Podcasts about GRC

  • 510PODCASTS
  • 1,963EPISODES
  • 47mAVG DURATION
  • 1DAILY NEW EPISODE
  • Aug 5, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about GRC

Show all podcasts related to grc

Latest podcast episodes about GRC

ITSPmagazine | Technology. Cybersecurity. Society
Solving GRC Fatigue: How AI Is Helping Compliance Teams Do More With Less | An E-V-E GRC Brand Origin Story with Anders Søborg, Co-Founder of Eve, and Mark Humphrey

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Aug 5, 2025 41:47


Governance, risk, and compliance (GRC) has long been burdened by heavy manual processes, slow assessments, and limited visibility. In this Brand Story episode, Sean Martin and Marco Ciappelli are joined by Anders Søborg, Co-Founder of Eve, and Mark Humphrey, who brings two decades of fraud and cybersecurity experience to the team. Together, they unpack how Eve is challenging traditional GRC tools by offering something entirely different: automation with evidence-based intelligence at its core.Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve's mission. He describes a world where compliance doesn't have to mean complexity. Eve's AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.This isn't about replacing people. It's about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99Note: This story contains promotional content. Learn more.Guests:Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/ResourcesRedefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1mlLearn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrcLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Paul's Security Weekly
Weekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418

Paul's Security Weekly

Play Episode Listen Later Aug 4, 2025 105:52


The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

Enterprise Security Weekly (Audio)
Weekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418

Enterprise Security Weekly (Audio)

Play Episode Listen Later Aug 4, 2025 105:52


The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

Enterprise Security Weekly (Video)
Weekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418

Enterprise Security Weekly (Video)

Play Episode Listen Later Aug 4, 2025 105:52


The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Show Notes: https://securityweekly.com/esw-418

CXOInsights by CXOCIETY
PodChats for FutureCIO: Strategies for LCNC audit workflow builders in 2026

CXOInsights by CXOCIETY

Play Episode Listen Later Aug 4, 2025 22:33


Gartner predicts that by 2026, developers outside formal IT departments will account for at least 80% of the user base for low-code development tools.While citizen developers boost agility, decentralised creation brings new risks in the form of shadow IT, fragmented systems, data silo sprawl and data exposure, and compliance gaps.But with proper leadership, LCNC can empower audit and other teams to innovate quickly while staying aligned with enterprise goals.In this PodChats for FutureCIO, Leonard Tan, regional director for Singapore, Malaysia, Brunei and Greater China at OutSystems shares his observations and perspective on the essentials for LCNC audit workflow builders.Leonard, welcome to PodChats for FutureCIO.1.       Briefly give us a state of the low-code/no-code (LCNC) adoption in Asia in 2025. 2.       What are LCNC Audit Workflow Builders? What are the strategic objectives for adopting these? 3.       What governance model and policies must be enforced to effectively manage decentralised citizen development of audit workflows? 4.       How do these LCNC platforms ensure compliance with diverse regional data privacy regulations and regulatory frameworks across Asia? 5.       How do organisations maintain an up-to-date inventory and ensure consistent oversight of all LCNC audit workflows developed centrally and departmentally? Who should be in-charge of this?6.       List one proven way LCNC audit tools are adequately integrated with core enterprise systems (ERP, GRC, data lakes) for seamless data sharing, reporting, and end-to-end auditability of critical processes? 7.       What specific training, support frameworks, and guardrails must be provided to non-IT users to empower them to build compliant and effective audit workflows? 8.       How can leaders regularly assess and mitigate risks (including auditing the audit workflows themselves for integrity and accuracy) stemming from rapid, decentralised development, and ensure automated compliance reporting? Who should be leading/doing this?9.       Closing off our PodChats, what key metrics and KPIs will organisations use to track/measure the effectiveness, efficiency, compliance, and overall success of their LCNC audit workflow initiatives? 

Great Lakes Fishing Podcast
GRC Trolling Flies with Patrick Yohon - Great Lakes Fishing Podcast Episode #265

Great Lakes Fishing Podcast

Play Episode Listen Later Jul 28, 2025 19:43


We're talking fishing with Patrick Yohon from GRC Trolling Flies in New York. Patrick started GRC while truck driving and has built it into one of the most popular lure manufacturers in Great Lakes fishing. Patrick makes trolling flies, laker bells, meat rigs, and much more. Today's conversation is from the Greater Niagara Fishing Expo back in February. For more Great Lakes fishing information, visit https://fishhawkelectronics.com/blog/

Risk Management Show
AI Risk Management: Guardrails You Must Implement Now with Aayush Choudhury

Risk Management Show

Play Episode Listen Later Jul 24, 2025 11:32


AI Risk Management is essential, and in this episode, we discussed the critical guardrails you must implement now to keep your AI applications secure and trustworthy. Featuring Aayush Choudhury, CEO of Strut Automation, this conversation delves into key strategies for dependability in AI systems, tackling challenges like data leaks, unauthorized access, and prompt injection.  Aayush brings deep expertise in GRC automation, sharing insights on ISO 42001, NIST AI RMF, and OWASP's top 10 for AI security. If you're navigating AI risk management in customer-facing or internal applications, this episode offers valuable guidance on designing robust frameworks and controls from the start. Learn how to safeguard sensitive information and ensure responsible AI use while staying ahead in an evolving digital landscape. If you want to be our guest or suggest someone, send your email to info@globalriskconsult.com with "Guest Suggestion" in the subject line.

The Ethics Experts
Episode 223 - Anitha Vittal

The Ethics Experts

Play Episode Listen Later Jul 21, 2025 47:18


In this episode of The Ethics Experts, Nick welcomes Anitha Vittal.Anitha is recognised as a global ethics, risk, compliance and internal audit leader with proven experience and expertise in establishing Centres of Excellence at GCCs across industry verticals.A passionate professional, she has over 23 years of service in leading and developing high performing teams across India, Europe and US markets. Her engagements include - internal audit, risk management, compliance, business process and financial compliance, data privacy, SoX, GRC program management, digitisation.

Cyber Work
From security audits to privacy consulting: Building a GRC practice | Will Sweeney

Cyber Work

Play Episode Listen Later Jul 21, 2025 42:20 Transcription Available


Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastWill Sweeney, founding and managing partner of Zaviant, joins the Cyber Work Podcast to discuss the evolving landscape of data privacy and GRC (governance, risk and compliance). With experience overseeing complex information security audits for Fortune 100 companies, Will shares insights on everything from the key differences between security auditing and implementation to whether privacy regulatory frameworks will continue multiplying or begin consolidating. He offers practical advice for GRC aspirants, emphasizing the importance of understanding core security processes rather than getting lost in framework structures. Will also discusses the challenges of starting a consultancy practice and provides valuable career guidance for those looking to transition into the data privacy and compliance space.0:00 - Intro1:15 - Cybersecurity Salary Guide promo2:30 - Will Sweeney and his early tech background6:45 - Building his first high school website9:20 - Career pivot from IT to data privacy and GRC12:15 - Audit vs. implementation: Understanding the difference16:30 - Starting Zaviant and the GDPR opportunity20:45 - Current challenges in data privacy compliance24:10 - Common security gaps companies overlook28:30 - Breaking into GRC: Skills and career advice32:45 - Starting a consultancy: Hidden challenges36:20 - The future of privacy regulations and AI impact40:15 - Career advice for help desk professionals41:30 - Closing thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

The Evolution Exchange Podcast Nordics
Evo Nordics #634 - Building An Effective Security GRC Strategy

The Evolution Exchange Podcast Nordics

Play Episode Listen Later Jul 18, 2025 47:32


Chris Hackett hosts a dynamic conversation on governance, risk, and compliance with Alexander Zeitlberger, Head of Recoveries and Collections at Klarna; Joakim Lundberg, Director of Security Consulting at Kyndryl; Luis Martinez, Global AI Compliance Manager at ASSA ABLOY; and Nithya Prabakaran, IS and GRC Team Lead at EasyPark Group. The episode explores effective GRC strategies, AI compliance, and evolving cybersecurity governance practices. Tune in to hear how industry leaders are navigating complex risk landscapes with innovation, agility, and secure infrastructure.

InfosecTrain
RSA Archer Demo & Career Guide: Master GRC Tools for the Future

InfosecTrain

Play Episode Listen Later Jul 17, 2025 39:58


Get hands-on with RSA Archer, one of the most powerful platforms in Governance, Risk, and Compliance (GRC). In this session, we walk you through a practical demo of RSA Archer's key modules—from risk management and audit workflows to policy automation and compliance tracking.Whether you're just starting in GRC or upskilling for the next role, this episode will help you understand how RSA Archer is used in real-world scenarios and why it's a must-have skill in the cybersecurity and risk management domain.We also cover career pathways, certifications, and job roles related to RSA Archer, along with expert tips to boost your growth in this high-demand field.

