December 1, 2021

GRC: ”Now What?” w/ Security & Compliance Weekly

by Cyber Ranch

Show Notes

This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host.  A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’.  In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value.

In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?’ (The cultural impact and implementation, risk register, achieving actionable results and much more).

Join Allan and the Security & Compliance Weekly team as they dive into overcoming cultural barriers, a continued conversation on the order of priority (“RGC” vs. “GRC”, for example), and enlisting allies in the business.


Key Takeaways:

2:20 Implementing GRC culturally – Flee's take

4:13 Jeff’s take

6:16 Kat’s take

10:43 The CISO – Turning compliance data into actionable results – Jeff’s take as an assessor

13:56 Kat’s take as an assessor

15:41 Flee’s take as a CISO

21:13 Understanding perspectives from all parties

28:10 Sharing problems upstream/Audits vs. Assessments

34:48 Flee’s take on “governance vs. doctrine”

37:43 Risk register – training for self sufficiency

42:40 Get in touch!



Check out Security and Compliance Weekly!

Follow Flee on LinkedIn and Twitter

Follow Jeff Man on LinkedIn and Twitter

Follow Kat Valentine on LinkedIn

Follow Allan Alford on LinkedIn and Twitter

Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store

Learn more about Hacker Valley Studio and The Cyber Ranch Podcast

Sponsored by our good friends at AttackIQ