security at Atea Sverige, Per Johansson, Senior Cyber Security Advisor at Tryg, Mikko Laiso, Physical Security Leader at Ramboll, and Jennie Wallin, GRC Lead at Vattenfall, explore how security and GRC practices shape organizational strategy and resilience. This episode delivers critical insights for professionals navigating compliance, risk management, and integrated security in modern, regulated business environments.
Tired of the same old advice that isn't getting you anywhere in your cybersecurity career? Everyone says "get more technical skills," but what if that's only part of the story? If you're aiming for leadership roles like CISO, Security Director, or Head of GRC, or other security leadership roles, this episode is for you. In this episode, we dive into: why technical skills alone won't land you a cybersecurity leadership role, the real skills that executives are desperately seeking (it's not what you think), how to showcase leadership skills even without a leadership title (break the catch-22), effective communication strategies to influence executives and your team, what it really takes to lead during a cybersecurity crisis (the uncomfortable truth). It's time to stop wasting time on outdated advice and focus on what truly matters. Listen now to unlock the secrets to accelerating your cybersecurity leadership career.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.
Steel producer disrupted by cyberattack European Vulnerability Database (EUVD) is online CISA pauses advisory overhaul Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Saket Modi, co-founder and CEO, SAFE Security. In this episode: Elevating AI to table stakes Security for the real world Using dynamic models for TPRM The agentic AI augmentation Huge thanks to our sponsor, SAFE Security SAFE (#1 platform to unify the management of all cyber risks) has reinvented cyber risk management with Agentic AI. We help CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation.
Rhea Sharma, winner of the Risky Women Write competition, discussed the human costs of offshoring GRC functions. She highlighted the disparity in pay between offshore and onshore employees, noting that offshore employees often face an illusion of progress. Rhea emphasized the need for fair pay, transparency, and inclusion in offshoring practices. She also shared her background, including her work with Women's Lantern, a charity supporting South East Asian women, and her ongoing education. Rhea advocated for decentralized finance and its potential to address global cybersecurity issues, citing regulatory reforms in Australia, Singapore, and India. SHOW NOTES 00:24 Feedback on Rhea's Article 04:36 Career Journey 07:36 Aligning Values with Work 19:46 Challenges of Offshoring and Brain Drain 25:52 Practical Steps for Ethical Offshoring 31:49 Future Innovations and Recommendations Transcript and more GRC content: https://www.riskywomen.org/2025/05/podcast-s8e5-offshoring-grc-functions-the-human-reality/
Global Crossing Airlines Group confirms cyberattack Google settles privacy lawsuits UK launches software security guidelines Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin interviews three RISKWORLD attendees at RISKWORLD 2025. They are first, Audrey Trim of Thomson Rivers University, second, Lucy Straker of Beazley, and third, François Beaume of Sonepar and AMRAE. Audrey Trim shares information about her career and her experiences at RISKWORLD and on the Board at BC RIMS. She introduces the Second Annual Coast to Coast Risk Management Legacy Challenge for Canada and tells how student teams can compete. Lucy Straker describes the growing risk of political violence and active assailant events, and what insurance products are needed on top of general liability. She offers strategies for preventing and mitigating violent events. François Beaume presents the 17th Annual AMRAE RMIS Panorama, a survey of vendors and risk managers, with insights into the software and technology available to corporate risk teams. The Panorama and data sets are freely available online in French and English at the link below. Listen in for a glimpse of the variety of education at RISKWORLD. Be sure to save the dates May 3rd through the 6th for RISKWORLD 2026 in Philadelphia. Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast, coming to you live from RISKWORLD 2025 in Chicago. There are so many topics and perspectives to cover! [:40] RIMS-CRMP Workshops! RIMS is co-hosting an intensive four-day program, which is your gateway to achieving two prestigious certifications, the DRI Certified Business Continuity Professional (CBCP) and the RIMS Certified Risk Management Professional (RIMS-CRMP). [:59] This workshop will be held from May 19th through the 22nd in collaboration with DRI International. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:14] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM”, and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:31] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:42] We're at RISKWORLD this week, but preparations are already underway for the RIMS ERM Conference 2025 on November 17th and 18th in Seattle, Washington. RIMS is accepting educational session submissions through May 20th. [2:00] The best submissions will address current and future challenges facing ERM practitioners as well as provide leading practices and concrete takeaways for a diverse audience of risk professionals from industries or organizations of varied sizes, disciplines, functions, and roles. [2:16] These include officers, leaders, managers, and students. The link to the submission form is in this episode's show notes. [2:26] Of course, mark your calendars for November 17th and 18th, and I'll be sure to alert you when registration opens. [2:34] RISKWORLD 2025 was one of the highlights of the 75th Anniversary of RIMS. We had a fantastic time here at McCormick Place in Chicago. We've got a lot of perspectives that we're going to cover! [2:47] Our first guest is the Responsible Use of Space Coordinator in the Risk Management Department of Thomson Rivers University in British Columbia and a Board Member of BC RIMS. She is making her RISKWORLD and RIMScast debut. [3:04] Audrey Trim is here to tell us about her experience as a first-time attendee and the 2025 Coast-to-Coast Risk Management Legacy Challenge, which was a big draw among the students at RIMS Canada 2024, and we expect that to possibly outdo itself in 2025. [3:24] You could sense the energy on the exhibit room floor on Day 1 of RISKWORLD. Let's get to it! [3:32] Interviews! Audrey Trim, welcome to RIMScast! [3:38] On RISKWORLD Day 1, Audrey enjoyed the Matha Stewart opening keynote. It was a great, inspirational show. Audrey has taken in some great sessions. She's looking forward to some educational seminars. This is Audrey's first RISKWORLD; it will not be her last! [4:57] Audrey explains her job title, Responsible Use of Space Coordinator. She oversees the non-academic space, among other things, on the Thomson Rivers University campus. She focuses on the best use of the space in a responsible way. [6:07] In earlier roles, Audrey worked on the 2014 Tim Hortons Brier in Kamloops and was an Event Coordinator for the City of Kamloops. She also coordinated a Buskers Festival. Then she fell into risk management, and she's loving it. [6:28] Audrey joined the Risk Group at Thomson Rivers three years ago. She became a BC RIMS member and now serves on the chapter board. Audrey is on the organizing committee of the Coast to Coast Risk Management Legacy Challenge, working with the SA RIMS Chapter. [7:01] This is the Second Annual Coast to Coast Risk Management Legacy Challenge for Canada. They will try to outdo the premier year. The Challenge involves students in teams of four from universities across Canada. [7:31] The teams get a case study and compete for the top two spots. The top two teams will get a chance to present their findings at the 2025 RIMS Canada Conference, which will be in Calgary, Alberta, from September 14th through 17th. [7:50] This year, Ken Letander, Case Study Champion, owner and Founder of Strat First Inc., a Canadian risk management firm, has chosen the case study topic: Reporting, Set Aside, Spend: Indigenous business joint venture, ethical dilemmas, and program integrity benefits. [8:15] It's going to be a big draw. Audrey hopes lots of teams apply. Ken Letander and others will judge the entries. [8:45] Audrey describes the passion and thought that went into the submissions to the 2024 Coast to Coast Challenge. The winning submission developed a tool to measure health equity across the province. The tool was given to the Fraser Health Authority to use day-to-day. [9:35] The Coast to Coast Challenge is open to students across Canada. One of the members of the winning team last year changed her direction from business to risk management, because she had such a great experience at the conference and during the case study. [10:38] Apply to join the Coast to Coast Risk Management Legacy Challenge by May 24th. The case study will be assigned on May 30th. Each team submits a 10-page report. The judges will pick the top two teams to present at the RIMS Canada Conference 2025. [10:55] A link to the submissions page and contact information is in this episode's show notes. [11:16] Audrey's advice to anyone considering attending RISKWORLD 2026: “Know where you're going and how to get around the conference. Also, curate your sessions. There are a lot of options here. Pick out the ones that will have an impact on you and teach you something great.” [11:35] “There are so many networking opportunities. Take advantage of those. Get out there. Don't be afraid to try new things!” [11:39] RIMS Canada 2025 will be held from September 14th through 17th in Calgary. Registration will open soon. Audrey says, “Do it! The RIMS Canada Conference was a great opportunity to meet people and network!” [12:20] Plug Time! RIMS Webinars! We are back on May 22nd, with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [12:36] On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?” [12:47] On June 17th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. This session was rescheduled from May. If you were already registered, you do not need to take any action. [13:03] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [13:15] Spencer Educational Foundation's Grants program is starting soon. Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [13:34] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [13:55] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [14:05] On the 7th of October, the New Jersey RIMS Chapter will return to the beautiful Fiddler's Elbow Country Club in Bedminster, New Jersey, for their Annual Charity Golf/Pickleball Event. [14:18] Registration is open, and the event proceeds are used to fund the chapter's Spencer and Kids' Chance Scholarships. It was the filming location for the upcoming movie sequel, Happy Gilmore 2. For more information and to register, please NewJersey.RIMS.org. [14:42] My next guest was a panelist on several RIMS webinars. I was delighted to see her, so we could record this special segment live at RISKWORLD 2025. She is Lucy Straker. She is the focus group leader for U.S. Political Violence & Deadly Weapons Protection at Beazley. [15:00] We will talk about the trends she's seeing in her area of practice. [15:06] Lucy Straker, welcome to RIMScast! [15:29] In 2016, Beazley looked at the landscape as it relates to terrorism and active assailant events and realized that traditional insurance options weren't providing sufficient solutions for its clients. Beazley created a product and a marketplace around active armed assailant events. [16:02] Lucy says what you see in the media is a fraction of what's happening. The media report the biggest and worst events. The risk is far higher than what is reported in the media. [16:31] Violence and shootings have increased. People are now more aware of the risk and are trying to respond to it through insurance products and legislation such as California's SB-553, with much more focus on preventing these events from occurring. [16:54] We want to avoid workplace violence before it becomes something. A lot of clients think they already have coverage for workplace violence in their traditional general liability insurance. [17:19] Recently, general liability carriers have put exclusions on their products for AMB, firearms, weapons, or the expected or intended injury exclusion found in a traditional ISA form. [17:38] Lucy says clients need to be aware that there is a potential coverage gap. A misconception among clients is that none of them think they will have a shooting. They're in denial. When there's a shooting, you hear, “I never thought it would happen to me!” [18:03] We're at a stage where gun violence is so prevalent in the U.S. that you can't argue you didn't think something was going to happen. You have to plan and prepare for the worst-case scenario. [18:28] Lucy advises risk leaders to buy coverage to help them cover the gap. They do not have to be alone. With most shootings, there is a warning sign. There is a trail. There are things to do to prevent it. [18:52] As a company, protocols have to be embedded from top-down and bottom-up. The company has to communicate every plan and procedure to its employees. Employees have to be trained and retrained. This is not something they're going to be thinking about every day. [19:09] You have to engage with your security team. You have to screen people. You have to screen the company. You have to create a culture of reporting. People are not going to report something unless they feel comfortable reporting it. You need to have anonymous reporting. [19:24] You need to instill a culture in your company of “See something, say something, report it.” It could be someone coming in and acting funny, or someone posting on social media, “I'm going to go carry out a shooting.” [19:46] More often than not, if someone's going down a path to violence, there are signs. They don't just wake up one morning and say they're going to go carry out a shooting. There are warning signs, and we want to catch them before it becomes something more material. [20:13] There are different lines of coverage and ways that coverage can respond, such as active assailant forms. Think about your business and other areas of your business you might not have thought about. Lucy mentions the United Health Care CEO being shot off the premises. [20:38] It was a targeted event. Were there warning signs online by Luigi, the perpetrator? How can you identify those threats? Make sure you have risk management and preventive measures in place. Think of the litigious landscape. We're now seeing more nuclear verdicts. [21:02] People always want someone to blame. You've got to make sure that, if something happens, you're doing right by the people to try and eliminate and reduce that liability on the back end. [21:15] RIMS Plug! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through the 6th, 2025. This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world. [21:35] Guess what, folks! Registration is now open! The advance rate is available through May 16th. A link is in this episode's show notes. You can also visit the Events page of RIMS.org to register. We look forward to seeing you in Texas! [21:51] Let's Move to My Final Guest, François Beaume, The SVP for Risks and Insurance at Sonepar and the VP of AMRAE (The Association for Corporate Risk and Insurance Management)! [22:16] François Beaume is here to discuss the findings of the 17th Edition of the RMIS Panorama that AMRAE produces in association with and with the support of several groups, including RIMS. [22:36] François Beaume, welcome back to RIMScast! [23:02] AMRAE has the 17th Annual Edition of the RMIS Panorama available. In 17 years, the most significant evolution in risk management information system offerings has been the integration of advanced technologies like AI, automation, and data visualization. [23:57] These add-ons transform the software from a pure data management tool to a much more sophisticated platform that provides productive analyses and real-time risk monitoring to enhance decision-making capabilities and processes in a wider scope of topics. [24:40] Panorama is a collection of surveys. One survey focuses on vendors and one survey focuses on risk managers. François says there is still room for improvement in this solution. Progress has been made on flexibility and integration capability, with changes to come. [25:12] François sees a need to guarantee the success of such solutions, train users, and provide support to users to streamline how they use the system. Vendors receive feedback to provide customizable solutions, enhanced integration capability, training, user clubs, and more. [26:07] Interconnection is a key area of these tools. With APIs, modular architecture, and code-based solutions, more and more, these tools can connect with other risk management information systems. Some corporations have several risk management systems. [26:45] There are more and more interconnected features in these systems, to allow the risk manager and all the teams involved in the use of the risk management programatics to extract the most important benefits from the use of the tool. [27:04] ESG is a key area where this matters more and more. In Europe, there is a strong push for ESG compliance that requires corporations to gather and manage a huge volume of data that, when organized, is helpful to fuel the risk management processes. [27:33] The report evaluates 52 solutions in four functional categories, covering 17 functional modules and 14 technical modules to allow you to compare and assess the value of the solutions and if they are compatible with your company's technology for audit, risk, and more. [28:22] AMRAE is looking at the functional scope and the depth of the features that are offered. Is the scope well-covered? They are looking at technical capabilities; is it easy to integrate a solution? Is it scalable? How is the user interface? What can the admin customize? [28:45] AMRAE also gathers user feedback and testimonials from using a given tool in real life. That feedback provides robust data capabilities, seamless integration capabilities, and more user-friendly interfaces that will benefit the users of the tool. [29:36] RMIS vendors use AI in predictive analytics of historical data. Risk management is gathering and dealing with historical data linked to risk management topics to anticipate future risks. [29:59] Vendors use AI to automate workflows and streamline data from the field and validation from the stakeholders, reducing manual intervention and increasing confidence in the data quality. All data will be analyzed more easily with AI and integrated into interactive dashboards. [30:34] Dashboarding has improved over the past year to provide more interactive dashboards for better risk insights and risk decision-making processes. [31:10] François has advice for risk managers looking for RMIS software. His most valuable advice is to use the RMIS Panorama. It's freely available to anyone. You can get it in French or English. Besides the Panorama PDF, there is an online platform that allows customization. [31:48] The entire data set from the vendor and risk manager surveys is freely available online. You can customize your analytics of the data based on your use case. [32:32] François speaks of captives and the evolving reinsurance market. The market today is favorable toward captives, a powerful tool for improving corporate risk management and the way corporations are living with ESG. There is a strong push in Europe for captives. [33:22] François has seen the creation of about 20 captives in France. Corporations need captives in the risk management process and risk financing optimization. [34:00] Special thanks again to all of our guests and all of the RISKWORLD attendees who made this year's RISKWORLD Conference so very special. Links to RISKWORLD coverage are in this episode's show notes. [34:13] Mark your calendars for May 3rd through the 6th, and join us at RISKWORLD 2026 in Philadelphia. [34:20] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [34:49] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [35:06] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [35:24] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [35:40] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [35:54] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [36:01] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. ERM Conference 2025 — Call for Submissions (Through May 20) RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Dates RISKWORLD 2025 — Show Daily! [Bottom of page] 2025 Coast-To-Coast Risk Management Challenge — Applications Open Through May 23 AMRAE RMIS Panorama 2025 New Jersey RIMS Spencer Golf/Pickleball Outing — Oct. 7 Global Trio of Risk Leaders Inducted Into RIMS Risk Management Hall of Fame RIMS Webinars: RIMS.org/Webinars “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | June 17, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: CBCP & RIMS-CRMP Exam Prep Virtual Bootcamp: “Mastering Business Continuity & Risk Management” | May 19‒22, 2025 | In Collaboration with DRI International Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “RIMS 2025 Risk Manager of the Year, Jennifer Pack” “Risk and Leadership Patterns with Super Bowl Champion Ryan Harris” (RISKWORLD 2025 Keynote) “(Re)Humanizing Leadership in Risk Management with Holly Ransom” “Risk and Relatability with Rachel DeAlto” “Live From RISKWORLD 2024!” “The Rise of RMIS with AMRAE's VP, François Beaume” (2019) Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Audrey Trim, BTM, Responsible Use of Space Coordinator, Risk Management, Risk and Safety Services, Thomson Rivers University BC RIMS Board Member Lucy Straker, Focus Group Leader U.S. Political Violence & Deadly Weapons Protection, Beazley François Beaume, SVP Risks and Insurance, Sonepar, VP AMRAE, [Association for Corporate Risk and Insurance Management] Production and engineering provided by Podfly.
