Defense in Depth

Is "Compliance Doesn't Equal Security" a Pointless Argument?

Feb 1, 2024

Derek Fisher, Executive director of product security at JPMorgan, discusses the significance of compliance in a security program and the need to go beyond minimum standards. The podcast explores the difference between compliance and security, emphasizing compliance as the minimum viable security. It also highlights the importance of compliance in the banking industry and the collaboration within the security industry. The episode concludes with a mention of sponsor Reveal Security and a discussion about the benefits of LinkedIn.

33:33

Creator website

Episode guests

Derek Fisher

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Compliance serves as a benchmark for security and provides a starting point for organizations to improve their security programs.

Compliance and security should complement each other, with compliance acting as a guide for organizations to enhance their security efforts and build a more secure environment.

Deep dives

Compliance establishes a benchmark for security

Compliance is based on well-established standards and serves as a benchmark for security. While compliance is the minimum requirement, it provides a solid beginning for organizations to improve their security programs. Adhering to compliance standards helps organizations toe a collective line and forces them to do better. Compliance ensures that organizations meet minimum security standards and can be a stepping stone towards building a strong security program.

Introduction

2min

The Importance of Compliance in a Security Program

3min

Going Beyond Compliance: Building a Secure Organization

10min

The Difference Between Compliance and Security

4min

The Relationship Between Compliance and Security

11min

The Role of Compliance and Collaboration in Security

2min

The Benefits of LinkedIn and a Playful Challenge

3min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan.

In this episode:

A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right?
Why are we so quick to dismiss compliance as simple check boxes?
Why is compliance important and why is it often getting a bad name these days?
What are the elements that make a great solution?

Thanks to our podcast sponsor, RevealSecurity!

Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

Is "Compliance Doesn't Equal Security" a Pointless Argument?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Compliance establishes a benchmark for security

Compliance and security go hand in hand

Compliance as a starting point for security

The relationship between compliance and security budgets

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

Is "Compliance Doesn't Equal Security" a Pointless Argument?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Compliance establishes a benchmark for security

Compliance and security go hand in hand

Compliance as a starting point for security

The relationship between compliance and security budgets

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights