Matt Hillary, CISO of Drata and expert in trust management, dives into the evolution of Governance, Risk, and Compliance (GRC). He discusses using AI to tackle compliance challenges and streamline processes. Hillary emphasizes the importance of customization in GRC programs and warns against common pitfalls. He also addresses the mental health challenges GRC professionals face and highlights the need for self-care. Listeners will gain valuable insights into building effective compliance strategies that positively impact business outcomes.
46:30
forum Ask episode
web_stories AI Snips
view_agenda Chapters
menu_book Books
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Matt Hillary's Career Journey
Matt Hillary shared his diverse journey from Ernst & Young to AWS and multiple tech companies before joining Drata. - He highlighted being customer zero of Drata's platform and leading its IT security and privacy teams.
insights INSIGHT
GRC Evolution and Automation
GRC programs evolved from manual single-framework compliance to integrated multi-framework control mapping. - Modern GRC platforms enable continuous compliance and reduce audit anxiety by automating control tests and evidence collection.
volunteer_activism ADVICE
Embrace Continuous Compliance
Implement continuous compliance by integrating GRC tools with source systems for daily control effectiveness checks. - Use automation to shift from reactive audits to proactive, ongoing compliance management.
Get the Snipd Podcast app to discover more snips from this episode
This book provides a practical framework for quantifying cybersecurity risks using mathematical methods. It challenges traditional qualitative risk assessment approaches and advocates for a more data-driven approach. The book introduces concepts like the Applied Information Economics Method and Monte Carlo simulations to help professionals make better-informed decisions. It also addresses common challenges in risk management, such as dealing with uncertainty and limited data. The book is valuable for cybersecurity professionals, risk managers, and anyone interested in improving decision-making under uncertainty.
The Failure of Risk Management
The Failure of Risk Management
Doug Hubbard
In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.
Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/
CISO Tradecraft®