Governance, Risk, and Compliance (GRC) is boring, uninspiring and bureaucratic – at least that’s what you’ve probably been told. In reality, GRC is a dynamic security discipline, which requires professionals to develop a deep understanding of their business, products, colleagues, and customers to be successful. Join Mark Graziano, as he partners with incredible security champions to challenge the GRC industry stereotype and outline security career and program strategies you can implement tod ...
…
continue reading
1
Say the Taboo: Vendor Risk Management is Bullsh*t
6:10
6:10
Play later
Play later
Lists
Like
Liked
6:10
In today's episode we take a candid look at the efficacy of vendor risk management programs in the face of breaches. This time, we're reflecting on a conversation that pushed me out of my comfort zone and made me question the very fundamentals of vendor risk management. The startling realization that the well-trodden path of best practices might no…
…
continue reading
1
Beyond the Numbers: Balancing Metrics with Intuition in GRC
8:15
8:15
Play later
Play later
Lists
Like
Liked
8:15
Ever found yourself in a tug-of-war between hard numbers and gut instinct? Brace yourself for a candid journey into the world of data, as we uncover the truth behind the numbers that drive our decisions. This episode is not just another number crunching monologue; it's a story-rich exploration of how metrics can mislead and the power of anecdotal e…
…
continue reading
1
Small Steps, Big Impact: The Path to Smart GRC Automation
7:37
7:37
Play later
Play later
Lists
Like
Liked
7:37
In this episode we unpack the often overlooked value of starting with manual routines in GRC and the strategic path to effective automation. Key Takeaways: The Value of Manual Work: Although manual work is often viewed with disdain, it holds significant value in understanding the nuances of GRC processes. Manual routines force a deeper engagement w…
…
continue reading
In this episode, we delve into a widely accepted notion within the industry: the idea that compliance is not equivalent to security. While I don't disagree with this perspective, our discussion draws attention to the fact that compliance frameworks didn't just appear out of nowhere; they were developed in reaction to recurring detrimental effects o…
…
continue reading
1
Reconciling Ideal Security with Practical Risk Management
6:21
6:21
Play later
Play later
Lists
Like
Liked
6:21
Listen in as we tackle the gritty complexities of risk management within the sphere of Governance, Risk, and Compliance (GRC), highlighting the delicate dance between aspirational security protocols and the more achievable, pragmatic solutions. This discussion takes place through the lens of PCI DSS compliance and examines the interplay of power, l…
…
continue reading
Unlock a new perspective on GRC that intertwines innovation with customer-centric values. This segment shines a spotlight on the integral role of user experience in governance, risk, and compliance, advocating for a business approach that isn't merely beneficial but fundamentally the right thing to do. Drawing from the wisdom in Tony Fadell's book …
…
continue reading
1
The Art of Resume Writing and Applicant Strategy with Gina Gabriel
1:11:39
1:11:39
Play later
Play later
Lists
Like
Liked
1:11:39
In this conversation, Gina Gabriel shares inside information, tips and tricks for resume building that she accrued from over a decade of tech recruiting experience. Gina and I discuss the importance of resumes in career development and growth. We explore the resume review process, including what happens once job postings go live and resumes start c…
…
continue reading
1
Building Impactful Security Teams and Landing Your Dream Job with Tom Alcock
59:47
59:47
Play later
Play later
Lists
Like
Liked
59:47
Join us for an insightful exploration of Security & GRC hiring with Tom Alcock from Code Red Partners. Tom illuminates their bespoke recruitment strategy, expertly aligning Security organizations with candidates who are not just technically proficient but also a cultural fit. We delve into the ever-changing world of Security & GRC employment, deliv…
…
continue reading
1
Making GRC Your Career Superpower with Chris Honda
52:58
52:58
Play later
Play later
Lists
Like
Liked
52:58
In this episode of the GRC Podcast, we sit down with Chris Honda, a seasoned Senior Security Analyst at Whistic, who walks us through the multifaceted world of Governance, Risk, and Compliance (GRC). With his unique journey into the world of Security, Chris sheds light on the transformative nature of cultivating GRC expertise and the value those sk…
…
continue reading
1
2023 Retrospective - End of Year Highlights
39:12
39:12
Play later
Play later
Lists
Like
Liked
39:12
Join us for a special year-end episode of the GRC podcast, where we revisit some of the most significant insights and dialogues from the past year. This episode is a compilation of valuable lessons and insights that have shaped our understanding of Governance, Risk, and Compliance (GRC) and provided practical solutions to common obstacles faced by …
…
continue reading
1
Modernizing Identity and Access Management with Alex Bovee
46:55
46:55
Play later
Play later
Lists
Like
Liked
46:55
