POPULARITY
Categories
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox is joined by Tom Hardin, a former hedge fund analyst known as Tipper X, who shares his unique journey from insider trading informant to a global speaker on compliance and risk. Hardin previews his upcoming panel on applying behavioral science to design effective GRC programs at the #RiskNYC conference. He discusses topics such as cognitive biases, social norms, and rationalizations in decision-making, emphasizing the enduring nature of human behavior despite technological advancements. The episode highlights Hardin's goal of fostering deeper connections between psychology, technology, and regulation to build more proactive and resilient risk cultures. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Tom Hardin on LinkedIn Visit Tipper X Website Learn more about your ad choices. Visit megaphone.fm/adchoices
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode of the Risk New York podcast series, Tom Fox introduces the upcoming Risk New York Conference, scheduled for July 9-10 at Fordham Law School. The conference, hosted by GRC World Forums, will focus on various aspects of risk management, including AI, tech risk, financial and crypto risk, and GRC frameworks. Tom discusses his keynote based on his book ‘Upping the Game' and highlights key speakers and exhibitors, including Robert Clark from Howard University, Bill Coffin and Erica Alburn from Ecosphere, and Michael Rasmussen, known as the father of GRC. The episode highlights the importance of the conference and provides details on discounted tickets, as well as other information available in the show notes. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Compliance Podcast Network Website Tom Fox Instagram Facebook YouTube Twitter LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox is joined by Erica Salmon Byrne, Chief Strategy Officer and Executive Chair at Ethisphere, and Bill Coffin, Editor-in-Chief at Ethisphere. The conversation delves into their roles in the compliance community, focusing on their work with the Ethicast Reacts series. They discuss how they analyze news stories to extract compliance lessons, help organizations understand and mitigate risks, and create storytelling opportunities to advance compliance programs. They also share their excitement for their upcoming presentation at the Risk New York City conference, where they'll engage with professionals from diverse backgrounds. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Erica Salmon Byrne on LinkedIn Bill Coffin on LinkedIn Ethisphere Learn more about your ad choices. Visit megaphone.fm/adchoices
All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alex Hall, CISO, Gensler. In this episode: Evaluating secure messaging beyond the app Reframing compliance as a business enabler Incremental security investment vs. crisis response Why culture, not punishment, drives secure behavior Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Join myself and hundreds of other GRC professionals in the city that never sleeps, New York City on July 9 & 10 for one of the top conferences around #Risk New York. current US landscape – shaped by evolving policies, rapid AI advancements, and shifting global dynamics – demands adaptive strategies and cross-functional collaboration. At #RISK New York you will master the New Regulatory Reality by Getting ahead of US regulatory shifts and their impact. Conquer AI & Tech Risk by Safeguarding your organization in an AI-driven world and understand the implications of major tech investments. Navigate Financial & Crypto Volatility by Protecting assets and explore solutions in a dynamic market. Strengthen Your GRC Framework by Leverage governance, risk, and compliance for strategic advantage. Protect Digital Trust by Addressing challenges in cybersecurity, data privacy, and combating misinformation. All while meeting In this episode, Tom Fox talks with Chris Mason, who recently launched his risk advisory practice, Woodhorn Global, focusing on due diligence investigations. Chris shares insights about his upcoming presentations at the #RiskGRC conference in July, focusing on AI investments and political uncertainty affecting the GRC (Governance, Risk, and Compliance) community. They discuss the significance of AI in the field and the importance of adapting to political changes. Chris also highlights the value of in-person events to understand best practices and navigate the evolving risk landscape. Resources #Risk Conference Series #RiskNYC-Tickets and Information Chris Mason on Linkedin Learn more about your ad choices. Visit megaphone.fm/adchoices
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox talks with Gwen Hassan, the Chief Compliance Officer for Unisys Corporation, about her role and the upcoming #RiskNYC conference. Gwen shares insights into Unisys' operations, including the various technologies and services they provide, and highlights her responsibilities in managing global ethics, compliance, and trade compliance risks. She also gives a teaser about her panel presentation on the compliance and ethics risks associated with artificial intelligence, stressing the importance of understanding AI's impact on company culture and regulatory compliance. Gwen expresses her excitement about the conference, emphasizing the value of engaging with fellow risk management experts. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Gwen Hassan on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Hackers attacks target Microsoft Entra ID accounts using pentesting tool Google Cloud and Cloudflare outages reported House Homeland Chairman Mark Green announces his departure Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox welcomes Michael Rasmussen, a renowned expert in Governance, Risk Management, and Compliance (GRC), often referred to as the ‘father of GRC.' Michael shares insights into his contributions to the field, including his work with the SEG GRC Capability Model. The conversation highlights Michael's anticipated presentation on ‘The Future of GRC' at the upcoming risk conference in New York City. Drawing inspiration from Star Trek (TOS, and how can you not love that?), Michael emphasizes the importance of managing business risks effectively. The discussion also touches on the benefits of face-to-face interactions and networking opportunities at such conferences. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Michael Rasmussen on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
Zero-click data leak flaw in Copilot Operation Secure targets infostealer operations FIN6 targets recruiters Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.
Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox talks with Matt Kelly about his presentation on the importance of understanding how AI can be productively adopted within enterprises, as well as the ethical challenges it presents, including discrimination and data validity. Matt also discusses the importance of AI governance and offers a preview of his upcoming presentation on this topic. Matt expresses his eagerness to engage with other GRC professionals at the forthcoming conference to exchange ideas and discuss emerging risks in third-party and vendor risk management. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Matt Kelly on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices
CISA, Microsoft warn of Windows zero-day used in attack on ‘major' Turkish defense org 40K IoT cameras worldwide stream secrets to anyone with a browser Marks & Spencer begins taking online orders again, out for seven weeks due to cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.