State of Play: Summer Games
Bonus Episode 2: FIFA's Club World Cup Circus

State of Play: Summer Games

Play Episode Listen Later Jul 16, 2025 23:07


FIFA's Club World Cup CircusFor credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/bonus-episode-2-fifas-club-world-cup-circus/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

Resilient Cyber
Resilient Cyber w/ Jim Manico - Enhancing Software Security in the Era of AI

Resilient Cyber

Play Episode Listen Later Jul 14, 2025 20:06


In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI.This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec.We discussed:A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings.The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so.The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise.The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable).Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.

Cyber Security Headlines
Outlook outage continues, Iranian APT activity, Russian ransomware arrest

Cyber Security Headlines

Play Episode Listen Later Jul 11, 2025 9:47


Look Out! Another Outlook Outage Iranian APTs increased activity against U.S. industries in late spring Russian basketball player arrested in France over alleged ransomware ties Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.

Cyber Security Headlines
Week in Review: ChatGPT URL vulnerability, McDonald's password problem, Perfekt Bluetooth blunder

Cyber Security Headlines

Play Episode Listen Later Jul 11, 2025 25:21


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, vp, CISO, Tampa General Hospital Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com  

Cyber Security Headlines
AMD has CPU meltdown, Mozilla Thunderbird has vulnerabilities, Indian defense sector attacked

Cyber Security Headlines

Play Episode Listen Later Jul 10, 2025 7:46


AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Bitcoin Depot breach exposes data of nearly 27,000 crypto users, More than $40 million stolen from GMX crypto platform Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

Cyber Security Headlines
Rubio Spoofed, RondoDox Botnet, Batavia Spyware

Cyber Security Headlines

Play Episode Listen Later Jul 9, 2025 8:43


Four members of President Trump's cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

CISO-Security Vendor Relationship Podcast
Not Enough Hallucinations? Let's Outfit Your LLM with Another LLM

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jul 8, 2025 35:54


All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers. In this episode: AI agents require structured supervision, not autonomy Hiring for potential over credentials in cybersecurity AppSec training effectiveness depends on organizational relevance AI oversight requires purpose-built models, not general solutions A huge thanks to our sponsor, Vanta Vanta's Trust Management Platform helps 10k+ companies—like Atlassian, Quora, and Chili Piper—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. Get started at Vanta.com/CISO

Cyber Security Headlines
Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers

Cyber Security Headlines

Play Episode Listen Later Jul 8, 2025 8:33


Call of Duty game pulled from PC store after reported exploit U.S. military gets cybersecurity boost Bank employee helped hackers steal $100M Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

Cyber Security Headlines
Ingram Micro cyberattack, Telefonica possible breach, LLM URL recommendation problem

Cyber Security Headlines

Play Episode Listen Later Jul 7, 2025 8:08


Ingram Micro suffers ransomware attack Hacker leaks Telefónica data allegedly from new breach ChatGPT prone to recommending wrong URLs, creating a new phishing opportunity Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.    

Joey Pinz Discipline Conversations
#652 ITN Secure-Ozzie Saeed : ⚙️ Compliance Isn't Optional—It's Opportunity

Joey Pinz Discipline Conversations

Play Episode Listen Later Jul 2, 2025 28:01 Transcription Available


Send us a textWhy fear compliance when it can fuel your growth? In this rich and revealing episode from IT Nation Secure 2025, Joey Pinz sits down with Ozzie Saeed, founder of IntelliGRC, to unpack why MSPs should stop dreading cybersecurity frameworks like CMMC—and start seeing them as strategic advantages.

State of Play: Summer Games
Bonus Episode 1: Is Los Angeles Ready?

State of Play: Summer Games

Play Episode Listen Later Jul 2, 2025 22:29


Is Los Angeles Ready? For credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/s01be01-losangeles/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

Resilient Cyber
Resilient Cyber w/ AJ Yawn - Transforming Compliance Through GRC Engineering

Resilient Cyber

Play Episode Listen Later Jun 30, 2025 35:53


In this episode, we sat down with AJ Yawn, Author of the upcoming book GRC Engineering for AWS and Director of GRC Engineering at Aquia, to discuss how GRC engineering can transform compliance.We discussed the current pain points and challenges in Governance, Risk, and Compliance (GRC), how GRC has failed to keep up with software development and the threat landscape, and how to leverage cloud-native services, AI, and automation to bring GRC into the digital era.We dove into:What the phrase “GRC Engineering” means and how it differs from traditional Governance, Risk and ComplianceWhat some of the major issues are with traditional compliance in the age of DevSecOps, Cloud, API's, Automation and now AISpecific examples of GRC Engineering, including the use of automation, API's and cloud-native services to streamline security control implementation, assessment and reportingThe promise and potential of AI in GRC, and how AJ is using various models for control assessments, artifact creation and more, and how GRC practitioners should be leveraging AI as a force multiplierAJ's new book “GRC Engineering For AWS: A Hands-On Guide to Governance, Risk and Compliance Engineering”