This is a guest podcast from our good friends at the Health Association of Southern California. Our friend and longtime sponsor Gerry Blass speaks with Hospital Association of Southern California's (HASC) Adam Blackstone about governance, risk and compliance (GRC) in health care. With decades of experience in information technology, Blass shares how privacy and security risks have spiraled over time.
Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
On this episode:- We run down the Tuesday Scoreboard - Plus the GRC & GRC West crown conference Track & Field championships- Local tennis teams look to move on to Wednesdays district title match.*Want to thank our year long sponsors Tolly & Associates, Little Caesars of St. Joseph, John Anderson Insurance, Meierhofer Funeral Home & Crematory, Musser Construction, HiHo Bar & Grill, Jayson & Mary Watkins, Matt & Jenni Busby, Michelle Cook Group, Russell Book & Bookball 365, The St. Joseph Mustangs, B's Tees, KT Logistics LLC., Hixson-Klein Funeral Home, James L. Griffith Law Firm of Maysville, Toby Prussman of Premier Land & Auction Group, Barnes Roofing, The St. Joseph School District, HK Quality Sheet Metal, Redman Farms of Maysville, Melissa Winn, Amber & Anthony Henke, Adams Bar & Grill, Green Hills Insurance LLC., Cintas, Thrive Family Chiropractic, IV Nutrition of St. Joseph, J.C's Hardwood Floors, Roth Kid Nation, Serve Link Home Care out of Trenton, Barnett's Floor Renewal LLC., Balloons D'Lux, B3 Renovations, Gabe Edgar, KC Flooring & Drywall, C&H Handyman Plumming, The Hamilton Bank member FDIC, Wompas Graphix & Embroidery of Liberty, The Tabor Family, Ellis Sheep Company of Maysville, Bank Northwest of Cameron, Akey's Catering & Event Rentals, Brown Bear of St. Joseph, Whitney Whitt Agency of Hamilton, Wolf Black Herefords, The KCI Basketball Podcast & Jacob Erdman - Shelter Insurance of Rock Port, Rob & Stacia Studer, Green Family Chiropractic , Annie & Noah Roseberry of Re/Max Professionals, Moseley Farms, Jake Anderson of Shelter Insurance & Bray Farms of Cameron.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner of YL Ventures. Their sponsored guest is Jadee Hanson, CISO of Vanta. In this episode: Find a partner to work with Fixing the root of burnout The limitations of human vigilance Balancing openness and control Thanks to our sponsor, Vanta. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
On April 16, the UK Supreme Court handed down a judgement determining that the terms “man," “woman,” and “sex” in the Equality Act 2010 refer to biological sex (not gender identity). After years of fighting for the return of women's sex-based rights, the group For Women Scotland succeeded in winning their case brought against the Scottish Ministers. Going forward, a man identifying as a “woman” or a “transwoman,” even with a gender recognition certificate (GRC), will not be considered female under UK law, and therefore will not be permitted into women-only spaces such as bathrooms, prisons, change rooms, and shelters.Meghan Murphy speaks with Susan Smith, a founder of For Women Scotland, about the group, their fight, and what this win means for women in the UK.The Same Drugs is on X @thesamedrugs_. Meghan Murphy is on X @meghanemurphy and on Instagram @meghanemilymurphy. Find The Same Drugs merch at Fourthwall. Use the Code: Murphy20 for 20% off at TheTruthFits.com.
In this RSAC 2025 episode, Sean Martin sits down with Steve Schlarman, Senior Director of Product Management at Archer Integrated Risk Management, to explore how organizations are rethinking compliance and risk—not just as a box to check, but as a business enabler.At the center of the conversation is Archer Evolve, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company's post-RSA independence, Evolve aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.One standout capability comes from Archer's integration of Compliance.ai, a regulatory tech firm the company acquired to accelerate its transformation. By applying AI tuned specifically for the language of compliance, Archer can now help customers reduce review time per regulatory obligation from 100 hours to just a few. That's more than a productivity gain—it's a structural shift in how companies adapt to nonstop regulatory change.Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.This episode isn't just about software or frameworks. It's about what happens when governance becomes a driver of value, not just a reaction to fear.Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.Learn more about Archer Integrated Risk Management: https://itspm.ag/rsaarchwebNote: This story contains promotional content. Learn more.Guest: Steve Schlarman, Senior Director, Product Management, Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin and his guest, Jennifer Pack, RIMS 2025 Risk Manager of the Year, discuss her career and achievements, including Hyatt's VP of Risk Management. Jennifer describes how her membership in the RIMS Chicago Chapter and service on the Board impacted her career. Jennifer helped align Hyatt's risk strategies with its evolving business model to ensure resilience in today's complex environment. Leading nearly 40 professionals, Jennifer's leadership and innovative risk solutions have helped strengthen Hyatt's risk management framework, to proactively identify risks and develop strategies to address them. Jennifer successfully redesigned and centralized Hyatt's Short-Term, Long-Term Disability, and Workers' Compensation programs, reducing manual processing by up to 80,000 hours, improving compliance, and reducing legal exposure. It is linked to millions of dollars in savings. Under her leadership, Hyatt's risk management team is overhauling Hyatt Hotels' fire safety with the first-of-its-kind Fire Life Safety Compliance and Governance Program, setting a standard for the organization and industry. The initiative includes the implementation of new technology, as well as auditing the 1,450 Hyatt hotels in 79 countries. Jennifer is a beloved mentor who has had an impact on many careers. She continues to demonstrate her commitment to advancing the risk management profession as an active member of the RIMS Chicago Chapter. Jennifer's innovations may inspire your work for your organization's ERM program. Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. It is one of my favorite episodes to produce, with the Risk Manager of the Year. This year's honoree is Jennifer Pack, Hyatt's Vice President of Risk Management. We will talk about her success in ERM, captives, and more. [:48] RIMS-CRMP Workshops! RIMS is co-hosting an intensive four-day program which is your gateway to achieving two prestigious certifications, the DRI Certified Business Continuity Professional (CBCP) and the RIMS Certified Risk Management Professional (RIMS-CRMP). [1:08] This workshop will be held from May 19th through the 22nd in collaboration with DRI International. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:23] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM” and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:40] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:51] We're at RISKWORLD this week but preparations are already underway for the RIMS ERM Conference 2025 on November 17th and 18th in Seattle, Washington. RIMS is accepting educational session submissions through May 20th. [2:08] The best submissions will address current and future challenges facing ERM practitioners as well as provide leading practices and concrete takeaways for a diverse audience of risk professionals from industries or organizations of varied sizes, disciplines, functions, and roles. [2:26] These include officers, leaders, managers, and students. The link to the submission form is in this episode's show notes. [2:35] While you are at RISKWORLD, be sure to take away some inspirado and channel it into an educational session submission for the RIMS ERM Conference 2025. Of course, mark your calendars for November 17th and 18th and I'll be sure to alert you when registration opens. [2:55] The RIMS Risk Manager of the Year Program aims to raise the profile of the risk profession and the outstanding programs the honorees have implemented within their organizations. [3:04] The award was created in 1977 and the Risk Management Honor Roll was added in 1981. The 2025 RIMS Risk Manager of the Year is Jennifer Pack of Hyatt. [3:16] As VP of Risk Management, Jennifer has transformed risk management at Hyatt, embedding a culture that has provided a launchpad for organizational success. Her innovations in captive management also earned her this award. [3:28] Jennifer is a long-standing member of the RIMS Chicago Chapter and an all-around fantastic professional. Her profile will soon appear in the Awards Edition of RIMS Risk Management magazine. [3:40] Jennifer will receive the award on May 5th at 4:00 p.m., on the main stage at RISKWORLD. We're going to get to know her a little bit now. We'll talk ERM, captives, Chicago RIMS, hotel and hospitality, and more. [3:57] Interview! RIMS 2025 Risk Manager of the Year, Jennifer Pack, welcome to RIMScast! [4:34] Jennifer has been at Hyatt, for going on 18 years. She can stay at any hotel she would like! [5:03] Some people like to leave their jobs every few years for a new company and skills. Jennifer's career at Hyatt has been an adventure! She hasn't been doing the same thing for 18 years. Every couple of years, she gets new roles and responsibilities. She's constantly learning. [5:24] She has a foundation of knowing whom to go to, what the systems are, and how to get things done. There's a base familiarity but with some excitement and learning opportunities. [5:36] If the feeling of being able to learn and grow ever stops, Jennifer will think about leaving. She's enjoying her time. It seems like she's working or a new company all the time. They're transforming. They're changing. The risk landscape is changing. There's never a dull moment. [5:56] Justin feels the same way about working at RIMS! He started as a writer but then got these responsibilities and they took on sort of a life of their own and attracted more of an audience. It's more work, but it's more fun and rewarding. [6:25] Jennifer joined Hyatt in a group called Compliance and Controls. She was hired to set up their Sarbanes-Oxley department. In reaction to the financial crisis after the downfall of Arthur Andersen and Enron, Sarbanes-Oxley was born and Jennifer became an expert on it. [6:58] Jennifer launched that group and then it was moved into Internal Audit where they were exposed to a lot more people and systems. Jennifer had the opportunity to backfill someone in the Risk Management department and never left. She's been in the risk function for 15 years. [7:30] When Jennifer joined the risk group it had seven risk practitioners in the corporate office. There were five or six Occupational Health Managers in the field, helping with Workers' Compensation and occupational safety. There are over 35 full-time members now. [8:09] They've taken on new roles in the 15 years: physical security, business resilience, fire life safety compliance, and other health and safety functions in the company. They could probably use a few more people but they're doing well. [8:38] The risk profile of