GRC & Me

Matt Kunkel, CEO of LogicGate, and CISO Nick Kathmann explore how governance, risk, and compliance (GRC) has evolved from a mere budget line into a pivotal business enabler. They share insights on leveraging technology for data integration to make informed risk decisions. The discussion includes strategies for bridging communication between security metrics and business goals, emphasizing a collaborative, security-centric culture. They also address burnout in cybersecurity, advocating for tech-driven solutions to enhance efficiency and work-life balance.

Netflix's Tony Martin-Vegue joins LogicGate's Chris Clarke to discuss the paradigm shift in risk analysis methods, networking in career advancement, risk quantification and decision-making, models of risk quantification, measuring risk and managing change, addressing risks and a risky scenario in Black Mirror, choosing between The Great British Bake-Off and Nailed It based on risk factors, and examining the likelihood of cyber risk origination.

They say it takes a thief to catch a thief, so why not a hacker to catch a hacker? That was the premise behind Ted Harrington’s Independent Security Evaluators, a company dedicated to poking holes into other companies’ cyber defenses — for the right reasons, of course. On this episode of GRC & Me, Ted takes LogicGate’s Chris Clarke on a journey down the benevolent hacker’s rabbit hole, where they discuss:The difference between white box and black box testing (and which is better.)Why carrying these exercises out can build trust and become a competitive advantage in third-party risk assessment.Why it’s important to shift your mindset from one that views security as an obstacle to one that views it as an opportunity.Uncovering the unknown unknowns in cybersecurity.How “defense in depth” strategies can put security teams a step ahead of threat actors.The four traits that lead hackers to be successful, and why thinking like one can be an effective way to bolster your cyber defenses.

Ginger Kerrick, Chief Strategy Officer at Barrios Technology and former NASA expert, shares her thrilling journey of managing risks in space missions. She discusses how NASA employees are trained to think logically during crises and the importance of strong leadership in risk management. Ginger also highlights the lessons learned from past disasters that inform future planning, and she dives into the challenges of managing space debris while fostering a culture of safety and innovation. Her insights offer a fascinating glimpse into the complexities of space exploration.

Allstate Canada's Chief Risk Officer, Jason Wang, discusses the importance of holistic risk assessment and strategic risk management in the financial sector. Topics include building a comprehensive risk register, positioning risk management as a strategic enabler, and the need for chief risk officers on the executive team.

When doing business with the federal government and its myriad agencies, organizations are bound to run into plenty of mandates, regulations, and other requirements. Navigating them all can cause a headache for even the most detail-oriented compliance managers.On this episode of GRC & Me, Chris Clarke is joined by Intel Federal’s Compliance Program Manager, John Griffin. Griffin draws on his decades of experience in federal contracting and working with government agencies at companies like Honeywell and Boeing to explore methods for better managing product development and performing diligence on third-party vendor relationships while operating under strict and stringent government standards and requirements. Plus, learn a few of Griffin’s more creative methods for determining how risky a particular organization might be to work with.

Oftentimes, cyber risk teams are viewed as reactive “audit police,” swooping into projects to flag risks and forcing changes at key points. This approach can generate a resentful — even toxic — risk culture. There’s a better way to build healthier risk cultures: Taking a more collaborative, embedded approach to cyber risk management by positioning cyber risk leaders as advisors and partners, working side-by-side with project teams from the start.On this episode of GRC & Me, Chris Clarke is joined by Cyberpink’s Founder & Owner, Praj Prayag-Deb, to discuss how to shift your organization’s risk culture toward this new approach, her formula for building successful cyber risk programs from scratch, how leveraging the right technology makes it all possible, and why adopting a growth mindset is critical for every cyber risk leader.

This podcast episode discusses the importance of cyber risk quantification in cybersecurity programs. The speakers explore how risk quantification leads to better risk decision-making, reducing reactivity and improving communication across organizations. They also discuss the use of risk quantification for positive business incentives and strategic decisions, equipping leaders for operational resilience, the risks and benefits of AI in organizations, and the interplay between cybercrime and emerging technologies in GRC.

With information and cybersecurity incidents growing in frequency and severity, regulators in the European Union are hard at work devising new rules designed to incentivize organizations to harden their cyber defenses.On this episode of GRC & Me, Megan Brown sits down with Wizz Air’s Andras Szabolcs, Cyber Risk Expert, and Peter Szigetvari, Operational Risk Expert, to break down the similarities and differences between two of these new European Union regulations — the Digital Operational Resilience Act, or DORA, and Network and Information Security Directive 2, or NIS2 — how they could affect nearly every company despite their official scope, and how organizations can prepare to comply with them using modern GRC technology.

Dorian Cougias, CEO of United Compliance Framework, and host Chris Clarke discuss the risks and rewards of AI in business automation, including the importance of double-checking generative AI output, knowledge levels in compliance tasks, AI terminology, ethics in AI, and the use of AI in compliance processes.