The Tech Blog Writer Podcast
3327: MetricStream - How AI Is Reshaping Governance, Risk and Compliance (GRC)

The Tech Blog Writer Podcast

Play Episode Listen Later Jun 26, 2025 32:39


When I last spoke with Gaurav Kapoor five years ago, we were in the thick of a global pandemic. Remote work was still a novelty for many, AI was a distant concept for most businesses, and regulatory frameworks were trying to keep pace with the speed of technological change. Fast forward to today, and the conversation around AI and governance, risk, and compliance (GRC) has shifted dramatically. This made it the perfect time for a long-overdue catch-up. In this episode, I welcomed back Gaurav, Vice Chairman and Co-founder of MetricStream, to discuss the changing face of GRC in an AI-driven world. AI has now reached a level of ubiquity that places it alongside electricity and Wi-Fi as a foundational layer of both business and everyday life. But with that integration comes risk, and with risk comes the need for smarter, more adaptive governance. Gaurav shared how AI is no longer just about efficiency gains. It is becoming embedded into the fabric of enterprise risk frameworks, from real-time regulatory monitoring to predictive analytics and risk forecasting. We talked about the impact of the current political climate, including policy shifts following President Trump's return to office and how deregulation narratives are colliding with the complexity of global compliance expectations. This was not just a theoretical discussion. Gaurav broke down real-world use cases that show how large enterprises are navigating everything from redundant compliance testing to emerging threats discovered through AI-driven analysis. He also spoke candidly about the challenges ahead, how companies can fall behind if they wait too long to modernize their frameworks, and what is at stake when they fail to build trust into their AI systems. So how do you evolve GRC in an age where the pace of change is relentless? What role does AI really play in risk leadership today? And how can companies move from reactive to proactive without losing control? Join me as we explore the next chapter of GRC with one of its leading voices.

The Tech Trek
Her Journey: Sales Leader to Cybersecurity CEO

The Tech Trek

Play Episode Listen Later Jun 24, 2025 20:58


In this episode, Amir sits down with Brooke Motta, CEO and co-founder of RAD Security, to unpack her career pivot from sales leadership to becoming a founder in the cybersecurity space. Brooke shares how her go-to-market background shaped her approach to building RAD, the challenge of stepping into technical leadership, how she's managing growth through hiring, and what's ahead for security and AI. Whether you're a technical founder or commercial operator, this one's packed with practical insight.

Resilient Cyber
Resilient Cyber w/ Bob Ritchie - Securing Federal & Defense Digital Modernization

Resilient Cyber

Play Episode Listen Later Jun 23, 2025 40:58


In this episode, I sit down with SAIC Chief Technology Officer (CTO) and longtime Federal/Defense leader Bob Ritchie to discuss his experience securing public sector digital modernization, including everything from large multi-cloud environments to zero trust, identity, and where things are headed with AI.Bob starts discussing SAIC and his background there. He went from intern to CTO over 20 years with this public sector industry leader, including a brief stint with Capital One on the commercial side.We covered the current state of the federal cloud community across multiple clouds (e.g., Azure, AWS, and GCP) and some of the challenges and opportunities on the security front.We often hear phrases such as “identity is the new perimeter,” but the perimeter is porous and problematic, especially in large, disparate environments such as the Federal/Defense ecosystem. Bob touched on the current state of identity security in this ecosystem, where progress is being made and what challenges still need to be tackled.The government is doing a big push towards Zero Trust, with the Cyber EO 14028, Federal/Defense ZT strategies, and more. But how much progress is being made on ZT, and where can we look for examples of innovation and success?We dove into the rise of excitement and adoption of AI, GenAI, Agentic AI, and protocols such as MCP, A2A, and where the public sector community can lean into Agentic AI for use cases ranging from SecOps, AppSec, GRC, and more.Bob explains how he balances a good business focus while staying deep in the weeds and proficient in relevant emerging technologies and nuances required as a CTO.I've known Bob for several years, and you would be hard pressed to find a more competent technology leader. This is not one to miss!