the company has changed. The geopolitical risk profile of the world has changed. Hyatt's offerings have changed. They used to be mostly business, group, and convention, and now they lean into leisure, travel, and all-inclusive, which have different risks. [9:16] Hyatt has tripled its resort rooms and quintupled its lifestyle rooms since 2017. A lifestyle room is about meeting clientele where they are. Millennials want to travel the world and experience the environment, such as an attached nightclub in Miami or New York. [9:55] They're unconventional hotels with the framework of a well-known brand, where guests have comfort, safety, security, cybersecurity, and loyalty points while feeling like they're in a niche hotel with great and different experiences. It feels like a boutique, attached to the brand. [11:06] Social inflation is a risk. Liability insurance has gone up because claim payouts have gone up tremendously. Claim attorneys are targeting hospitality. [12:12] Hyatt is thinking globally about health, safety, and security, making sure policies are locked down, training is locked down, and people know how to report an incident, and when to report it. How do you de-escalate an incident to win the guest back? [12:36] Saying, “I'm sorry that happened to you. Here are some points. We care about you,” reinforcing that, versus saying, “Let my insurance company deal with it.” That's the last thing we want. If our guests had a bad incident, they had a bad experience. [12:51] Especially if you're traveling on leisure with your family, you want to know that you'll be taken care of. There's an expectation that you're going to be safe and secure. Hyatt wants to make sure to bring the level of care to them that they deserve. [13:07] Hyatt is working on the front end to retrain employees on ramping up safety and security measures and knowing how to respond when an incident happens. [13:18] Then, if it gets into the claims section, the claims management team has new robust processes to manage claims to drive down exposure. On the insurance procurement side, Hyatt is leaning into its captive to take on much higher retention in-house. [14:09] Hyatt is asking leadership in the field to bring education and awareness to the importance of risk management, what's at risk, and what the current legal environment is, and overlay that with wanting to care for people. Hyatt cares about the guest experience. [14:43] This is a macro-level environment. If you have litigation system abuse across the country, what are insurers doing about it? What are brokers doing about it? What are corporations doing about it? [14:56] Jennifer gets with her peers in the hospitality industry, working in their respective associations, to address these issues at the state and federal levels, change laws, and push for tort reform and disclosures of litigation funding. [15:28] Hyatt has partnered with the American Lodging and Hospitality Association and is considering partnering with insurance companies. You can't just hope someone else will take care of the problem. It's a much bigger problem that we all need to address. [16:06] Justin points out that third-party litigation funding is one of the top initiatives and campaigns for RIMS this year. RIMS recently had the Legislative Summit in Washington, D.C., where third-party litigation funding was a top priority. It was a top RIMS talking point on the Hill. [16:38] Jennifer says Hyatt and the hospitality industry are in with RIMS on the issue of third-party litigation funding. If it continues, guests are going to have to pay more for a stay and for the experiences they want to have as rising risk costs are passed to the consumers. [17:04] Plug Time! RIMS Webinars! We are back on May 22nd, with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [17:22] On May 29th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?” [17:44] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [17:55] Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [18:16] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [18:36] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [18:46] On the 7th of October, the New Jersey RIMS Chapter will return to the beautiful Fiddler's Elbow Country Club in Bedminster, New Jersey for their Annual Charity Golf/Pickleball Event. [18:59] Registration is open and the event proceeds are used to fund the chapter's Spencer and Kids' Chance Scholarships. It was the filming location for the upcoming movie sequel Happy Gilmore 2. For more information, and to register, please NewJersey.RIMS.org. [19:21] Let's Return to My Interview with RIMS 2025 Risk Manager of the Year, Jennifer Pack! [19:47] Hyatt put a captive in place in 2013. Back then, Hyatt had huge insurance cost swings year-on-year that they couldn't forecast. It created a lot of “noise” on the balance sheet. They originally put the captive in place to take away that noise and remove wild cost volatility. [20:38] Over time, Hyatt started to see success and build up a surplus they saw the value of a captive, especially as market conditions changed. They brought in additional forms of insurance coverage with traditional deductible buy-downs with workers' compensation and GL. [21:04] They started to see the surplus build up and they were able to give some of the surplus back to the participants and drive down their premium cost. [21:14] In the pandemic, the hospitality business came to a halt. Before the pandemic, Hyatt's average occupancy around the world was over 75%. In April 2020, it dropped to 6%. The owners of Hyatt were under extreme pressure. [21:43] Jennifer had an extra surplus in the captive and was able to give relief to the owners and to the company in that year and the next couple of years. Claim volume went down due to lower occupancy. Hyatt used some of that cash to fund large acquisitions. [22:19] That's when Hyatt saw social inflation in gaps in coverage. There was no coverage for a pandemic. Through the captive, Jennifer was able to offer that coverage to the owners. She offered wages and hours insurance to the owners. [22:48] Coming out of COVID-19, with the impact of social inflation, the captive took on larger line sizes and larger layers in its umbrella tower. They had some acquisitions in cyber. They bought the Apple Leisure Group. [23:36] In a lot of those services, Hyatt isn't providing the service but is almost like a travel agent, connecting you to the hotel, airline, or excursion. If there is an incident, the third party has the coverage. Hyatt has exposure for connecting you to the service. [24:01] Hyatt had to get creative with coverage for these new exposures, working with broker partners to fill those gaps. They did it largely with the captive, buying time until they could get a traditional product in place. [24:17] With the captive, Hyatt filled gaps, helped grow the business, and used it as a business enabler, providing cash, relief to owners, and coverage that may not have been commercially available, either to buy time or permanently fill a gap. It's been fun! [24:53] Jennifer regularly changes which hat she wears. As the captive President, she has to look at what Hyatt is doing to protect the captive and make sure it's adequately funded and complies with regulations. From a governance perspective, is Hyatt doing the right things? [25:21] Jennifer regularly brings in third-party experts to check the captive. Jennifer's decisions as President of the captive are through the lens of the captive and as the owner of this business, what they are doing to grow revenues, manage expenses, and keep an adequate surplus. [25:44] The captive doesn't run razor-thin. To have a forward-looking approach, it needs to have an adequate surplus, reserves, and cash in the captive. They're very conservative in protecting it. [26:06] From a corporate risk management perspective, when Hyatt needs to buy insurance, Jennifer asks, can we buy it from the captive? She sometimes has tough conversations with Hyatt about borrowing versus driving up investment income to protect everyone's interests. [26:37] Jennifer has to keep top-of-mind, which lens she's looking through, whether President of the Captive or Hyatt Vice President of Risk Management. She wears two hats, managing all the key stakeholders' needs and wants. [27:17] Some of the stakeholders are Hyatt, third-party owners, the corporation itself, and guests and colleagues with short-term and long-term disability and medical, adding value for the benefits team so they don't have to go to third parties for that insurance. [28:27] As the Captive President, Jennifer is looking at loss and expense ratios, reserve to operating ratios, surplus to premiums, and surplus to reserves, making sure that they're within the set ratios. They shoot for three to one. Anything above that number can go to participants. [29:09] They won't go below three to one so they are capitalized for future unexpected losses or to back up future business growth. Jennifer believes Hyatt is unique in having those ratios and guards in place. Jennifer is looking forward to future needs. [30:15] The captive evaluates from time to time whether to change the ratios to five to one or four to one. In the liability space, claims are growing. Some of the demands are wild and the settlements reached or not reached are eye-opening! [30:46] Jennifer explains the global risk management claims software that is now also used for incident reporting to the risk department. They look at data from all incidents and are seeing a trend and looking to what could come down the pike and new coverages they may need to offer. [31:44] The technology is supporting the department and overall risk management strategy. The captive is benefiting through better data on what's happening out there so they won't get blindsided by unusual trends that aren't yet seen in the claims. [32:19] Technology helps the captive to build out platforms to manage compliance, safety, and security in the environment. [32:28] The more data insights and comfort Jennifer has over the Health, Safety, and Security diagnostic at each property, region, and the globe, and overlays those with risk assessments Hyatt does, the more comfort she can get to take on more risks knowledgeably in the captive. [33:15] RIMS Plug! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through the 6th, 2025. This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world. [33:34] Guess what, folks! Registration is now open! The advance rate is available through May 16th. A link is in this episode's show notes. You can also visit the Events page of RIMS.org to register. We look forward to seeing you in Texas! [33:50] Let's Conclude Our Interview with RIMS 2025 Risk Manager of the Year, Jennifer Pack! [34:04] Jennifer Pack is the RIMS Risk Manager of the Year 2025 and she has been such a wonderful guest. This episode is coming out the morning of the awards. We will see her onstage, for anyone who has the privilege of being there. [34:19] Jennifer is honored, excited, and a little nervous to be onstage at RISKWORLD for the award. A lot of the RIMS Chicago members will be there. Jennifer has a wonderful Chicago-based team that will be there. Jennifer's parents and her husband are coming. [36:26] Jennifer says moving up the ranks at Hyatt and RIMS Chicago has been a fun and wild ride! The growth in her career, switching from being a Public Accountant to Auditor to Risk Manager has been fun with a lot of learning. [36:54] Jennifer tries to lead and grow with optimism, fun, and humor. She's been able to grow and develop a team under her. It's been a really interesting 18-year adventure. [37:11] Once Jennifer was exposed to RIMS, it opened her eyes to the wealth of resources, friendship, collaboration, and knowledge-sharing. It's been such an excellent experience for her. She couldn't be prouder of the Chicago Chapter and the great things they do to develop talent. [37:43] Jennifer says since COVID-19, it's been wonderful to see the number of people who attend the outings and forums. It's great to have such a great community and seeing them regularly is impactful. [38:06] Jennifer is Risk Manager of the Year. The Rising Star is Megan Smalter, who has had a wonderful time with the Chicago Chapter before moving to New York. In her role on the RIMS Chicago Chapter Board, and when she ran the Golf Outing, Jennifer has worked with Megan. [38:45] Julie Bean won the Heart of RIMS Award recently. Jennifer says it's great to have the bench of expertise of long-standing members in the Chicago Chapter. Jennifer learned from them personally and in professional settings. They're great for sharing ideas and working with. [39:36] Jennifer also mentioned Theresa Severson who was RIMS 2023 Risk Manager of the Year, with Kite Realty. There's a lot of talent and deep risk knowledge in the RIMS Chicago Chapter. There's a genuine camaraderie. [40:30] Jennifer looks ahead to see companies leaning into the concept of full risk management philosophy. Risk management is so much more than just the insurance buyers. [40:45] Risk management is “How can we bring a risk management mindset to our enterprises? How can we be business enablers? How can we leverage the wealth of data and information that comes through our department to enable mindful growth in the business?” [41:05] It's “How can we help with ESG efforts, especially with the reporting? How can we mitigate risks to the company and not just to our financial tools of insurance? What can we do in loss prevention or mitigation?” [41:26] “What can we do in claims management with more expertise, as things heat up on the litigation side with social inflation and nuclear claims?” Jennifer sees Hyatt and other companies taking more risks in the captive's or balance sheet to offset what's happening.” [42:10] Risk managers are going to have to articulate that and bring solutions to the forefront of their companies. Jennifer is excited about the future. She's looking forward to launching and rolling out more technology solutions as Hyatt leverages all its data. [42:57] Jennifer knows her team can have a lot of positive impact on the organization and she's excited about it. [43:08] Special thanks and congratulations again to Jennifer Pack, the RIMS 2025 Risk Manager of the Year. A link to RISKWORLD coverage is in this episode's show notes via the Show Daily. [43:20] That will update this episode's show notes with a link to the RIMS Risk Management Magazine coverage in our special Awards Edition. More honorees from RISKWORLD will join us here on RIMScast soon. [43:35] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [44:03] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [44:21] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [44:38] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [44:55] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [45:09] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [45:17] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. ERM Conference 2025 — Call for Submissions (Through May 20) RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Dates Press Release: “RIMS Risk Manager of the Year Goes to Hyatt's Jennifer Pack” RIMS Webinars: RIMS.org/Webinars “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | May 29, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: CBCP & RIMS-CRMP Exam Prep Virtual Bootcamp: “Mastering Business Continuity & Risk Management” | May 19‒22, 2025 | In Collaboration with DRI International Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Risk and Leadership Patterns with Super Bowl Champion Ryan Harris” (RISKWORLD 2025 Keynote) “(Re)Humanizing Leadership in Risk Management with Holly Ransom” “Risk and Relatability with Rachel DeAlto” “RIMS Risk Manager of the Year, Steve Robles, Los Angeles County” (2024) Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RIMS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Jennifer Pack, VP of Global Risk Management, Hyatt Corporation Production and engineering provided by Podfly.
RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We're working on it.” That exchange captured the spirit of the entire event — security is not a destination, it's an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward. ___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin and his guest, Kirti Mutatkar, discuss Kirti's journey to become President & CEO of UnitedAg and President of HCAA. Kirti speaks of her master's degrees in microbiology and finance, and how they work together in healthcare risk. Justin and Kirti explore stress awareness and mental health awareness and how these issues are managed at UnitedAg. Kirti tells how she wove attention to compassion and empathy into the fabric of healthcare administration at UnitedAg, and what that means for the financial success of the organization. She notes the significant growth of UnitedAg under her leadership, and how the scientific method of experimentation played a major role in that growth. Kirti shares her advice for leading healthcare with compassion, and the roles supervisors and managers can play in looking for tell-tale signs of mental health needs. Listen to Kirti's leadership wisdom that may work in your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Registration is open for RISKWORLD 2025. Engage Today and Embrace Tomorrow with RIMS, from May 4th through May 7th in Chicago, Illinois. Register at RIMS.org/RISKWORLD. [:25] After you register, visit your App Store, search for RIMS Events, and download the RIMS Events App. Select RISKWORLD 2025, load the show onto your phone, and start building your RISKWORLD itinerary! [:41] About this episode of RIMScast. We will talk about healthcare risk and mental health awareness with Kirti Mutatkar, CEO and President of United Ag and the President of the Health Care Administrators Association. We're going to get a unique risk philosophy, today. [1:13] RIMS-CRMP Workshops! RIMS is co-hosting an intensive four-day program which is your gateway to achieving two prestigious certifications, the DRI Certified Business Continuity Professional (CBCP) and the RIMS Certified Risk Management Professional (RIMS-CRMP). [1:33] This workshop will be held from May 19th through the 22nd in collaboration with DRI International. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:48] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM” and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [2:05] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:16] RISKWORLD registration is open. Engage Today and Embrace Tomorrow, from May 4th through 7th in Chicago. The opening Keynote has been announced. It's official. Martha Stewart will kick things off in the Skyline Ballroom, on May 5th. Register at RIMS.org/RISKWORLD. [2:35] Also, remember that there will be lots of pre-conference workshops being held in Chicago just ahead of RISKWORLD. These courses include “Applying and Integrating ERM,” “Captives as an Alternate Risk Financing Technique,” and more! The links are in the show notes. [2:51] The Spencer Educational Foundation is having a Flash Sale for sponsorships at RISKWORLD! Sponsorship pricing has been reduced for the Spencer-CNA Pickleball Social on Saturday, May 3rd, and the Spencer-Gallagher Golf Tournament on Sunday, May 4th. [3:10] Sponsorships are still available for the Spencer-Sedgwick 5K Fun Run on Tuesday, May 6th. Visit Spencered.org/riskworld2025 to learn about these opportunities and more. Also, reach out to Spencer's Executive Director Megan Miller at MMiller@Spencered.org. [3:32] April is Stress Awareness Month and May is Mental Health Awareness Month. I wanted to get a fresh perspective through a risk management or risk-management-adjacent lens, which is why I reached out to today's guest. [3:49] Kirti Mutatkar is the President and CEO of UnitedAg in California and also the President, serving a two-year term, of the Health Care Administrators Association not for profit. [4:01] We will learn about her fascinating career journey and how leading with empathy has reduced turnover and retained value at UnitedAg. [4:10] Interview! Kirti Mutatkar, welcome to RIMScast! [4:37] Kirti came to the U.S. to do her Master's when she was 20. She was going to study microbiology and do her PhD in genetics and biotech. Her circumstances changed and she explored getting an MBA. She got a Master's in finance. This was in Connecticut. [5:15] Kirti moved to California and looked for work. She applied at UnitedAg, to work for “a year or two.” Each year since then, UnitedAg has grown like crazy, with many innovations. Kirti has never felt that she has been there so long, she could do it in her sleep. [6:06] For Kirti, it's exciting every day to come to work. She was the CFO and transitioned 10 years ago to become the CEO. [6:25] Kirti was a member of HCAA for several years and is now President for a two-year term. The HCAA is very aligned with Kirti's thinking. She learns something with every conference she attends and every board meeting. [7:36] Kirti says, if everybody in the room feels it's their idea, and it's because of them we have succeeded, and you know you've played a role in that, that's success. [8:02] Kirti says a microbiologist, or any scientist, is constantly running experiments, and learning from experiments. Kirti says UnitedAg is a lab. HCAA is a lab. They're testing out things and trying to see what works and what does not work. [8:36] You understand the risks to the healthcare industry at a deeper level by doing experiments. You watch the results and you learn from them. You create feedback loops and grow. [8:53] Under Kirti's leadership, UnitedAg has tripled in size over the last couple of years, based on experimentation, learning, and adapting. That's what being a science student had taught her. [9:14] From the finance standpoint, in the position of impacting change, just looking at the financial statements and getting a quick picture of what's happening, was one of the best things Kirti could have done for herself in the role of CEO. [9:39] As a CEO, you have a strong CFO behind you. Understanding from a financial standpoint and a risk standpoint what that risk means to the financial, has been a big part of Kirti's success at UnitedAg. Her knowledge of science and finance works well for her organizations. [10:15] UnitedAg has around 110 employees. It has an underwriting department for its health plan. [10:45] Kirti believes her interest in the scientific method of testing hypotheses relating to the human side of risk and finance is