Trust vs.

Autonomous AI agents are no longer science fiction, they’re already reshaping how we work, build, and protect digital systems. In this episode, Jeremy Huval and Ryan Patrick are joined again by Richard Diver, Security and Identity Strategist at Microsoft, to break down what "agentic AI" really means and why it matters now. Richard unpacks the core building blocks of agent behavior (like entitlements, autonomy, and memory) and shares where the biggest risks lie as organizations rush to adopt agent-based systems. From identity sprawl to memory poisoning and the need for lifecycle management, this episode gives insights for security and GRC leaders who want to get ahead of the next wave of AI-driven innovation.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Richard Diver: https://www.linkedin.com/in/rdiver/

Compliance shouldn’t come at the cost of security. In this episode, Leah McGrath (Executive Director, GovRAMP) and Brian Conrad (Director of Global Strategic Compliance Initiatives at Zscaler, formerly of FedRAMP) join the Trust vs. team to talk about multi-framework fatigue, the future of recognition and reciprocity, and why real cybersecurity progress depends on collaboration—not just more certifications. Hosted by HITRUST’s Ryan Patrick and Jeremy Huval, this episode dives deep into how public and private sectors can work together to reduce redundancy and get back to the real work: protecting critical systems and data.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Leah: https://www.linkedin.com/in/leah-mcgrath-in/Meet Brian: https://www.linkedin.com/in/brianhconrad/

SOC 2 might be everywhere, but is it actually working?In this episode, the Trust vs. team welcomes cybersecurity leader, author, and GRC engineer AJ Yawn to break down the state of SOC 2 today and why its greatest strength may also be its biggest weakness. AJ brings years of hands-on experience in auditing, engineering, and startup leadership to explain how SOC 2 shifted from a signal of security to a sales checkbox and what that means for TPRM. We talk about flexibility vs. consistency, outdated frameworks, why some SOC 2s are nearly useless, and how organizations can move toward better assurance by asking better questions.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet AJ: https://www.linkedin.com/in/ajyawn/Read AJ’s Book: https://www.amazon.com/GRC-ENGINEERING-AWS-Hands-Engineering/dp/B0FDLZX4BP

You can’t plan for everything, but you can build for resilience. In this episode, the Trust vs. team sits down with cybersecurity leader Wendy Nather to explore the human side of resilience. From real-world chaos and crisis response to succession planning, decision authority, and chaos engineering, Wendy shares hard-earned wisdom on what it takes to build organizations that can bend but not break.We talk about why most planning is too rigid, why psychological safety matters in cyber incidents, and how improvisation is  often a critical security skill. Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/Meet Wendy: https://www.linkedin.com/in/wendynath

If AI is already in your cybersecurity stack, are you managing the risk?In this episode, the Trust vs. team sits down with Donnie Wendt, a Cybersecurity Researcher, and author of The Cybersecurity Trinity to talk about the growing risk surface AI creates. From data poisoning and third-party ML vulnerabilities to the real-world limits of vendor questionnaires, Donnie breaks down why traditional security frameworks fall short in an AI-enabled world. He shares insights from his research, the dangers of skipping AI assurance, and the mindset shift organizations need to secure tomorrow’s tech today.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/Meet Donnie: https://www.linkedin.com/in/dr-donnie-wendt/ 

What if the way we’ve been measuring cybersecurity risk is fundamentally flawed? Too often, organizations rely on color-coded charts and gut instinct to make critical risk decisions leading to a false sense of confidence and missed opportunities for real insight.In this episode, we’re joined by Douglas Hubbard, creator of the Applied Information Economics (AIE) method and founder of Hubbard Decision Research. Doug is also the author of How to Measure Anything in Cybersecurity Risk, and he breaks down why risk matrices fall short, how most people misunderstand measurement, and what organizations can start doing right now to make smarter, data-driven decisions (no math degree or massive data set required!).Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/Meet Doug: https://www.linkedin.com/in/dwhubbard/Get a copy of How To Measure Anything In Cybersecurity 

Is your third-party risk management process ready for the age of AI? In this episode of Trust vs., Jeremy, Robert, and Ryan sit down with industry leader Laz to unravel the complex (and often chaotic) intersection of artificial intelligence and third-party risk. They explore how AI is amplifying both risk and opportunity in vendor governance, what organizations get wrong about ownership and collaboration, and how to move from reactive defense to strategic offense. Packed with practical insights and bold commentary, this episode challenges listeners to rethink how they're managing risk in a world where AI is already deeply embedded- whether they know it or not.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/Meet Laz: https://www.linkedin.com/in/iamlaz/

Kicking off Season 3 of Trust vs. with a bang, the team dives straight into one of the most pressing changes on the horizon for healthcare cybersecurity: the proposed updates to HIPAA. Hosts Jeremy Huval, Robert Booker, and new regular voice Ryan Patrick explore what the Notice of Proposed Rulemaking (NPRM) really means for covered entities and business associates. Is this HIPAA 2.0, or just long-overdue regulatory catch-up? The trio unpacks the implications of outdated safeguards, AI blind spots, and the broader need for industry-government collaboration to strengthen trust and assurance in the healthcare ecosystem.Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/

Cyber threats are evolving fast and compliance alone isn’t enough. This season on Trust vs., HITRUST’s Robert Booker, Jeremy Huval, Ryan Patrick to explore how to build true cyber resilience in a world transformed by AI, rising vendor risk, and outdated frameworks. It’s time to go beyond checkboxes and build trust that lasts.

In today’s world, the demand for skilled cybersecurity professionals has never been greater, yet the gap between that demand and the available talent continues to grow. In this episode, we sit down with M.K. Palmore, an advisor, cybersecurity leader, and host of The Leadership Student podcast, to explore innovative ways to close this gap. M.K. shares insights on attracting new talent to the field, making cybersecurity careers more accessible, and preparing the next generation for the complexities of defending digital frontlines.Meet MK:https://www.linkedin.com/in/mkpalmore/The Leadership Student Podcast: https://podcasts.apple.com/us/podcast/the-leadership-student-podcast/id1685389339Meet Jeremy: https://www.linkedin.com/in/jeremyhuvalMeet Robert: https://www.linkedin.com/in/robertbooker/