Brute forcing phone numbers linked to Google accounts The Guardian launches Secure Messaging service United Natural Foods hit by cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations. Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/ Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/ Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/ Chapters 01:39 Meet Matt Hillary: CISO of Drata 06:06 The Evolution of GRC and Trust Management 14:48 Continuous Compliance and Automation 19:26 Compliance as Code: The Future of GRC 22:18 The Importance of Getting It Right the First Time 23:15 Customer Compliance Challenges 24:21 Vendor Risk Management and Trust Building 26:26 Leveraging AI for Compliance and Risk Management 31:43 Evaluating Credibility of Third-Party Evidence 41:09 Common Mistakes in GRC Programs 43:56 Final Thoughts and Industry Call to Action
Presidential cyber executive order signed Neuberger warns of U.S. infrastructure's cyberattack weakness Mirai botnet infects TBK DVR devices Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
"Compliance is the security referee - frameworks are the playbooks."In this episode, I'm joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.Tim shares what he's learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.Here are some highlights from the episode:What GRC actually means - and why governance is the most misunderstood partWhy people who say "compliance isn't security" are missing the pointHow explaining the "why" of cybersecurity controls aids in acceptanceWhy data retention policies can protect you from major legal headachesAnd yes… a story about how Tim accidentally ransomwared himself
All images and links can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alexandra Landegger, global head of cyber strategy & transformation, RTX. In this episode: A cybersecurity fast-track? When Ambition Becomes a Liability Giving the CVE Program the Credit It Deserves Elevating human cyber talent with AI Huge thanks to our sponsors, Nudge Security, SecurityScorecard, and Vanta Take control of SaaS security and AI governance with Nudge Security. Start a free trial today and get a full inventory of all SaaS and GenAI accounts in minutes along with risk insights and automation to help you quickly improve your security posture. Get started here: nudgesecurity.com/cisoseries Third-party risk doesn't stop at monitoring. SecurityScorecard delivers real-time detection and response across your supply chain—helping you fix vulnerabilities before they become breaches. Empower your team with expert-driven remediation, continuous vendor oversight, and board-ready insights that drive results. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta This isn’t just another AI podcast. It’s about the deeper shift that’s happening in cybersecurity—away from individual tools and dashboards, and toward real-time, comprehensive world models of what we’re trying to protect or attack. I'll walk through how I came to this idea, what it means for security assessments, red teaming, vuln management, and beyond—and why context, not AI, is the actual revolution.
Sitting with Henry Tim of Tech Degenerates and Phantom Technology Solutions to talk about GRC platforms. What makes it a GRC platform? How important is a GRC in my MSP? These questions and several others are tackled, and I think we have found some answers.
Cybersecurity frameworks can learn a lot from HITRUST.In this episode, Ryan Patrick of HITRUST explains how HITRUST approaches the assurance problem, from centralizing the certification process to frequent updates to the control sets based on threat data.I barely knew anything about HITRUST going in, but it's clear they're tackling the cybersecurity assurance problem in a radically different way.Here's what stood out to me:HITRUST reviews its security controls quarterly based on threat intel and control effectivenessThere are three distinct assessment levels (like CMMC)HITRUST itself issues a certification after the 3rd party assessment and running the assessment results through two stages of QAEvery 3rd assessment gets reviewed. Every. Single. One.The centralized approach of HITRUST allows them to provide feedback to its assessment community after each and every assessment which results in assessments that are more consistent and higher quality.HITRUST certified organizations are contractually required to report incidents which then allows them to evaluate the effectiveness of their controls.I personally think that commercial cybersecurity frameworks should take a look at HITRUST.What were your biggest takeaways? Let me know in the comments.Follow Ryan on LinkedIn: https://www.linkedin.com/in/ryan-patrick-3699117a/HITRUST Website: https://hitrustalliance.net/-----------Thanks to our sponsor Vanta!Get back time to focus on strengthening security and scaling your business.Discover the new way to GRC here: https://vanta.com/grcacademy-----------Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e8&utm_campaign=courses#hitrust
Send us a textNeste episódio, recebemos Thays Ribeiro, coordenadora de GRC de Segurança da Informação no Hospital Sírio-Libanês, para um papo direto e inspirador sobre cibersegurança hospitalar, carreira em TI e liderança empática em ambientes críticos. De projetos sociais ao comando de estratégias em um dos maiores hospitais da América Latina, Thays compartilha como encontrou seu lugar na tecnologia – mesmo sem ter começado por ela.
Send us a textEla saiu da indústria, mergulhou na cibersegurança hospitalar e hoje lidera com propósito em um dos hospitais mais respeitados do Brasil.No próximo episódio do PodCafé Tech, recebemos Thays, especialista em GRC e inclusão digital no Hospital Sírio Libanês, uma mulher que une neurociência, empatia e tecnologia para transformar realidades.