what she brings to UnitedAg. [11:25] Kirti explains her upcoming plans for underwriting models for employer group risk and administrative costs. She is testing out opening the books, educating, and working with employer groups. [12:33] With Mental Health Awareness Month in May, Kirti discusses mental health in the agricultural community. She has been thinking of this since COVID-19. Ag workers did not have the choice of working from home. They were out in the fields. [13:15] There was a lot of uncertainty around what COVID-19 meant. In 2020, the need surfaced to provide some form of benefit for mental health. Culturally, in the ag industry, there is a stigma around mental health care. There is a lot of stress in production agriculture. [13:54] Kirti decided to run an experiment. She proposed to the board to use some of the innovation dollars set aside to offer a mental health benefit free of cost to all the members, with no copays and nothing going to the deductible, and doing it for one year. [14:28] It was a huge risk. They didn't look at the financial impact. They said, there's a need for mental health; let's do it for a year. They offered it and it became a huge impact. [14:56] A lot of people did seek out that benefit and used it. UnitedAg used Care Navigators to see what level of care a member's need was, and based on that need, provide that care. They found that some needed much care but more of the risk is in the early stages of need. [15:59] In the earlier stages, individuals may not realize they need care. Kirti stresses identifying the initial need for mental health care. Providing care initially can prevent chronic conditions. Not just for health plan cost, but from a human standpoint, you don't want that to go there. [16:33] UnitedAg spends a lot of time understanding mental health. Are you just having an anxious day today or are you having chronic anxiety? With the Chief Medical Officer, UnitedAg is spending time determining the tell-tale signs of anxiety to identify and help people with it. [16:59] Free access to mental health care, using Teladoc, Spring Health, other vendors, and the Member Advocacy Department at UnitedAg can be as simple as getting on a call and talking through anxiety, whether it's caused by environmental issues like flooding, or other stresses. [18:14] Kirti says UnitedAg is seeing anxiety around ICE deportations as labor is a big part of agriculture. There are a lot of people who come to work in the ag industry and then go back home. [18:39] Employees have anxiety over whether they will be there tomorrow. Employers have anxiety over whether they'll have access to labor tomorrow. [19:12] Uncertainty creates anxiety. The ups and downs of life create anxiety. [19:28] Plug Time! RIMS Webinars! Zurich's webinar, “Understanding Third-Party Litigation Funding” will be held on May 1st at 1:00 p.m. Eastern. Then RIMS takes a little break from webinars. [19:43] On May 22nd, webinars are back with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [19:55] On May 29th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?” [20:17] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [20:29] Spencer Educational Foundation will be present at RISKWORLD 2025. Spencer's Grants Program is starting soon. [20:38] Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [20:51] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [21:14] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [21:25] On the 7th of October, the New Jersey RIMS Chapter will return to the beautiful Fiddler's Elbow Country Club in Bedminster, New Jersey for their Annual Charity Golf/Pickleball Event. [21:37] Registration is open and the event proceeds are used to fund the chapter's Spencer and Kids' Chance Scholarships. It was the filming location for the upcoming movie sequel Happy Gilmore 2. For more information, and to register, please NewJersey.RIMS.org. [21:59] Let's Return to My Interview with Kirti Mutatkar! [22:07] Justin remarks on Kirti leading with compassion and empathy. Both at HCAA and as CEO of UnitedAg, she puts humans at the center. People remind her it's a business, but she has found that using compassion and empathy has an impact on real numbers. [23:26] Kirti reminds people she has a degree in finance and is a businessperson. UnitedAg has tripled in size. It is a quarter-billion-dollar trust. Its admin costs are very low and its loss ratio is very low. It's done very well financially. [23:53] Kirti makes a decision based on the financial aspect of it and then fits in the compassion and empathy. Eventually, compassion has a big impact on the financial. Now at HCAA, people are looking at how compassion translates into numbers. UnitedAg is a perfect example of it. [24:52] Some people may want to look at it purely from a business standpoint. Kirti feels that adding compassion and empathy manages the risk factor and has a financial impact. It's better for your business than you think it is. It's not a fluff word, you can show it in numbers. [25:52] Kirti is part of the Claims Committee at UnitedAg. Appeals come in and they make decisions on what can or cannot be approved. There is legal representation, client representation, and financial representation. Kirti shares an example of a mental health appeal. [26:41] The appeal was denied and Kirti listened to the compliance and financial positions for why it was denied. She didn't feel right about it, and after the meeting, she reached out to the employer. Then she came back to the committee and asked them to rethink it. [27:34] The committee found a solution within the compliance needs, to approve the claim. In the future, that employer will be apt to renew with UnitedAg because trust was created and help was provided to the employee. It was a financial decision that started with compassion. [29:16] UnitedAG's customer retention is over 90%. That speaks for itself. [29:26] RIMS Plug! From Ryan Harris, upcoming Keynote on the Main Stage on May 6th at RISKWORLD 2025, “Greetings RIMS members and global risk professionals! I'm Ryan Harris, Champion of Super Bowl 50, best-selling author, and award-winning broadcaster. [29:46] “I'm thrilled to be your Main Stage Keynote for RISKWORLD 2025, where we will discuss the transformative five steps to building a championship team and leading to winning! You can learn more about me and my story by listening to RIMScast. [30:01] ”And more than anything, make sure to register for RISKWORLD 2025 by visiting RIMS.org/riskworld. I'm so thrilled to see you and I'm looking forward to us building together so that you can reach your greatest success!” [30:16] Thank you, again, Ryan. We look forward to seeing you at RISKWORLD 2025 on May 6th. A link to Ryan's episode of RIMScast, #325, is in this episode's show notes. Get a preview of the Super Bowl Champion and remember to register for RISKWORLD 2025. [30:33] Let's Return to the Conclusion of Our Interview with Kirti Mutatkar! [30:46] Kirti says that bringing mental health into the Enterprise Risk Management strategy starts with the HR department. UnitedAg does a lot of training around mental health. There are good products available, but just saying we have this product, as a check mark, is not enough. [31:16] Go deeper, listen to your members, and train your supervisors and managers to identify some of the tell-tale signs of needs and bring them forward. Kirti's Chief of Staff remarked to her that physical scars can be seen, but mental scars cannot be shown. [31:49] You have to go deeper to understand mental scars. Spread the word. Talk to your employees and HR teams. Be OK with someone getting emotional at work. Give them a safe space and a trusting environment. Everybody goes through anxiety and stress. [32:20] Providing a safe space does more than providing a program. Engaging, building relationships, and having a connection would be helpful. [32:35] As a CEO, Kirti's biggest takeaway is to maintain a connection with everybody. She tries to do that as much as possible. She goes to CEO lunches and roundtables and is constantly talking to people. You never know what someone will say or do that is a tell-tale sign of need. [33:06] Kirti's advice for risk management professionals is to go a little deeper. Don't take things at face value. Take a step back and ask what is the true problem. Go one or two layers deeper looking for the real issues. Understanding the issue is good from a risk standpoint. [33:50] Are there not enough mental health professionals or should we look at the model for how we provide care for people? [34:10] Kirti also has a podcast, This Is Ag!, available on Spotify and other podcast platforms. She loves podcasting! The reason behind it is relationship and connection. It's to tell people what ag is all about. This year's focus will be on the ground workers and telling their stories. [34:58] There is so much to learn from agriculture! A lot of things still happen with a handshake in agriculture. There's a lot of trust and a lot of relationship and connection. Kirti loves working in the industry. She's very grateful for that. [35:14] Kirti tells what she likes about leading a not-for-profit organization. She runs it as a business but the core of it is the mission it serves. HCAA serves the underserved and she is testing how compassion and empathy play a role in the process. [35:44] Special thanks again to Health Care Administrators Association President and UnitedAg President and CEO, Kirti Mutatkar. There is a link to her podcast, This Is Ag!, in this episode's show notes.b Let her know you heard her first on RIMScast. [36:02] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [36:30] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [36:48] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [37:06] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [37:22] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [37:36] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [37:44] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RISKWORLD 2025 — May 4‒7 | Register today! Download the RIMS Events app! Spencer's RISKWORLD Events — Register or Sponsor! LAST CALL! RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Dates This Is Ag! — Podcast, Hosted by Kirti Mutatkar RIMS Webinars: RIMS.org/Webinars “Understanding Third Party Litigation Funding” | Sponsored by Zurich | May 1, 2025 “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | May 29, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: CBCP & RIMS-CRMP Exam Prep Virtual Bootcamp: “Mastering Business Continuity & Risk Management” | May 19‒22, 2025 | In Collaboration with DRI International Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Risk and Leadership Patterns with Super Bowl Champion Ryan Harris” (RISKWORLD 2025 Keynote) “Maintaining an Award-Winning ERM Program with Michael Zuraw” “National Nurses Week 2021: How COVID-19 Has Impacted the Nursing Profession with Dr. Sophia Thomas and Vicki Good” “Mental Health in the Workplace with Darcy Gruttadaro” (2021) Sponsored RIMScast Episodes: “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company (New!) “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Kirti Mutatkar on LinkedIn Kirti Mutatkar, CEO and President of United Ag Production and engineering provided by Podfly.
