December 1, 2021
by Cyber Ranch
This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host. A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’. In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value.
In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?’ (The cultural impact and implementation, risk register, achieving actionable results and much more).
Join Allan and the Security & Compliance Weekly team as they dive into overcoming cultural barriers, a continued conversation on the order of priority (“RGC” vs. “GRC”, for example), and enlisting allies in the business.
2:20 Implementing GRC culturally – Flee's take
4:13 Jeff’s take
6:16 Kat’s take
10:43 The CISO – Turning compliance data into actionable results – Jeff’s take as an assessor
13:56 Kat’s take as an assessor
15:41 Flee’s take as a CISO
21:13 Understanding perspectives from all parties
28:10 Sharing problems upstream/Audits vs. Assessments
34:48 Flee’s take on “governance vs. doctrine”
37:43 Risk register – training for self sufficiency
42:40 Get in touch!
Check out Security and Compliance Weekly!
Follow Kat Valentine on LinkedIn
Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store
Sponsored by our good friends at AttackIQ
Allan is joined by AJ Grotto: William J. Perry International Security Fellow and Founding Director of the Program on Geopolitics, Technology and Governance at Stanford University. He also serves as the faculty lead for the cyber policy specializatio...
Warning: Some naughty language in this show, but well placed naughty language! Challenge issued!!!! Allan has teamed up with TWO other podcasts to take on the insufferable marketing that floods the cybersecurity industry in the month of October! Who ...
Nearly 43% of cyber-attacks are on small businesses. 82% of ransomware attacks were targeted at companies with less than 1000 employees. 61% of SMBs were the target of a Cyberattack in 2021. 37% of companies hit by ransomware had fewer than 100 emplo...
You know you're being watched, right? Imagine for some reason you needed to bury a treasure where nobody would ever find it. In today's society, how could you even do that? How can you get from Point A to Point B without being observed or tracked i...
In this LIVE! show at Black Hat, Allan and his friend George Finney (recurring guest, CISO @ SMU, multi-times author and CEO of Well Aware Security) discuss cybersecurity in popular culture. They talk about the impact on real-world cybersecurity pra...
Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode. Did you get to attend Black Hat this year? See if your experience w...
The OpenSSF is doing invaulable work for the cybersecurity community. And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever! Omkhar is back to talk ...
Cloud security remediation can be a daunting task that impacts Dev, Sec and Ops teams all. And it can be a huge, manual, pain in the... You get the idea. But there are techniques to navigate it and to overcome many of the common traps and hurdles....
In this episode, Allan and Drew tackle and interesting subject that was suggested by Drew and that Allan posted for the LinkedIn community to gather around: things we believe in cybersecurity that we cannot prove. The LinkedIn conversation was phenom...