FCPA Compliance Report
#Risk New York Speaker Series – Inside Behavioral Insights: Tom Hardin on Compliance at #RiskNYC

FCPA Compliance Report

Play Episode Listen Later Jun 20, 2025 6:45


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox is joined by Tom Hardin, a former hedge fund analyst known as Tipper X, who shares his unique journey from insider trading informant to a global speaker on compliance and risk. Hardin previews his upcoming panel on applying behavioral science to design effective GRC programs at the #RiskNYC conference. He discusses topics such as cognitive biases, social norms, and rationalizations in decision-making, emphasizing the enduring nature of human behavior despite technological advancements. The episode highlights Hardin's goal of fostering deeper connections between psychology, technology, and regulation to build more proactive and resilient risk cultures. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Tom Hardin on LinkedIn Visit Tipper X Website Learn more about your ad choices. Visit megaphone.fm/adchoices

FCPA Compliance Report
#Risk New York Speaker Series - Upping Your Game with Tom Fox

FCPA Compliance Report

Play Episode Listen Later Jun 19, 2025 6:09


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode of the Risk New York podcast series, Tom Fox introduces the upcoming Risk New York Conference, scheduled for July 9-10 at Fordham Law School. The conference, hosted by GRC World Forums, will focus on various aspects of risk management, including AI, tech risk, financial and crypto risk, and GRC frameworks. Tom discusses his keynote based on his book ‘Upping the Game' and highlights key speakers and exhibitors, including Robert Clark from Howard University, Bill Coffin and Erica Alburn from Ecosphere, and Michael Rasmussen, known as the father of GRC. The episode highlights the importance of the conference and provides details on discounted tickets, as well as other information available in the show notes. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Compliance Podcast Network Website Tom Fox Instagram Facebook YouTube Twitter LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

GRC Academy
The Business Case for CMMC - Surviving DOGE

GRC Academy

Play Episode Listen Later Jun 19, 2025 52:53


CMMC certification could be the key to surviving DOGE cuts!

FCPA Compliance Report
#Risk New York Speaker Series- Ethicast Reacts: Unpacking Compliance Challenges with Erica Salmon Bryne and Bill Coffin

FCPA Compliance Report

Play Episode Listen Later Jun 18, 2025 10:53


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox is joined by Erica Salmon Byrne, Chief Strategy Officer and Executive Chair at Ethisphere, and Bill Coffin, Editor-in-Chief at Ethisphere. The conversation delves into their roles in the compliance community, focusing on their work with the Ethicast Reacts series. They discuss how they analyze news stories to extract compliance lessons, help organizations understand and mitigate risks, and create storytelling opportunities to advance compliance programs. They also share their excitement for their upcoming presentation at the Risk New York City conference, where they'll engage with professionals from diverse backgrounds. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Erica Salmon Byrne on LinkedIn Bill Coffin on LinkedIn Ethisphere Learn more about your ad choices. Visit megaphone.fm/adchoices

CISO-Security Vendor Relationship Podcast
We Checked the “Yes” Box for Cybersecurity. What Else Do We Have to Do?

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jun 17, 2025 41:24


All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alex Hall, CISO, Gensler. In this episode: Evaluating secure messaging beyond the app Reframing compliance as a business enabler Incremental security investment vs. crisis response Why culture, not punishment, drives secure behavior Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.  

FCPA Compliance Report
#Risk New York Speaker Series- AI Investments and Political Uncertainty with Chris Mason

FCPA Compliance Report

Play Episode Listen Later Jun 16, 2025 6:48


Join myself and hundreds of other GRC professionals in the city that never sleeps, New York City on July 9 & 10 for one of the top conferences around #Risk New York. current US landscape – shaped by evolving policies, rapid AI advancements, and shifting global dynamics – demands adaptive strategies and cross-functional collaboration. At #RISK New York you will master the New Regulatory Reality by Getting ahead of US regulatory shifts and their impact. Conquer AI & Tech Risk by Safeguarding your organization in an AI-driven world and understand the implications of major tech investments. Navigate Financial & Crypto Volatility by Protecting assets and explore solutions in a dynamic market. Strengthen Your GRC Framework by Leverage governance, risk, and compliance for strategic advantage. Protect Digital Trust by Addressing challenges in cybersecurity, data privacy, and combating misinformation. All while meeting  In this episode, Tom Fox talks with Chris Mason, who recently launched his risk advisory practice, Woodhorn Global, focusing on due diligence investigations. Chris shares insights about his upcoming presentations at the #RiskGRC conference in July, focusing on AI investments and political uncertainty affecting the GRC (Governance, Risk, and Compliance) community. They discuss the significance of AI in the field and the importance of adapting to political changes. Chris also highlights the value of in-person events to understand best practices and navigate the evolving risk landscape. Resources #Risk Conference Series #RiskNYC-Tickets and Information Chris Mason on Linkedin Learn more about your ad choices. Visit megaphone.fm/adchoices

FCPA Compliance Report
#Risk New York Speaker Series - Exploring AI Risks in Compliance with Gwen Hassan

FCPA Compliance Report

Play Episode Listen Later Jun 13, 2025 5:47


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox talks with Gwen Hassan, the Chief Compliance Officer for Unisys Corporation, about her role and the upcoming #RiskNYC conference. Gwen shares insights into Unisys' operations, including the various technologies and services they provide, and highlights her responsibilities in managing global ethics, compliance, and trade compliance risks. She also gives a teaser about her panel presentation on the compliance and ethics risks associated with artificial intelligence, stressing the importance of understanding AI's impact on company culture and regulatory compliance. Gwen expresses her excitement about the conference, emphasizing the value of engaging with fellow risk management experts. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Gwen Hassan on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Week in Review: Google and Cloudflare outages, Copilot Zero-Click, Cloudflare's Claude flair

Cyber Security Headlines

Play Episode Listen Later Jun 13, 2025 25:20


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com

Cyber Security Headlines
Microsoft Entra attack, Thursday's Cloud outages, Mark Green retires

Cyber Security Headlines

Play Episode Listen Later Jun 13, 2025 8:10


Hackers attacks target Microsoft Entra ID accounts using pentesting tool Google Cloud and Cloudflare outages reported House Homeland Chairman Mark Green announces his departure Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at  Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

FCPA Compliance Report
#Risk New York Speaker Series - Exploring the Future of GRC with Michael Rasmussen

FCPA Compliance Report

Play Episode Listen Later Jun 12, 2025 6:01


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox welcomes Michael Rasmussen, a renowned expert in Governance, Risk Management, and Compliance (GRC), often referred to as the ‘father of GRC.' Michael shares insights into his contributions to the field, including his work with the SEG GRC Capability Model. The conversation highlights Michael's anticipated presentation on ‘The Future of GRC' at the upcoming risk conference in New York City. Drawing inspiration from Star Trek (TOS, and how can you not love that?), Michael emphasizes the importance of managing business risks effectively. The discussion also touches on the benefits of face-to-face interactions and networking opportunities at such conferences. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Michael Rasmussen on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
CoPilot zero-click, Operation Secure, FIN6 targets recruiters

Cyber Security Headlines

Play Episode Listen Later Jun 12, 2025 7:43


Zero-click data leak flaw in Copilot Operation Secure targets infostealer operations FIN6 targets recruiters Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta.  With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information.  The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive.  Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.

FCPA Compliance Report
#Risk New York Speaker Series - The Future of AI Governance in GRC with Matt Kelly

FCPA Compliance Report

Play Episode Listen Later Jun 11, 2025 11:42


Join Tom Fox and hundreds of other GRC professionals in the city that never sleeps, New York City, on July 9 & 10 for one of the top conferences around, #Risk New York. The current US landscape, shaped by evolving policies, rapid advancements in AI, and shifting global dynamics, demands adaptive strategies and cross-functional collaboration. At #RISK New York, you will master the New Regulatory Reality by getting ahead of US regulatory shifts and their impact. Conquer AI and Tech Risk by Safeguarding Your Organization in an AI-Driven World and Understanding the Implications of Major Tech Investments. Navigate Financial and Crypto Volatility by Protecting Your Assets and Exploring Solutions in a Dynamic Market. Strengthen Your GRC Framework by Leveraging Governance, Risk, and Compliance for Strategic Advantage. Protect Digital Trust by addressing challenges in cybersecurity and data privacy, and combating misinformation. All while meeting with the country's top #Risk management professionals. In this episode, Tom Fox talks with Matt Kelly about his presentation on the importance of understanding how AI can be productively adopted within enterprises, as well as the ethical challenges it presents, including discrimination and data validity. Matt also discusses the importance of AI governance and offers a preview of his upcoming presentation on this topic. Matt expresses his eagerness to engage with other GRC professionals at the forthcoming conference to exchange ideas and discuss emerging risks in third-party and vendor risk management. Resources: #Risk Conference Series #RiskNYC—Tickets and Information Matt Kelly on LinkedIn Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
40K IoT cameras stream secrets to browsers, Marks & Spencer taking online orders post-cyberattack, PoC Code escalates Roundcube Vuln threat

Cyber Security Headlines

Play Episode Listen Later Jun 11, 2025 8:04


CISA, Microsoft warn of Windows zero-day used in attack on ‘major' Turkish defense org 40K IoT cameras worldwide stream secrets to anyone with a browser Marks & Spencer begins taking online orders again, out for seven weeks due to cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta.  With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information.  The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive.  Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.