RDU has the second-highest number of opposition candidates. Synopsis: The Usual Place now moves to a half-hour daily livestream at noon from April 24 till May 1 - a day before Cooling-off Day - with Singapore's general election on May 3. Host and ST correspondent Natasha Ann Zachariah invites candidates, analysts and hunts for new perspectives on issues that matter to young people. Red Dot United (RDU) is a very young political party, formed only in 2020 when it contested just one constituency – Jurong GRC – with a team of five candidates. Fast forward five years, and RDU is now fielding the second-highest number of opposition candidates in this election, behind the WP’s 26 candidates. RDU’s 15 candidates are contesting four constituencies, going head-to-head with the PAP. How did the party scale up from a one-GRC showing in 2020 to four constituencies today? Joining Natasha in this episode are Ms Liyana Dhamirah, 38, and her teammate Marcus Neo, 33 - part of the party’s team contesting Jurong East-Bukit Batok GRC - and Ms Kala Manickam, 57, candidate for Jurong Central SMC. Highlights (click/tap above): 2:35 How a relatively new party like RDU managed to field the second largest number of opposition candidates10:33 How Ms Liyana is able to dismiss a lot of insults; why file a police report over online harassment recently? 23:27 Ms Kala on switching from Jalan Kayu SMC to Jurong Central SMC28:17 Mr Neo on housing and job insecurity as top concerns for millennial voters his age 36:23 Game time! Kopi-O kosong, bubble tea, teh tarik - what’s your favourite drink? Host: Natasha Zachariah (natashaz@sph.com.sg) Read Natasha’s articles: https://str.sg/iSXm Follow Natasha on her IG account and DM her your thoughts on this episode: https://str.sg/8Wav Follow Natasha on LinkedIn: https://str.sg/v6DN Filmed by: Studio+65 ST Podcast producers: Teo Tong Kai & Eden Soh Shorts edited by: ST Video Executive producers: Ernest Luis, Danson Cheong and Lynda Hong Follow The Usual Place Podcast and get notified for new episode drops: Channel: https://str.sg/5nfm Apple Podcasts: https://str.sg/9ijX Spotify: https://str.sg/cd2P YouTube: https://str.sg/wEr7u Feedback to: podcast@sph.com.sg --- Follow more ST podcast channels: All-in-one ST Podcasts channel: https://str.sg/wvz7 ST Podcasts website: http://str.sg/stpodcasts ST Podcasts YouTube: https://str.sg/4Vwsa --- Get The Straits Times app, which has a dedicated podcast player section: The App Store: https://str.sg/icyB Google Play: https://str.sg/icyX #tup #tuptrSee omnystudio.com/listener for privacy information.
David Kim (DK) is a trusted advisor as an AI, GRC, cybersecurity, and PCI DSS consultant and currently sits on Technical Advisory Boards, Governance Boards. He has centered his entire career around IT topics such as telecommunications, data networking, VoIP, unified communications, network management, information systems security, regulatory compliance, privacy, and auditing IT infrastructures for compliance. Learn how and why we met 24 years ago and thoughts around privacy and risk in the SMB space.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
On April 16th, the Supreme Court in London ruled unanimously that “the terms ‘woman' and ‘sex' in the Equality Act 2010 refer to a biological woman and biological sex”.The ruling came in response to a legal dispute between the activist group For Women Scotland and the Scottish government over whether trans people with gender recognition certificates (GRC) identifying their gender as female were considered as having the sex of a woman.For Women Scotland had argued that the sex-based protections in the Act should only apply to people born female and that sex is “immutable biological state”.The judgment, which ran to more than 80 pages, found that “the concept of sex is binary” – there is a female and a male.It went on to say that the legislation gives transgender people “protection, not only against discrimination through the protected characteristic of gender reassignment, but also against direct discrimination, indirect discrimination and harassment in substance in their acquired gender”.The judgment has come as a blow to the transgender community, particularly to transwomen who fear it will marginalise them further.Irish Times London correspondent Mark Paul explains the ruling and its implications.Presented by Bernice Harrison. Produced by Aideen Finnegan and John Casey. Hosted on Acast. See acast.com/privacy for more information.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
These new faces are from three GRC teams. Synopsis: The Usual Place now moves to a half-hour daily livestream at noon from April 24 till May 1 - a day before Cooling-off Day - with Singapore's general election on May 3. Host and ST correspondent Natasha Ann Zachariah invites candidates, analysts and hunts for new perspectives on issues that matter to young people. But first up, on the living room couch with her in today’s (April 24) livestream are three candidates from PAP: Mr Dinesh Vasu Dash, 50, part of the party’s East Coast GRC team, Mr Daniel Liu, 40, part of its Aljunied GRC team, and Ms Valerie Lee, 39, part of its team contesting the newly created Pasir Ris-Changi GRC. On April 25 next - at noon - find out in our second livestream, which candidates from another party will appear on the couch with Natasha. Highlights (click/tap above): 3:37 Most unexpected experiences about Nomination Day for the trio 8:47 Is there a new vision for the ‘East Coast plan’, for the new team to potentially build on DPM Heng Swee Keat’s legacy? 11:43 Mr Liu on the PAP’s Aljunied GRC team having the 3Es - expertise, experience and energy - to lead the constituency, if elected 17:45 Ms Lee on how she plans to stand out in the newly-created Pasir Ris-Changi GRC, on negative comments about party new faces 21:00 How they are handling their initiation to negative online comments after being thrust into the spotlight suddenly 26:07 Ms Lee on her journey to motherhood and why she opened up on her two previous miscarriages 32:31 Get-to-know-you game time! If you could implement one fun law in SG for one day, what would it be? Host: Natasha Zachariah (natashaz@sph.com.sg) Read Natasha’s articles: https://str.sg/iSXm Follow Natasha on her IG account and DM her your thoughts on this episode: https://str.sg/8Wav Follow Natasha on LinkedIn: https://str.sg/v6DN Filmed by: Studio+65 ST Podcast producers: Teo Tong Kai & Eden Soh Shorts edited by: ST Video Executive producers: Ernest Luis, Danson Cheong and Lynda Hong Follow The Usual Place Podcast and get notified for new episode drops: Channel: https://str.sg/5nfm Apple Podcasts: https://str.sg/9ijX Spotify: https://str.sg/cd2P YouTube: https://str.sg/wEr7u Feedback to: podcast@sph.com.sg --- Follow more ST podcast channels: All-in-one ST Podcasts channel: https://str.sg/wvz7 ST Podcasts website: http://str.sg/stpodcasts ST Podcasts YouTube: https://str.sg/4Vwsa --- Get The Straits Times app, which has a dedicated podcast player section: The App Store: https://str.sg/icyB Google Play: https://str.sg/icyX #tup #tuptrSee omnystudio.com/listener for privacy information.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner, YL Ventures. Joining us is Mandy Huth, svp, CISO, Ultra Clean Technology. In this episode: Start with good defaults Building talent bridges Don't forget the humans Differentiating with privacy Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
In this episode of Detection at Scale, Jack speaks with Jacob DePriest, VP of Security/CISO at 1Password, who shares insights from his 15-year journey from the NSA to leading security at GitHub through his current role. Jacob discusses his framework for assessing security programs with fresh eyes, emphasizing business objectives first, then addressing risks, and finally implementing the right security measures. He also explores how generative AI can enhance security operations while maintaining that human expertise remains essential for understanding threat intent. As 1Password transforms from a password manager to a multi-product security platform, Jacob outlines his approach to scaling security through engineering partnerships and automation, while offering practical leadership advice on building relationships, maintaining work-life balance, and aligning security initiatives with business goals. Topics discussed: Transitioning from engineering to security leadership and how that technical background provides empathy when implementing security controls. Approaching security program assessment by first understanding business objectives, then identifying risks, and finally implementing appropriate measures. Exploring 1Password's evolution from a password management product to a multi-product security company with extended access management. Balancing generative AI's capabilities with human expertise in security operations, recognizing AI's limitations in understanding intent. Leveraging AI to enhance incident response through automated summaries and context gathering to speed up triage processes. Implementing AI applications in GRC functions like vendor reviews and third-party questionnaires to increase efficiency and reduce tedium. Building sustainable security operations by ensuring security tools have proper access to data through education and partnership. Addressing the varying security postures across the vendor landscape through a risk-based approach focusing on access and visibility. Scaling security teams by clearly connecting their work to business objectives and ensuring team members understand why their tasks matter. Three pillars of security leadership: building a trusted network, establishing sustainable work-life balance, and connecting security to business goals. Listen to more episodes: Apple Spotify YouTube Website
