December 1, 2021

GRC: ”Now What?” w/ Security & Compliance Weekly

by Cyber Ranch

Listen Now


Show Notes

This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host.  A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’.  In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value.

In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?’ (The cultural impact and implementation, risk register, achieving actionable results and much more).

Join Allan and the Security & Compliance Weekly team as they dive into overcoming cultural barriers, a continued conversation on the order of priority (“RGC” vs. “GRC”, for example), and enlisting allies in the business.


Key Takeaways:

2:20 Implementing GRC culturally – Flee's take

4:13 Jeff’s take

6:16 Kat’s take

10:43 The CISO – Turning compliance data into actionable results – Jeff’s take as an assessor

13:56 Kat’s take as an assessor

15:41 Flee’s take as a CISO

21:13 Understanding perspectives from all parties

28:10 Sharing problems upstream/Audits vs. Assessments

34:48 Flee’s take on “governance vs. doctrine”

37:43 Risk register – training for self sufficiency

42:40 Get in touch!



Check out Security and Compliance Weekly!

Follow Flee on LinkedIn and Twitter

Follow Jeff Man on LinkedIn and Twitter

Follow Kat Valentine on LinkedIn

Follow Allan Alford on LinkedIn and Twitter

Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store

Learn more about Hacker Valley Studio and The Cyber Ranch Podcast

Sponsored by our good friends at AttackIQ

Read more

Recent Episodes

March 22, 2023
by Cyber Ranch

This episode is a story about an entire vendor encounter gone horribly wrong.  Allan is joined by Paul Moreno, VP of InfoSec at Catawii, formerly SVP of Cybersecurity at Adyen, investor and advisor.  Paul found a cybersecurity vendor.  Paul found goo...

March 15, 2023
by Cyber Ranch

Join Allan and Dr. Mike Brass (whose degree is in archaeology!) as they jointly explore the technical side of the house vs. the GRC side of the house, noting that GRC can be a great path to CISO. Hear Mike's journey from IT technician to GRC to CISO....

March 8, 2023
by Cyber Ranch

We have this idea that we can be perfect.  And we know that idea is unsound.  So we settle for imperfection.  But are we doing that purposefully?  Do we have a conscious plan for embracing imperfection?  How can we, as cyber professionals, embrace ou...

March 1, 2023
by Cyber Ranch

In this episode, Allan is joined by Omkhar Arasaratnam, a force in the industry and an expert in the intersection of software and security (you may remember Omkhar from an earlier show about supply chain security). They challenge each other to a game...

February 22, 2023
by Cyber Ranch

Join Allan, Shaun Marion (CISO of McDonald's) and ChatGPT itself for a lively conversation about the implications of this new tool, AI in general, and nuances about ChatGPT's usage. Even after controls were put into place to prevent ChatGPT from help...

February 15, 2023
by Cyber Ranch

How important are communications after your company has been breached?  They can make or break customer perception, and the perception of the world.  Bad communications are perceived as bad intent. Joining Allan this week is Heather Noggle, owner of ...

February 8, 2023
by Cyber Ranch

Do you want to be a CISO one day?  Are you a CISO today who wants to strengthen your ties into the rest of the business?  The Business Information Security Officer (BISO) role is one you should explore. The role can vary quite a bit, as you will hear...

February 1, 2023
by Cyber Ranch

Joining Allan today are two folks who are passionate about leadership – not just practicing good leadership, but instilling good leadership in future generations.  Joey Rachid is CISO in the ecommerce and financial services industry, is on advisory b...

January 25, 2023
by Cyber Ranch

This week Allan is joined by Nipun Gupta, and industry veteran who has been a consultant, practitioner, vendor, advisor and investor. The topic is "What are we really protecting in cyber?" and the nuances of that question are explored in depth - as w...

January 18, 2023
by Cyber Ranch

This week, Allan is joined by Peter Schawacker, CEO @ Nearshore Cyber, former CISO, advisor to MSPs, etc.  Another one of Allan's illustrious guests with 25 years in cyber.  (  The topic started as all that th...