Cyber Security Headlines
Cybersecurity News: Brute forcing Google accounts, Guardian's Secure Messaging, UNFI cyberattack

Cyber Security Headlines

Play Episode Listen Later Jun 10, 2025 8:13


Brute forcing phone numbers linked to Google accounts The Guardian launches Secure Messaging service United Natural Foods hit by cyberattack Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta.  With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information.  The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive.  Get back time to focus on strengthening security and scaling your business. Get started at Vanta.com/headlines.

CISO Tradecraft
#236 - Build a World Class GRC Program (with Matt Hillary)

CISO Tradecraft

Play Episode Listen Later Jun 9, 2025 46:30 Transcription Available


In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations. Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/ Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/ Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/  Chapters 01:39 Meet Matt Hillary: CISO of Drata 06:06 The Evolution of GRC and Trust Management 14:48 Continuous Compliance and Automation 19:26 Compliance as Code: The Future of GRC 22:18 The Importance of Getting It Right the First Time 23:15 Customer Compliance Challenges 24:21 Vendor Risk Management and Trust Building 26:26 Leveraging AI for Compliance and Risk Management 31:43 Evaluating Credibility of Third-Party Evidence 41:09 Common Mistakes in GRC Programs 43:56 Final Thoughts and Industry Call to Action

Cyber Security Headlines
Cyber executive order, Neuberger's infrastructure warning, Mirai botnet warning

Cyber Security Headlines

Play Episode Listen Later Jun 9, 2025 8:42


Presidential cyber executive order signed Neuberger warns of U.S. infrastructure's cyberattack weakness Mirai botnet infects TBK DVR devices Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at  Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

CISO-Security Vendor Relationship Podcast
AI Isn't Going to Take Your Job, It's Going to Eliminate It! (LIVE at BSidesSF)

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jun 3, 2025 44:44


All images and links can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Alexandra Landegger, global head of cyber strategy & transformation, RTX. In this episode: A cybersecurity fast-track? When Ambition Becomes a Liability Giving the CVE Program the Credit It Deserves Elevating human cyber talent with AI Huge thanks to our sponsors, Nudge Security, SecurityScorecard, and Vanta Take control of SaaS security and AI governance with Nudge Security. Start a free trial today and get a full inventory of all SaaS and GenAI accounts in minutes along with risk insights and automation to help you quickly improve your security posture. Get started here: nudgesecurity.com/cisoseries   Third-party risk doesn't stop at monitoring. SecurityScorecard delivers real-time detection and response across your supply chain—helping you fix vulnerabilities before they become breaches. Empower your team with expert-driven remediation, continuous vendor oversight, and board-ready insights that drive results.   Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

Unsupervised Learning
The Future of Hacking is Context

Unsupervised Learning

Play Episode Listen Later Jun 3, 2025 33:45 Transcription Available


Sponsored by Vanta. Vanta takes the busywork out of GRC so you can focus on what actually matters—improving your security, not chasing compliance. https://ul.live/vanta This isn’t just another AI podcast. It’s about the deeper shift that’s happening in cybersecurity—away from individual tools and dashboards, and toward real-time, comprehensive world models of what we’re trying to protect or attack. I'll walk through how I came to this idea, what it means for security assessments, red teaming, vuln management, and beyond—and why context, not AI, is the actual revolution.

MSP 1337
GRC Platforms and Other Tools

MSP 1337

Play Episode Listen Later Jun 2, 2025 27:32


Sitting with Henry Tim of Tech Degenerates and Phantom Technology Solutions to talk about GRC platforms. What makes it a GRC platform? How important is a GRC in my MSP? These questions and several others are tackled, and I think we have found some answers.

The FIT4PRIVACY Podcast - For those who care about privacy
ISO 27001 with Tania Postil and Punit Bhatia in the FIT4PRIVACY Podcast E139 S06

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later May 22, 2025 29:12


Are you protecting your data the right way? Trust is everything—but how do organizations build and maintain it? One way is through ISO 27001, the globally recognized Information Security Management System (ISMS) standard that ensures data security and risk management.  In this insightful episode of the FIT4PRIVACY Podcast, Tania Postil joins Punit Bhatia to discuss the critical role of ISO 27001 in shaping digital trust and securing sensitive data. Whether you're a privacy professional, IT leader, business owner, or someone concerned about cybersecurity, this episode provides valuable insights into why ISO 27001 is essential for securing data and building trust.  KEY CONVERSION POINT 00:02:14 What is digital trust? 00:11:09 Role of auditor plays in making the perception of Digital Trust real? 00:13:55 What is Information Security Standard and how does it help? 00:18:07 ISO 27000 Training 00:21:50 Who would benefit from ISO 27000?  ABOUT GUEST Tania Postil is a GRC and IT risk consultant, automation enthusiast and innovation evangelist. Since 2021 Tania has joined ISACA Belgium Board and is currently a Communication Director and Programme Chair.  Leading information security assignments, Tania combines no-nonsense approach with human attitude.  Recognized for analytical skills combined with efficient communication as well as proven track record in rendering processes more efficient.  Eager to bring value to your team by performing / assisting to audit and consultancy assignments.  ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.  As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/taniapostil/  Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy 