Are you protecting your data the right way? Trust is everything—but how do organizations build and maintain it? One way is through ISO 27001, the globally recognized Information Security Management System (ISMS) standard that ensures data security and risk management. In this insightful episode of the FIT4PRIVACY Podcast, Tania Postil joins Punit Bhatia to discuss the critical role of ISO 27001 in shaping digital trust and securing sensitive data. Whether you're a privacy professional, IT leader, business owner, or someone concerned about cybersecurity, this episode provides valuable insights into why ISO 27001 is essential for securing data and building trust. KEY CONVERSION POINT 00:02:14 What is digital trust? 00:11:09 Role of auditor plays in making the perception of Digital Trust real? 00:13:55 What is Information Security Standard and how does it help? 00:18:07 ISO 27000 Training 00:21:50 Who would benefit from ISO 27000? ABOUT GUEST Tania Postil is a GRC and IT risk consultant, automation enthusiast and innovation evangelist. Since 2021 Tania has joined ISACA Belgium Board and is currently a Communication Director and Programme Chair. Leading information security assignments, Tania combines no-nonsense approach with human attitude. Recognized for analytical skills combined with efficient communication as well as proven track record in rendering processes more efficient. Eager to bring value to your team by performing / assisting to audit and consultancy assignments. ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals. Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts. As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/taniapostil/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy
In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale. As CEO of RegScale, he oversees their Continuous Controls Monitoring platform, which enables rapid GRC outcomes for organizations like Wiz, Keybank, and the US Department of Energy. In this episode: [02:15] How an interest in computer science led Travis to pursue a career in security [03:20] Working in “the Major Leagues of cyber” at the National Nuclear Security Administration [06:20] Moving fast in highly-regulated environments [07:10] Securing the world's fastest supercomputer at Oak Ridge National Laboratory [10:30] Supporting digital transformation at enormous scale at Bechtel Corp [15:15] How outdated compliance processes inspired Travis to co-found RegScale [18:15] How RegScale acquired its first high-profile clients through "hustle and luck" [19:20] The challenges of building the first version of RegScale [21:15] Taking the pain out of compliance [23:20] The biggest GRC roadblocks teams are facing right now [25:10] Practical advice for moving the needle on your automation program [27:33] Eliminating redundancy and inefficiency in federal compliance programs [32:30] What's next for RegScale [33:45] The best applications of AI (and which decisions should "never" be made AI) [35:45] Navigating regulatory uncertainty when it affects your whole business model [38:40] What SecOps and compliance teams might look like in the future [40:20] What the best compliance teams do to build rapport with security, IT and other business functions [43:30] Why AI adoption is a risk-based conversation every organization should be having with their CISO [46:00] Connect with Travis Where to find Travis Howerton: LinkedIn RegScale Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The CISO Society 2025 State of Continuous Control Monitoring Report
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin interviews Chris Maguire about his professional journey and what led him to focus on the intersection of legal, compliance, and innovation. This leads to a discussion about AI and predictive analytics. Chris shares examples of General Counsel and compliance offices using AI to improve risk forecasting and decision-making. Chris comments on the expanding role of Compliance in the General Counsel's office. Listen to Chris's take on the importance of values. He shares some of the core values of Thomson Reuters. Key Takeaways: [:01] About RIMS and RIMScast. [:17] About this episode of RIMScast. We will talk about how technology is driving innovation in compliance, risk, and the legal profession, with Chris Maguire of Thomson Reuters. [:41] RIMS-CRMP Workshops! The next RIMS-CRMP-FED Exam Prep will be presented in conjunction with AFERM and led by instructor Joseph Mayo. This is a two-day course, June 2nd and 3rd. Register by May 26th. [1:02] The next RIMS-CRMP Exam Prep Workshop will be presented in conjunction with NAIT on June 10th and 11th. Register by June 9th. That course will be led by former RIMS President, Nowell Seaman. [1:20] Links to these courses can be found on the Certification Page of RIMS.org and through this episode's show notes. [1:27] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM”, and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:45] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:56] We are already making preparations for the RIMS ERM Conference 2025 on November 17th and 18th in Seattle, Washington. RIMS is accepting educational session submissions through May 20th. [2:14] The best submissions will address current and future challenges facing ERM practitioners as well as provide leading practices and concrete takeaways for a diverse audience of risk professionals from industries or organizations of varied sizes, disciplines, functions, and roles. [2:30] These include officers, leaders, managers, and students. The link to the submission form is in this episode's show notes. If you are listening on the day of this episode's release, this is the last call for submissions, so get them in! [2:46] Let's get on with the show! How is your organization navigating regulatory uncertainty in 2025? Are you leveraging advancements in technology to help achieve your goals? Our guest this week is Chris Maguire, the General Manager for Corporates Risk at Thomson Reuters. [3:06] We are going to talk about how technology is driving innovation in compliance, risk, and legal. We will talk about how AI and predictive analytics are reshaping corporate legal and compliance functions, and more. Let's get to it! [3:22] Interview! Chris Maguire, welcome to RIMScast! [3:29] Chris Maguire started in a Big Four firm in the '90s, in the auto practice. It was a great way to learn business and how they worked, focusing on understanding financial controls and risk, and how to make sure that companies were behaving correctly. [3:59] After an MBA, Chris started working for Thomson Reuters. He has been with them for about 20 years in the legal tech space. He started on the strategy side and transitioned after several years to driving the commercial teams in the risk business. [4:24] Now, Chris has the role of looking at product and industry strategy for corporations. Thomson Reuters is at the intersection of legal, risk, and compliance, and how they affect enterprises. [5:07] Chris says that 20 years ago, AI was not a fast-moving industry. There have been dramatic changes in the last few years. AI adoption by Thomson Reuters customers has doubled in the last year. Generative AI has been seen in a wide range of tasks. It started with drafting NDAs. [5:38] Salespeople are always asking for NDAs and how they can be drafted more quickly and easily. Now AI conducts legal research or helps draft a research memo or a complaint from a particular point of view. We're seeing it in drafting HR employment policies and rote tasks. [6:21] Chris explains the use of AI prompts tied to data sources, such as your data, data from Thomson Reuters, or other data providers. Chris is also seeing big data AI used a lot in analyzing outside spending and looking for cost savings. [7:14] Chris tells how AI helps in decision-making, using the example of knowing the vendors you choose for your supply chain and knowing your customers. AI can weed through all the news out there to make sure you're not dealing with a sanctioned entity. [8:22] AI can help with reputation risk. Is there forced labor in your supply chain? That matters to your reputation. It's not just whether a country is sanctioned, but what the individual entities in your supply chain are doing. There's a lot of focus on reputation today. [9:10] Justin recently had the Chief Impact Officer of EcoVadis on RIMScast Episode 329. They talked about forced labor and human trafficking in the supply chain. Use AI to help identify where forced labor and human trafficking are big risks, avoid them, and report them. [9:35] This is important on the corporate side and the government side of the business. Chris says it will be interesting to see the effect of tariffs. Thomson Reuters has updated about 50 million changes to its global trade products so far this year, compared to 100 million in 2024. [10:16] Plug Time! RIMS Webinars! We are back on May 22nd, with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [10:33] On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?”. [10:413] On June 17th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. [10:54] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [11:05] Spencer Educational Foundation's Grants program is starting soon. Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [11:23] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [11:43] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [11:54] Back to the Conclusion of my Interview with Chris Maguire of Thomson Reuters! [12:27] Chris refers to RIMScast Episode 335 with Jeff from Academy Sports. Jeff talked about how the Compliance function now sits in the General Counsel's office. At Thomson Reuters, more of the Compliance group has moved into the General Counsel's office in the last year. [12:48] The General Counsels are being charged with understanding the full weight of risk across an organization, from reputational risk to who you should or should not do business with. [13:16] The Sales organization at Thomson Reuters has discussed that a lot with the GC office, from a reputation, sanctions, and everything perspective. A lot of GC offices now include the Compliance role. [13:50] Chris's ERM philosophy is Trust. Companies need to trust who they are doing business with. Companies need to trust that their employees have what they need to make decisions not to deal with a risky customer, but to follow the laws and rules of global companies. It's trust. [14:29] There is so much change going on. Chris talks about values that resonate. One Thomson Reuters value is Act Fast, Learn Fast. You have to move and learn. Companies can help you, but it is on individuals to take the responsibility to act fast and learn fast about what is changing. [14:59] Thomson Reuters is bound by the Trust Principles. It started with Reuters in the 1940s around WWII, but it goes back to its 150 years of legal content. [15:17] The information Thomson Reuters provides its customers has to be free from bias. It has to be right. It has to be updated. It can't be an opinion about a philosophy. It has to be fact-based. It has to provide customers with the information they need to get work done. [15:36] Applying AI on top of trusted, unbiased, correct, up-to-date information is going to be vital, moving forward. Act fast, learn fast, and trust. [15:57] Chris believes the legal industry hasn't always been the fastest-moving industry. The technology is now there to allow us to move more quickly and learn more quickly. That's an exciting thing! [16:23] Chris says AI is no longer a future concept. It's here. It's transforming our lives; it's starting to transform our business environment. If you don't adapt quickly, you're going to be at a significant disadvantage. [16:36] For people in General Counsel's offices, people in compliance functions, the value is your expertise, your knowledge, and you as a human, and what you can bring to the situation. [16:48] If AI can help you get there, and give you a platform on which to add your judgment and expertise, knowledge, and professional opinion, that's a hugely valuable thing. [17:01] Thomson Reuters doesn't see AI taking away jobs. We see people who use AI, potentially taking away the jobs of people who don't use AI. It all comes back to the humans and how they use it. There's never been a time when Thomson Reuter's expertise has been more important. [17:34] Chris, it has been such a pleasure to have you here on RIMScast! I do appreciate that you listened to some previous episodes! Get my unique download count up there! [I7:50] I appreciate that we're reaching a very important segment of our audience and our RIMS membership. I think they're going to learn a lot in this episode. Thank you! [18:02] Special thanks to Chris Maguire for joining us here on RIMScast. Links to RIMS coverage about AI, legal, and compliance risks are in this episode's show notes. [18:13] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [18:41] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [19:00] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [19:18 ] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [19:34] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [19:48] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [19:55] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. ERM Conference 2025 — Call for Submissions (Through May 20) RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine “Balancing Innovation and Compliance When Implementing AI” — Risk Management magazine, April 2025 RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Deadline July 30, 2025 2025 Coast-To-Coast Risk Management Challenge — Applications Open Through May 23 RIMS Webinars: RIMS.org/Webinars “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | June 17, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP-FED Exam Prep with AFERM — June 2‒3, 2025 | Presented by RIMS and AFERM RIMS-CRMP Exam Prep Virtual Workshop — June 10‒11, 2025 | Presented by RIMS and NAIT Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “(Re)Humanizing Leadership in Risk Management with Holly Ransom” “AI and Regulatory Risk Trends with Caroline Shleifer” Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Chris Maguire, General Manager, Corporates Risk at Thomson Reuters Production and engineering provided by Podfly.
We're joined by Jacob Hill, founder of the GRC Academy, a leading provider of training and consulting services in governance, risk, and compliance. In this episode, Jacob dives into the new DOD regulations for CMMC, and why it's essential for contractors to get a head start in implementing these regulations. Jacob shares insights into what the new CMMC regulations entail and the implications for businesses. He discusses how the CMMC framework is designed to ensure that companies comply with cybersecurity best practices and what steps they need to take to become certified. Additionally, Jacob introduces his new course on the GRC Academy, which focuses on helping companies understand these regulations and navigate the certification process. He explains how the course can benefit companies and help them avoid costly mistakes while preparing for CMMC compliance. This podcast is a must-listen for anyone involved in government contracting or cybersecurity, looking to understand the implications of CMMC regulations. Jacob's expertise in this area and the insights he provides will prove invaluable to anyone looking to get a head start in implementing these regulations. Tune in to hear Jacob Hill's take on CMMC regulations and what companies can do to prepare for compliance. Take the course: https://grcacademy.io/courses/cmmc-overview-training-small-medium-businesses-smb/ Understand CMMC: https://grcacademy.io/cmmc/controls/ Contacts Jacob: https://www.linkedin.com/in/jacobrhill/ #CMMC #cybersecurity #governmentcontracting #compliance #GRC #podcast #training #certification #DOD #informationsecurity #smallbusiness #riskmanagement #regulations #ITsecurity #datasecurity #manufacturingunscripted #manufacturing #manufacturingcontracts
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains why integrated GRC and DevSecOps are non-negotiables for space startups. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom Windows 11 and Red Hat Linux hacked on first day of Pwn2Own The Internet's biggest-ever black market just shut down amid a Telegram purge Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Nick Espinosa, host, The Deep Dive Radio Show. Here's where you can find him: Daily Podcast on SoundCloud | YouTube | Forbes | Twitter/X | Facebook | BlueSky | Mastodon Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Tired of the same old advice that isn't getting you anywhere in your cybersecurity career? Everyone says "get more technical skills," but what if that's only part of the story? If you're aiming for leadership roles like CISO, Security Director, or Head of GRC, or other security leadership roles, this episode is for you. In this episode, we dive into: why technical skills alone won't land you a cybersecurity leadership role, the real skills that executives are desperately seeking (it's not what you think), how to showcase leadership skills even without a leadership title (break the catch-22), effective communication strategies to influence executives and your team, what it really takes to lead during a cybersecurity crisis (the uncomfortable truth). It's time to stop wasting time on outdated advice and focus on what truly matters. Listen now to unlock the secrets to accelerating your cybersecurity leadership career.Looking to become an influential and effective security leader? Don't know where to start or how to go about it? Follow Monica Verma (LinkedIn) and Monica Talks Cyber (Youtube) for more content on cybersecurity, technology, leadership and innovation, and 10x your career. Subscribe to The Monica Talks Cyber newsletter at https://www.monicatalkscyber.com.