In this episode of our podcast, we sit down with Alex Bovee, the CEO and co-founder of ConductorOne, to explore the crucial problem of identity and access management, a problem that is rapidly gaining complexity in the modern digital landscape. We delve into the potential risks and vulnerabilities that surface when companies fail to manage access e…
…
continue reading
1
Demystifying Vulnerability Management with Ariel Shin
42:38
42:38
Play later
Play later
Lists
Like
Liked
42:38
Join Ariel Shin, Twilio's Product Security Team Lead, as she simplifies the complex topic of vulnerability management in governance, risk, and compliance (GRC). In this podcast, Ariel helps us grasp the various roles that stakeholders play, the essentials of policy and standards documents, and how vulnerabilities, risks, and incidents are connected…
…
continue reading
1
Bridging the Gap between GRC and Security Engineering with Jeevan Singh
1:01:49
1:01:49
Play later
Play later
Lists
Like
Liked
1:01:49
Want to discover the key to bridging the gap between Governance, Risk, and Ever wondered about the bridge between Governance, Risk, and Compliance (GRC) and security engineering? Enter Jeevan Singh, Senior Staff Security Engineer at Rippling. Through his journey, Jeevan highlights the pivotal roles of active listening, clear communication, and ment…
…
continue reading
1
InfoSec Community Engagement and Personal Brand Building with Leif Dreizler
48:00
48:00
Play later
Play later
Lists
Like
Liked
48:00
Join us for a conversation with Leif Dreizler, a dynamic figure and avid organizer in the InfoSec industry. While Leif is a skilled practitioner, his roles as a seasoned conference organizer, insightful blogger, and engaging podcast host allow his influence to extend well beyond the traditional workspace. In this episode, he generously unpacks his …
…
continue reading
1
Trust Centers, Security Transparency and Customer Enablement with Monica Smith
56:36
56:36
Play later
Play later
Lists
Like
Liked
56:36
Have you ever thought about how customer trust and security are intertwined in business? Monica Smith, Head of Security, Risk and Compliance at Asana shares insights from Asana's innovative strategies to equip you with practical tools for building unwavering customer trust and designing effective enablement programs. Monica, with her extensive expe…
…
continue reading
1
Introduction to The GRC Podcast with Mark Graziano
21:10
21:10
Play later
Play later
Lists
Like
Liked
21:10
Welcome to the first episode of the GRC Podcast! Join host Mark Graziano as he introduces himself and takes you on a journey through his career in governance, risk, and compliance (GRC) from starting at an IT help desk to creating this very podcast. In this introductory episode, Mark opens up about the ups and downs of his career and the lessons he…
…
continue reading
1
Simple, Scalable and Successful Risk Management with Daniel Redding
52:33
52:33
Play later
Play later
Lists
Like
Liked
52:33
In this podcast episode, we unravel the intricate world of risk management, shedding light on its role in our everyday lives and its influence on GRC (Governance, Risk and Compliance). Daniel Redding guides listeners through a comprehensive understanding of risk management, exploring how to effectively navigate and control it. They break down the c…
…
continue reading
1
Data Privacy Laws and AI Governance with Jake Bernardes
53:16
53:16
Play later
Play later
Lists
Like
Liked
53:16
Get ready for a dynamic conversation with our expert guest, Jake Bernardes, as we delve into the often ambiguous territory of privacy legislation. Ever considered how data collection could impact you or the younger generation? We deep-dive into this pressing topic, examining how businesses are collecting data, and the significant impact it may have…
…
continue reading
1
Security Leadership and People Management with Patrick Ayrtey
1:07:44
1:07:44
Play later
Play later
Lists
Like
Liked
1:07:44
Ready to reframe your perspective on team management? Join us as we chat with Patrick Ayertey, Business Security Lead at Twilio, who shares his journey from being an individual contributor (IC), to a manager. Patrick's unique philosophy of leadership, deeply rooted in empathy and recognizing individual personalities within a team, might just inspir…
…
continue reading
1
Vendor Risk Management and Customer-Centric GRC Principles with Steven Nguyen
1:11:03
1:11:03
Play later
Play later
Lists
Like
Liked
1:11:03
Get ready to redefine your understanding of GRC and security with our esteemed guest Steven Nguyen, Business Information Security Officer of Data Applications at Twilio. Promising to enlighten you with a fresh perspective, we delve into the complexities of vendor risk management and security sales enablement, all in the light of business improvemen…
…
continue reading
1
GRC Essentials: From the Basics to Mastery with Dustin Bailey
1:11:33
1:11:33
Play later
Play later
Lists
Like
Liked
1:11:33
Get ready for a fresh perspective on GRC as we invite Dustin Bailey, the former Security Lead at Twilio Segment, to share his expertise. Listen in as we explore how Dustin fell into GRC - or as he puts it, how GRC chose him - and how he manages to prioritize ruthlessly to extract the most value from his GRC program. Hear how he navigates the challe…
…
continue reading