"Compliance is the security referee - frameworks are the playbooks."
In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.
Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.
Here are some highlights from the episode:
What GRC actually means - and why governance is the most misunderstood part
Why people who say "compliance isn't security" are missing the point
How explaining the "why" of cybersecurity controls aids in acceptance
Why data retention policies can protect you from major legal headaches
And yes… a story about how Tim accidentally ransomwared himself 🙃
This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together!
I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments.
Podden och tillhörande omslagsbild på den här sidan tillhör
Jacob Hill. Innehållet i podden är skapat av Jacob Hill och inte av,
eller tillsammans med, Poddtoppen.