Steel producer disrupted by cyberattack European Vulnerability Database (EUVD) is online CISA pauses advisory overhaul Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Saket Modi, co-founder and CEO, SAFE Security. In this episode: Elevating AI to table stakes Security for the real world Using dynamic models for TPRM The agentic AI augmentation Huge thanks to our sponsor, SAFE Security SAFE (#1 platform to unify the management of all cyber risks) has reinvented cyber risk management with Agentic AI. We help CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation.
Rhea Sharma, winner of the Risky Women Write competition, discussed the human costs of offshoring GRC functions. She highlighted the disparity in pay between offshore and onshore employees, noting that offshore employees often face an illusion of progress. Rhea emphasized the need for fair pay, transparency, and inclusion in offshoring practices. She also shared her background, including her work with Women's Lantern, a charity supporting South East Asian women, and her ongoing education. Rhea advocated for decentralized finance and its potential to address global cybersecurity issues, citing regulatory reforms in Australia, Singapore, and India. SHOW NOTES 00:24 Feedback on Rhea's Article 04:36 Career Journey 07:36 Aligning Values with Work 19:46 Challenges of Offshoring and Brain Drain 25:52 Practical Steps for Ethical Offshoring 31:49 Future Innovations and Recommendations Transcript and more GRC content: https://www.riskywomen.org/2025/05/podcast-s8e5-offshoring-grc-functions-the-human-reality/
Global Crossing Airlines Group confirms cyberattack Google settles privacy lawsuits UK launches software security guidelines Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin interviews three RISKWORLD attendees at RISKWORLD 2025. They are first, Audrey Trim of Thomson Rivers University, second, Lucy Straker of Beazley, and third, François Beaume of Sonepar and AMRAE. Audrey Trim shares information about her career and her experiences at RISKWORLD and on the Board at BC RIMS. She introduces the Second Annual Coast to Coast Risk Management Legacy Challenge for Canada and tells how student teams can compete. Lucy Straker describes the growing risk of political violence and active assailant events, and what insurance products are needed on top of general liability. She offers strategies for preventing and mitigating violent events. François Beaume presents the 17th Annual AMRAE RMIS Panorama, a survey of vendors and risk managers, with insights into the software and technology available to corporate risk teams. The Panorama and data sets are freely available online in French and English at the link below. Listen in for a glimpse of the variety of education at RISKWORLD. Be sure to save the dates May 3rd through the 6th for RISKWORLD 2026 in Philadelphia. Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast, coming to you live from RISKWORLD 2025 in Chicago. There are so many topics and perspectives to cover! [:40] RIMS-CRMP Workshops! RIMS is co-hosting an intensive four-day program, which is your gateway to achieving two prestigious certifications, the DRI Certified Business Continuity Professional (CBCP) and the RIMS Certified Risk Management Professional (RIMS-CRMP). [:59] This workshop will be held from May 19th through the 22nd in collaboration with DRI International. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:14] Virtual Workshops! On June 12th, Pat Saporito will host “Managing Data for ERM”, and she will return on June 26th to present the very popular new course, “Generative AI for Risk Management”. [1:31] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [1:42] We're at RISKWORLD this week, but preparations are already underway for the RIMS ERM Conference 2025 on November 17th and 18th in Seattle, Washington. RIMS is accepting educational session submissions through May 20th. [2:00] The best submissions will address current and future challenges facing ERM practitioners as well as provide leading practices and concrete takeaways for a diverse audience of risk professionals from industries or organizations of varied sizes, disciplines, functions, and roles. [2:16] These include officers, leaders, managers, and students. The link to the submission form is in this episode's show notes. [2:26] Of course, mark your calendars for November 17th and 18th, and I'll be sure to alert you when registration opens. [2:34] RISKWORLD 2025 was one of the highlights of the 75th Anniversary of RIMS. We had a fantastic time here at McCormick Place in Chicago. We've got a lot of perspectives that we're going to cover! [2:47] Our first guest is the Responsible Use of Space Coordinator in the Risk Management Department of Thomson Rivers University in British Columbia and a Board Member of BC RIMS. She is making her RISKWORLD and RIMScast debut. [3:04] Audrey Trim is here to tell us about her experience as a first-time attendee and the 2025 Coast-to-Coast Risk Management Legacy Challenge, which was a big draw among the students at RIMS Canada 2024, and we expect that to possibly outdo itself in 2025. [3:24] You could sense the energy on the exhibit room floor on Day 1 of RISKWORLD. Let's get to it! [3:32] Interviews! Audrey Trim, welcome to RIMScast! [3:38] On RISKWORLD Day 1, Audrey enjoyed the Matha Stewart opening keynote. It was a great, inspirational show. Audrey has taken in some great sessions. She's looking forward to some educational seminars. This is Audrey's first RISKWORLD; it will not be her last! [4:57] Audrey explains her job title, Responsible Use of Space Coordinator. She oversees the non-academic space, among other things, on the Thomson Rivers University campus. She focuses on the best use of the space in a responsible way. [6:07] In earlier roles, Audrey worked on the 2014 Tim Hortons Brier in Kamloops and was an Event Coordinator for the City of Kamloops. She also coordinated a Buskers Festival. Then she fell into risk management, and she's loving it. [6:28] Audrey joined the Risk Group at Thomson Rivers three years ago. She became a BC RIMS member and now serves on the chapter board. Audrey is on the organizing committee of the Coast to Coast Risk Management Legacy Challenge, working with the SA RIMS Chapter. [7:01] This is the Second Annual Coast to Coast Risk Management Legacy Challenge for Canada. They will try to outdo the premier year. The Challenge involves students in teams of four from universities across Canada. [7:31] The teams get a case study and compete for the top two spots. The top two teams will get a chance to present their findings at the 2025 RIMS Canada Conference, which will be in Calgary, Alberta, from September 14th through 17th. [7:50] This year, Ken Letander, Case Study Champion, owner and Founder of Strat First Inc., a Canadian risk management firm, has chosen the case study topic: Reporting, Set Aside, Spend: Indigenous business joint venture, ethical dilemmas, and program integrity benefits. [8:15] It's going to be a big draw. Audrey hopes lots of teams apply. Ken Letander and others will judge the entries. [8:45] Audrey describes the passion and thought that went into the submissions to the 2024 Coast to Coast Challenge. The winning submission developed a tool to measure health equity across the province. The tool was given to the Fraser