ITSPmagazine | Technology. Cybersecurity. Society
Why AI Needs Context, Not Just Hype | A Conversation With Steve Schlarman, Senior Director, Product Management at Archer | An RSAC Conference 2025 Post-Event Brand Story

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 21, 2025 7:31


In this post-RSAC 2025 Brand Story, Marco Ciappelli catches up with Steve Schlarman, Senior Director of Product Management at Archer, to discuss the evolving intersection of GRC, AI, and business value. From regulatory overload to AI-enhanced policy generation, this conversation explores how meaningful innovation—grounded in real customer needs—is shaping the future of risk and compliance.Not All AI Is Created Equal: The Archer ApproachRSAC 2025 was buzzing with innovation, but for Steve Schlarman and the Archer team, it wasn't about showing off shiny new toys—it was about proving that AI, when used with purpose and context, can truly enhance the risk and compliance function.Steve, Senior Director of Product Management at Archer, breaks down how Archer Evolve and the recent integration of Compliance.ai are helping organizations address regulatory change in a more holistic, automated, and scalable way. With silos still slowing down many companies, the need for tools that actually do something is more urgent than ever.From Policy Generation to Risk NarrativesOne of the most practical applications discussed? Using AI not just to detect risk, but to help write better risk statements, control documentation, and even policy language that actually communicates clearly. Steve explains how Archer is focused on closing the loop between data and business impact—translating technical risk outputs into narratives the business can actually act on.AI with a Human TouchAs Marco notes, AI in cybersecurity has moved from hype to hesitation to strategy. Steve is candid: some customers are still on the fence. But when AI is delivered in a contextual way, backed by customer-driven innovation, it becomes a bridge—not a wedge—between people and process. The key is not AI for the sake of AI, but for solving real, grounded problems.What's Next in Risk? Better ConversationsLooking ahead, Schlarman sees a shift from “no, we can't” to “yes, and here's how.” With a better grasp on loss exposure and control costs, the business conversation is changing. AI-powered storytelling and smart interfaces might just help risk teams have their most effective conversations yet.From regulatory change to real-time translation of risk data, this is where tech meets trust.⸻Guest: Steve Schlarman, Senior Director, Product Management, Archert | https://www.linkedin.com/in/steveschlarman/ResourcesLearn more and catch more stories from Archer: https://www.itspmagazine.com/directory/archerLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:steve schlarman, marco ciappelli, rsac2025, archer evolve, compliance.ai, regulatory change, grc, risk management, ai storytelling, cybersecurity, compliance, brand story, rsa conference, cybersecurity strategy, risk communication, ai in compliance, automation, contextual ai, integrated risk management, business risk narrative, itspmagazine______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

T-Minus Space Daily
GRC and DevSecOps are non-negotiable for space startups.

T-Minus Space Daily

Play Episode Listen Later May 17, 2025 24:47


GRC (Governance, Risk, and Compliance) and DevSecOps (Development, Security, and Operations) are complementary frameworks that aim to ensure secure and compliant software development. Our guest today is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Brandon explains  why integrated GRC and DevSecOps are non-negotiables for space startups.  Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It'll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISO-Security Vendor Relationship Podcast
I'm Not Looking Down at You, I'm Looking Down at What You're Doing

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later May 13, 2025 41:40


All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is our sponsored guest, Saket Modi, co-founder and CEO, SAFE Security. In this episode: Elevating AI to table stakes Security for the real world Using dynamic models for TPRM The agentic AI augmentation  Huge thanks to our sponsor, SAFE Security SAFE (#1 platform to unify the management of all cyber risks) has reinvented cyber risk management with Agentic AI. We help CISOs, TPRM, and GRC leaders become strategic business partners by automating the understanding, prioritization and management of cyber risk—accelerating AI adoption and digital transformation.

CISO-Security Vendor Relationship Podcast
They're Not AI Mistakes, They're Happy Little Incidents

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later May 6, 2025 45:35


All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner of YL Ventures. Their sponsored guest is Jadee Hanson, CISO of Vanta. In this episode: Find a partner to work with Fixing the root of burnout The limitations of human vigilance Balancing openness and control Thanks to our sponsor, Vanta. Automate, centralize, & scale your GRC program with Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.