Send us a textJoin Joe as he reconnects with Matthew Alderman, Chief Product Officer at CyberSaint, in this insightful episode of the podcast! With over 250 episodes under his belt, Joe dives deep with Matthew, a cybersecurity veteran, podcast host, and advisor, to explore:CyberSaint's Game-Changing Approach: How CyberSaint uses historical loss data to revolutionize cyber risk quantification, helping CISOs justify budgets with real financial metrics.Career Insights: Matthew shares his journey, from running startups to advising new ventures, and how he balances multiple roles (CPO, podcast host, advisor, and family man).Leadership & Communication: Why CISOs need to speak the language of business to earn a seat at the boardroom table.Practical Tips: Advice on avoiding burnout, building a mentorship network, and leveraging your personal brand in cybersecurity. Free Cyber Risk Analysis: Visit CyberSaint.io to benchmark your organization's cyber risk against industry peers. Connect with Matthew: Find him on LinkedIn Matthew Alderman or X @Maldermania Listen to Matthew's Podcast: Check out Business Security Weekly at securityweekly.com/BSW.Chapters00:00 Reconnecting and Reflecting on Podcasting Journey02:19 Balancing Multiple Roles and Responsibilities05:44 The Importance of Personal Well-being07:53 Career Goals and Retirement Aspirations10:31 Integrating Consulting and Podcasting11:55 The Value of Mentorship in Professional Growth15:02 Building Trust and Reputation in Networking16:39 Leveraging Podcasting for Career Opportunities18:20 Innovations in Cyber Risk Management23:07 Integrating Risk and Control Data25:30 The Importance of Risk Quantification28:33 Communicating Cyber Risk to the Board30:41 CISO's Role in Business Strategy33:03 Free Cyber Risk Analysis Offering36:20 Customizing Risk Models39:58 Real-Time Risk Monitoring42:24 Targeting Public Companies for Cyber Risk Solutions45:14 Closing Thoughts and Future DirectionsSubscribe for more cybersecurity insights, leadership tips, and industry trends! Drop your thoughts in the comments below—how do you approach cyber risk in your organization?Support the showFollow the Podcast on Social Media! Tesla Referral Code: https://ts.la/joseph675128 YouTube: https://www.youtube.com/@securityunfilteredpodcast Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcast
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
Ahead of the RSAC Conference, Sean Martin and Marco Ciappelli sit down with Steve Schlarman, Director of Product Management at Archer, to talk risk, regulation, and where governance fits into the broader cybersecurity conversation.Steve represents a company that's been at the center of governance, risk, and compliance (GRC) for nearly 25 years. But don't mistake tenure for inertia—Archer is actively reshaping how organizations think about integrated risk management, especially through its latest platform, Archer Evolv. Steve shares how his team is focused on rethinking compliance not as a checkbox, but as a foundation for smarter, more strategic business decisions.What sets Archer Evolv apart? For one, the platform doesn't just cater to full-time risk professionals. It's built for anyone in the organization who touches compliance—even occasionally. Steve explains how the user experience has been redesigned to make it easier for non-experts to contribute, pulling in relevant data without bogging down daily operations.AI also plays a major role. After acquiring Compliance.AI, Archer has embedded large language models and automation into its compliance workflows—cutting down the time it takes to process regulatory updates and map controls. This means compliance professionals can spend less time scanning documents and more time advising the business.But this isn't about technology for technology's sake. Steve underscores the bigger question facing companies today: how much risk are they truly willing to accept? Regulation might kickstart the conversation, but it's risk management that sustains it—and that requires clarity, context, and collaboration across the business.Archer's team will be on site at RSAC, ready to demo the platform and share stories from the field. With over 1,200 customers worldwide, the company has no shortage of real-world examples to pull from. From frontline vulnerability assessments to strategic compliance mapping, Archer's approach is centered on enabling better decisions—not just better dashboards.Stop by booth 3117 (https://itspm.ag/archervn5f) to see how they're turning compliance into an engine for risk-aware growth—and how your team might benefit from a more purposeful approach to GRC.Learn more about Archer: https://itspm.ag/rsaarchwebGuest: Steve Schlarman, Senior Director, Product Management at Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________Keywords: risk, compliance, governance, cybersecurity, ai, automation, regulation, grc, audit, resilience, controls, workflow, data, business continuity, product management, rsa, rsac2025, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
Bipartisan push for renewal of cyberthreat information sharing law ClickFix becoming a favorite amongst state-sponsored hackers GoDaddy puts Zoom on mute for about 90 minutes Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. For the stories behind the headlines, visit CISOseries.com. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
Kimberley Cole interviews Elaine Mullan, Head of Marketing and Business Development at Corlytics, about her career journey and role. Elaine discusses her transition from fashion design to marketing in the FinTech and RegTech sectors, her passion for mentoring women in tech, and her involvement in the Risky Women Write competition, where she won for her article on GRC through the lens of pop culture. Elaine emphasizes the importance of diversity in GRC, the impact of AI on compliance, and the need for more women's voices in the industry. She also shares her experiences with networking and the challenges of balancing early and late-stage careers. SHOW NOTES01:12 Career Journey 05:45 Role at Corlytics and Industry Insights 08:16 Advocacy for Women in Tech 14:58 Elaine's Article on GRC and Pop Culture 20:40 Diversity and Innovation in the Industry Transcript and more GRC content: https://www.riskywomen.org/2025/04/podcast-s8e4-how-hollywood-turns-grc-into-a-story-worth-telling/
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Mike D'Arezzo, executive director of infosec and GRC, Wellstar Health Systems. In this episode: The shift left myth Reconsidering CISO evaluations The power of “how” Building bridges Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
April 14, 2025: George Pappas, CEO of Intraprise Health, joins Drex DeFord for the news. The conversation explores Chris Hughes' insights on how machine-readable security controls and dynamic monitoring could revolutionize cybersecurity frameworks. How are rural hospitals surviving in a landscape where financial constraints clash with escalating security demands? The discussion takes a critical look at the regulatory environment, where HIPAA audits have been sparse since 2017 despite record-breaking breaches. George illuminates the complex intersection of healthcare economics, regulatory oversight, and cybersecurity imperatives that organizations must navigate. Key Points: 02:09 Discussion on GRC and Cybersecurity 08:14 Microsoft's Rural Hospital Program 13:37 Upcoming HIPAA Audits and Challenges X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
What happens when the need for rapid AI innovation runs up against the growing pressure for trust, accountability, and compliance? In this episode of Tech Talks Daily, I sit down with Mrinal Manohar, CEO of Prove AI, to explore how risk management can accelerate rather than hinder AI deployment. Mrinal shares how Prove AI is helping organizations build trust into their AI systems from the start. At a time when businesses are moving AI models into production, yet often lack visibility or safeguards, Prove AI offers a solution grounded in transparency and automation. Their approach uses distributed ledger technology to create tamper-proof audit trails for AI models. This allows teams to focus on innovation while having the infrastructure in place to meet evolving standards and regulatory demands. We discuss why traditional monitoring techniques fall short in an AI context, especially as models become more complex and decisions happen in real time. Prove AI's infrastructure is designed to support continuous risk mitigation. By recording every event and decision with cryptographic certainty, they make it possible to prove safety, compliance, and responsible use without relying on labor-intensive manual audits. Mrinal also explains how Prove AI's upcoming GRC product aligns with ISO 42001 and helps companies stay ahead of regulatory expectations. Whether you're deploying AI in customer service, manufacturing, or high-risk environments, the platform ensures clear oversight without disrupting speed or agility. This conversation covers practical examples of AI risk in action, from automated railway inspections to drive-through ordering systems. We also explore how distributed ledger technology is helping redefine AI governance, offering companies a way to move fast with confidence. If you're scaling AI and wrestling with risk, compliance, or trust, this episode will give you a fresh perspective on how to build guardrails that support growth—not slow it down.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is our sponsored guest Nathan Hunstad, director, security at Vanta. In this episode: Thinking like AI Building off a solid foundation Start with ownership Following the leader Big thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.