Health Authority to use day-to-day. [9:35] The Coast to Coast Challenge is open to students across Canada. One of the members of the winning team last year changed her direction from business to risk management, because she had such a great experience at the conference and during the case study. [10:38] Apply to join the Coast to Coast Risk Management Legacy Challenge by May 24th. The case study will be assigned on May 30th. Each team submits a 10-page report. The judges will pick the top two teams to present at the RIMS Canada Conference 2025. [10:55] A link to the submissions page and contact information is in this episode's show notes. [11:16] Audrey's advice to anyone considering attending RISKWORLD 2026: “Know where you're going and how to get around the conference. Also, curate your sessions. There are a lot of options here. Pick out the ones that will have an impact on you and teach you something great.” [11:35] “There are so many networking opportunities. Take advantage of those. Get out there. Don't be afraid to try new things!” [11:39] RIMS Canada 2025 will be held from September 14th through 17th in Calgary. Registration will open soon. Audrey says, “Do it! The RIMS Canada Conference was a great opportunity to meet people and network!” [12:20] Plug Time! RIMS Webinars! We are back on May 22nd, with GRC, a TÜV SÜD Company, and their newest session, “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny”. [12:36] On June 5th, Zywave joins us to discuss “Today's Escalating Risk Trajectory: What's the Cause and What's the Solution?” [12:47] On June 17th, Origami Risk returns to present “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction”. This session was rescheduled from May. If you were already registered, you do not need to take any action. [13:03] More webinars will be announced soon and added to the RIMS.org/Webinars page. Go there to register. Registration is complimentary for RIMS members. [13:15] Spencer Educational Foundation's Grants program is starting soon. Spencer's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [13:34] Since 2010, Spencer has awarded over $3.3 million in General Grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process is now open through July 30th, 2025. [13:55] General Grant awardees are typically notified at the end of October. Learn more about Spencer's General Grants through the Programs tab of SpencerEd.org. [14:05] On the 7th of October, the New Jersey RIMS Chapter will return to the beautiful Fiddler's Elbow Country Club in Bedminster, New Jersey, for their Annual Charity Golf/Pickleball Event. [14:18] Registration is open, and the event proceeds are used to fund the chapter's Spencer and Kids' Chance Scholarships. It was the filming location for the upcoming movie sequel, Happy Gilmore 2. For more information and to register, please NewJersey.RIMS.org. [14:42] My next guest was a panelist on several RIMS webinars. I was delighted to see her, so we could record this special segment live at RISKWORLD 2025. She is Lucy Straker. She is the focus group leader for U.S. Political Violence & Deadly Weapons Protection at Beazley. [15:00] We will talk about the trends she's seeing in her area of practice. [15:06] Lucy Straker, welcome to RIMScast! [15:29] In 2016, Beazley looked at the landscape as it relates to terrorism and active assailant events and realized that traditional insurance options weren't providing sufficient solutions for its clients. Beazley created a product and a marketplace around active armed assailant events. [16:02] Lucy says what you see in the media is a fraction of what's happening. The media report the biggest and worst events. The risk is far higher than what is reported in the media. [16:31] Violence and shootings have increased. People are now more aware of the risk and are trying to respond to it through insurance products and legislation such as California's SB-553, with much more focus on preventing these events from occurring. [16:54] We want to avoid workplace violence before it becomes something. A lot of clients think they already have coverage for workplace violence in their traditional general liability insurance. [17:19] Recently, general liability carriers have put exclusions on their products for AMB, firearms, weapons, or the expected or intended injury exclusion found in a traditional ISA form. [17:38] Lucy says clients need to be aware that there is a potential coverage gap. A misconception among clients is that none of them think they will have a shooting. They're in denial. When there's a shooting, you hear, “I never thought it would happen to me!” [18:03] We're at a stage where gun violence is so prevalent in the U.S. that you can't argue you didn't think something was going to happen. You have to plan and prepare for the worst-case scenario. [18:28] Lucy advises risk leaders to buy coverage to help them cover the gap. They do not have to be alone. With most shootings, there is a warning sign. There is a trail. There are things to do to prevent it. [18:52] As a company, protocols have to be embedded from top-down and bottom-up. The company has to communicate every plan and procedure to its employees. Employees have to be trained and retrained. This is not something they're going to be thinking about every day. [19:09] You have to engage with your security team. You have to screen people. You have to screen the company. You have to create a culture of reporting. People are not going to report something unless they feel comfortable reporting it. You need to have anonymous reporting. [19:24] You need to instill a culture in your company of “See something, say something, report it.” It could be someone coming in and acting funny, or someone posting on social media, “I'm going to go carry out a shooting.” [19:46] More often than not, if someone's going down a path to violence, there are signs. They don't just wake up one morning and say they're going to go carry out a shooting. There are warning signs, and we want to catch them before it becomes something more material. [20:13] There are different lines of coverage and ways that coverage can respond, such as active assailant forms. Think about your business and other areas of your business you might not have thought about. Lucy mentions the United Health Care CEO being shot off the premises. [20:38] It was a targeted event. Were there warning signs online by Luigi, the perpetrator? How can you identify those threats? Make sure you have risk management and preventive measures in place. Think of the litigious landscape. We're now seeing more nuclear verdicts. [21:02] People always want someone to blame. You've got to make sure that, if something happens, you're doing right by the people to try and eliminate and reduce that liability on the back end. [21:15] RIMS Plug! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through the 6th, 2025. This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world. [21:35] Guess what, folks! Registration is now open! The advance rate is available through May 16th. A link is in this episode's show notes. You can also visit the Events page of RIMS.org to register. We look forward to seeing you in Texas! [21:51] Let's Move to My Final Guest, François Beaume, The SVP for Risks and Insurance at Sonepar and the VP of AMRAE (The Association for Corporate Risk and Insurance Management)! [22:16] François Beaume is here to discuss the findings of the 17th Edition of the RMIS Panorama that AMRAE produces in association with and with the support of several groups, including RIMS. [22:36] François Beaume, welcome back to RIMScast! [23:02] AMRAE has the 17th Annual Edition of the RMIS Panorama available. In 17 years, the most significant evolution in risk management information system offerings has been the integration of advanced technologies like AI, automation, and data visualization. [23:57] These add-ons transform the software from a pure data management tool to a much more sophisticated platform that provides productive analyses and real-time risk monitoring to enhance decision-making capabilities and processes in a wider scope of topics. [24:40] Panorama is a collection of surveys. One survey focuses on vendors and one survey focuses on risk managers. François says there is still room for improvement in this solution. Progress has been made on flexibility and integration capability, with changes to come. [25:12] François sees a need to guarantee the success of such solutions, train users, and provide support to users to streamline how they use the system. Vendors receive feedback to provide customizable solutions, enhanced integration capability, training, user clubs, and more. [26:07] Interconnection is a key area of these tools. With APIs, modular architecture, and code-based solutions, more and more, these tools can connect with other risk management information systems. Some corporations have several risk management systems. [26:45] There are more and more interconnected features in these systems, to allow the risk manager and all the teams involved in the use of the risk management programatics to extract the most important benefits from the use of the tool. [27:04] ESG is a key area where this matters more and more. In Europe, there is a strong push for ESG compliance that requires corporations to gather and manage a huge volume of data that, when organized, is helpful to fuel the risk management processes. [27:33] The report evaluates 52 solutions in four functional categories, covering 17 functional modules and 14 technical modules to allow you to compare and assess the value of the solutions and if they are compatible with your company's technology for audit, risk, and more. [28:22] AMRAE is looking at the functional scope and the depth of the features that are offered. Is the scope well-covered? They are looking at technical capabilities; is it easy to integrate a solution? Is it scalable? How is the user interface? What can the admin customize? [28:45] AMRAE also gathers user feedback and testimonials from using a given tool in real life. That feedback provides robust data capabilities, seamless integration capabilities, and more user-friendly interfaces that will benefit the users of the tool. [29:36] RMIS vendors use AI in predictive analytics of historical data. Risk management is gathering and dealing with historical data linked to risk management topics to anticipate future risks. [29:59] Vendors use AI to automate workflows and streamline data from the field and validation from the stakeholders, reducing manual intervention and increasing confidence in the data quality. All data will be analyzed more easily with AI and integrated into interactive dashboards. [30:34] Dashboarding has improved over the past year to provide more interactive dashboards for better risk insights and risk decision-making processes. [31:10] François has advice for risk managers looking for RMIS software. His most valuable advice is to use the RMIS Panorama. It's freely available to anyone. You can get it in French or English. Besides the Panorama PDF, there is an online platform that allows customization. [31:48] The entire data set from the vendor and risk manager surveys is freely available online. You can customize your analytics of the data based on your use case. [32:32] François speaks of captives and the evolving reinsurance market. The market today is favorable toward captives, a powerful tool for improving corporate risk management and the way corporations are living with ESG. There is a strong push in Europe for captives. [33:22] François has seen the creation of about 20 captives in France. Corporations need captives in the risk management process and risk financing optimization. [34:00] Special thanks again to all of our guests and all of the RISKWORLD attendees who made this year's RISKWORLD Conference so very special. Links to RISKWORLD coverage are in this episode's show notes. [34:13] Mark your calendars for May 3rd through the 6th, and join us at RISKWORLD 2026 in Philadelphia. [34:20] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [34:49] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [35:06] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [35:24] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [35:40] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [35:54] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [36:01] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Links: RIMS Texas Regional 2025 — August 3‒5 | Advance registration rates now open. ERM Conference 2025 — Call for Submissions (Through May 20) RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Risk Management magazine RIMS Now The Strategic and Enterprise Risk Center Spencer Educational Foundation — General Grants 2026 — Application Dates RISKWORLD 2025 — Show Daily! [Bottom of page] 2025 Coast-To-Coast Risk Management Challenge — Applications Open Through May 23 AMRAE RMIS Panorama 2025 New Jersey RIMS Spencer Golf/Pickleball Outing — Oct. 7 Global Trio of Risk Leaders Inducted Into RIMS Risk Management Hall of Fame RIMS Webinars: RIMS.org/Webinars “Asset Valuations in 2025: Managing Tariffs, Inflation, and Rising Insurance Scrutiny” | Sponsored by GRC, a TÜV SÜD Company | May 22, 2025 “Today's Escalating Risk Trajectory: What's the Cause & What's the Solution?” | Sponsored by Zywave | June 5, 2025 “Strategic Risk Financing in an Unstable Economy: Leveraging Technology for Efficiency and Cost Reduction” | Sponsored by Origami Risk | June 17, 2025 Upcoming RIMS-CRMP Prep Virtual Workshops: CBCP & RIMS-CRMP Exam Prep Virtual Bootcamp: “Mastering Business Continuity & Risk Management” | May 19‒22, 2025 | In Collaboration with DRI International Full RIMS-CRMP Prep Course Schedule “Managing Data for ERM” | June 12 | Instructor: Pat Saporito “Generative AI for Risk Management” | June 26 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “RIMS 2025 Risk Manager of the Year, Jennifer Pack” “Risk and Leadership Patterns with Super Bowl Champion Ryan Harris” (RISKWORLD 2025 Keynote) “(Re)Humanizing Leadership in Risk Management with Holly Ransom” “Risk and Relatability with Rachel DeAlto” “Live From RISKWORLD 2024!” “The Rise of RMIS with AMRAE's VP, François Beaume” (2019) Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Audrey Trim, BTM, Responsible Use of Space Coordinator, Risk Management, Risk and Safety Services, Thomson Rivers University BC RIMS Board Member Lucy Straker, Focus Group Leader U.S. Political Violence & Deadly Weapons Protection, Beazley François Beaume, SVP Risks and Insurance, Sonepar, VP AMRAE, [Association for Corporate Risk and Insurance Management] Production and engineering provided by Podfly.
Hackers hijack Japanese financial accounts to conduct billions in trades Education giant Pearson hit by cyberattack exposing customer data Microsoft Teams will soon block screen capture during meetings Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
The stories that matter most to #cybersecurity insiders, analysts, and business leaders. Delivered every day.Check out Barricade Cyber for #incidentresponse, #ransomware protection, and business recovery services: https://barricadecyber.comCheck out John Strand's Pay What You Can Antisyphon Training: https://simplycyber.io/antisyphonAllow what you need, block everything else... Including ransomware. Zero trust Endpoint Protection Platform at https://simplycyber.io/threatlockerTake control of your data and keep your private life private by signing up for DeleteMe at https://simplycyber.io/deleteme promo SIMPLYCYBER for 20% off.Get actionable intelligence and automated remediation for threats across the clear & dark web with Flare! https://simplycyber.io/flareSC Academy - The Place for GRC: https://academy.simplycyber.ioJoin SC Discord: https://SimplyCyber.io/discordPodcast in stream: https://cisoseries.com Follow SC: https://simplycyber.io/socials
On this episode:- We run down the Tuesday Scoreboard - Plus the GRC & GRC West crown conference Track & Field championships- Local tennis teams look to move on to Wednesdays district title match.*Want to thank our year long sponsors Tolly & Associates, Little Caesars of St. Joseph, John Anderson Insurance, Meierhofer Funeral Home & Crematory, Musser Construction, HiHo Bar & Grill, Jayson & Mary Watkins, Matt & Jenni Busby, Michelle Cook Group, Russell Book & Bookball 365, The St. Joseph Mustangs, B's Tees, KT Logistics LLC., Hixson-Klein Funeral Home, James L. Griffith Law Firm of Maysville, Toby Prussman of Premier Land & Auction Group, Barnes Roofing, The St. Joseph School District, HK Quality Sheet Metal, Redman Farms of Maysville, Melissa Winn, Amber & Anthony Henke, Adams Bar & Grill, Green Hills Insurance LLC., Cintas, Thrive Family Chiropractic, IV Nutrition of St. Joseph, J.C's Hardwood Floors, Roth Kid Nation, Serve Link Home Care out of Trenton, Barnett's Floor Renewal LLC., Balloons D'Lux, B3 Renovations, Gabe Edgar, KC Flooring & Drywall, C&H Handyman Plumming, The Hamilton Bank member FDIC, Wompas Graphix & Embroidery of Liberty, The Tabor Family, Ellis Sheep Company of Maysville, Bank Northwest of Cameron, Akey's Catering & Event Rentals, Brown Bear of St. Joseph, Whitney Whitt Agency of Hamilton, Wolf Black Herefords, The KCI Basketball Podcast & Jacob Erdman - Shelter Insurance of Rock Port, Rob & Stacia Studer, Green Family Chiropractic , Annie & Noah Roseberry of Re/Max Professionals, Moseley Farms, Jake Anderson of Shelter Insurance & Bray Farms of Cameron.
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner of YL Ventures. Their sponsored guest is Jadee Hanson, CISO of Vanta. In this episode: Find a partner to work with Fixing the root of burnout The limitations of human vigilance Balancing openness and control Thanks to our sponsor, Vanta. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.
On April 16, the UK Supreme Court handed down a judgement determining that the terms “man," “woman,” and “sex” in the Equality Act 2010 refer to biological sex (not gender identity). After years of fighting for the return of women's sex-based rights, the group For Women Scotland succeeded in winning their case brought against the Scottish Ministers. Going forward, a man identifying as a “woman” or a “transwoman,” even with a gender recognition certificate (GRC), will not be considered female under UK law, and therefore will not be permitted into women-only spaces such as bathrooms, prisons, change rooms, and shelters.Meghan Murphy speaks with Susan Smith, a founder of For Women Scotland, about the group, their fight, and what this win means for women in the UK.The Same Drugs is on X @thesamedrugs_. Meghan Murphy is on X @meghanemurphy and on Instagram @meghanemilymurphy. Find The Same Drugs merch at Fourthwall. Use the Code: Murphy20 for 20% off at TheTruthFits.com.
In this RSAC 2025 episode, Sean Martin sits down with Steve Schlarman, Senior Director of Product Management at Archer Integrated Risk Management, to explore how organizations are rethinking compliance and risk—not just as a box to check, but as a business enabler.At the center of the conversation is Archer Evolve, a new platform intentionally designed to move beyond legacy GRC workflows. Built on years of insight from customers and aligned with the company's post-RSA independence, Evolve aims to modernize how compliance and risk teams operate. That includes automating burdensome regulatory processes, surfacing business-relevant risk insights, and supporting more strategic decision-making.One standout capability comes from Archer's integration of Compliance.ai, a regulatory tech firm the company acquired to accelerate its transformation. By applying AI tuned specifically for the language of compliance, Archer can now help customers reduce review time per regulatory obligation from 100 hours to just a few. That's more than a productivity gain—it's a structural shift in how companies adapt to nonstop regulatory change.Another critical area is quantifying risk. Rather than relying on subjective heat maps, Archer enables organizations to calculate loss exposure in real terms. This creates a foundation for executive conversations rooted in financial and operational impact, not just abstract threat levels. That same quantitative view can be applied to understanding the cost of controls—ensuring that investments align with real business risk, rather than piling on complexity for the sake of coverage.The conversation closes on a powerful shift: risk and compliance teams freeing up time and brainpower to collaborate directly with the business. With the manual grunt work automated and controls mapped more intelligently, these teams can help shape new services and strategic initiatives—safely and confidently.This episode isn't just about software or frameworks. It's about what happens when governance becomes a driver of value, not just a reaction to fear.Listen in to hear how Archer is helping turn risk and compliance from operational drag into business advantage.Learn more about Archer Integrated Risk Management: https://itspm.ag/rsaarchwebNote: This story contains promotional content. Learn more.Guest: Steve Schlarman, Senior Director, Product Management, Archer Integrated Risk Management | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer Integrated Risk Management: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, steve schlarman, risk, compliance, ai, governance, grc, quantification, controls, automation, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We're working on it.” That exchange captured the spirit of the entire event — security is not a destination, it's an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward. ___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what's coming next. With dozens of interviews under their belts, the duo shares what's standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There's a clear sense that the dialogue has shifted: zero trust isn't just a topic; it's embedded across many conversations. AI is no longer speculative—it's embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More