Wednesday Dec 01, 2021
GRC: ”Now What?” w/ Security & Compliance Weekly
This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host. A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’. In that episode, found here, they take a deep dive into GRC in terms of understanding is purpose and value.
In this crossover episode, the group continues the conversation to talk about “GRC: ‘Now what?’ (The cultural impact and implementation, risk register, achieving actionable results and much more).
Join Allan and the Security & Compliance Weekly team as they dive into overcoming cultural barriers, a continued conversation on the order of priority (“RGC” vs. “GRC”, for example), and enlisting allies in the business.
Key Takeaways:
2:20 Implementing GRC culturally – Flee's take
4:13 Jeff’s take
6:16 Kat’s take
10:43 The CISO – Turning compliance data into actionable results – Jeff’s take as an assessor
13:56 Kat’s take as an assessor
15:41 Flee’s take as a CISO
21:13 Understanding perspectives from all parties
28:10 Sharing problems upstream/Audits vs. Assessments
34:48 Flee’s take on “governance vs. doctrine”
37:43 Risk register – training for self sufficiency
42:40 Get in touch!
Links:
Check out Security and Compliance Weekly!
Follow Flee on LinkedIn and Twitter
Follow Jeff Man on LinkedIn and Twitter
Follow Kat Valentine on LinkedIn
Follow Allan Alford on LinkedIn and Twitter
Purchase a Cyber Ranch Podcast T-Shirt at the Hacker Valley Store
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Sponsored by our good friends at AttackIQ