Measuring Cybersecurity Risks: The Relevance of GRC

Sep 12, 2023

In this episode, Joshua Copeland, Director of Cyber at AT&T, discusses the role of Governance, Risk, & Compliance (GRC) in cybersecurity. GRC helps organizations make informed decisions about resource allocation and aligns cybersecurity investments with an organization's risk profile. Understanding risks is crucial to effective risk mitigation, rather than blindly investing in the latest cybersecurity tools. The episode also explores challenges in maintaining cybersecurity in highly regulated industries and the value of real-world experience and diverse students in cybersecurity education.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 3min

Cybersecurity Vulnerabilities and Updates

02:53 • 20min

Challenges of Security in Highly Regulated Industries

22:38 • 2min

The Value of Real-World Experience and Diverse Students in Cybersecurity Education

25:04 • 11min

Continuous Learning and the Value of Coding

36:13 • 20min

Understanding Service Delivery and Dealing with Problems in a Cultural Shift

55:53 • 2min

Taking Responsibility and Challenges in GRC and Cloud Environments

57:59 • 3min

Welcome to our latest podcast episode (Episode 27), where Joshua R. Nicholson (https://www.linkedin.com/in/joshuanicholson/) embarks on an insightful journey through the dynamic world of #cybersecurity. Our distinguished guest, Joshua Copeland, brings his battle-tested expertise and extensive experience to the forefront. As the Director of Cyber at AT&T, Joshua plays a pivotal role in shaping security solutions for State, Local, Tribal, and Territory (SLTT) entities. In this episode, our two Josh's delve into the critical role of Governance, Risk, & Compliance (GRC) in navigating the cyber landscape. Joshua Copeland provides valuable insights into how GRC serves as a compass, guiding organizations to make informed decisions about where to invest their resources. GRC helps identify vulnerabilities, weaknesses, and risks, providing a roadmap for strategic investments in cybersecurity. Youtube video podcast (https://www.youtube.com/channel/UCp94j2q_-F4SwvxgQYI_8Cg) As Joshua Copeland aptly puts it, GRC helps quantify and understand the true nature of risks. Without this understanding, organizations may find themselves merely throwing money at the latest cybersecurity tools and gadgets. While cool toys and cutting-edge technology are appealing, they must align with an organization's unique risk profile and vulnerabilities. To effectively mitigate risks, organizations need to intrinsically comprehend their risks, their potential impacts, and the available mitigation strategies. This understanding enables them to select the right cybersecurity solutions tailored to their specific requirements. It's not always about having the most expensive Ferrari; it's about having the right tool for the right job, efficiently addressing the identified risks. But our episode doesn't stop there. Before we delve into Joshua's invaluable insights, we dissect the events of August 2023's Patch Tuesday from Microsoft. This episode explores the two zero-day vulnerabilities and a staggering 87 flaws addressed during that release. As we eagerly anticipate September's Patch Tuesday, we reflect on Microsoft's handling of these vulnerabilities, including the intriguing fact that only six were rated as critical. Our discussion extends to major updates from other industry players, including Adobe's security updates for Microsoft Acrobat Reader, AMD's security enhancements for new hardware, and Cisco's necessary security updates for their VPNs due to ongoing vulnerabilities exploitation. Join us for a thought-provoking discussion with Joshua Copeland, touching on cybersecurity insights, hiring practices, leadership, and pathways into the field. Discover how Joshua, an adjunct professor at Tulane University, teaches cybercrime and cyber leadership. #cybersecurity #grc #informationsecurity