GRC & Me

Have you ever wondered what exactly holistic GRC is? What does it look like, and do people really mean when they say a “holistic GRC program”?In this episode of GRC & Me, returning guest Dustin Owens, VP of Cyber Risk and Resilience at Kivu Consulting, will break down all the what's, how's, and why's regarding holistic GRC programs and platforms. Dustin also shares some GRC stories about how companies use a holistic GRC approach to achieve business outcomes.

Have you ever worried about how you should communicate risks to the board? How much data can they handle?In this episode of GRC & Me, we are joined by Richard Seiersen, who has previously worked for Twilio, GE, and LendingClub as CISO, was a co-founder of Soluble that was acquired by Lacework in 2021, and is currently the Chief Risk Officer at Resilience Insurance. His books include How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto: Confronting Security with Data. Together with Mark Tattersall, VP of Product at LogicGate, we get the skinny on what kind of conversations are happening at the board level and what they really want to see and hear, plus, the rise of insurtech, technology being a driver for consistency, and how all these topics inspired Richard to write his books.

Do you see cybersecurity troubled waters coming your way but don’t know how to navigate the storm? With a good course charted, a strong and united crew, and a savvy captain you can navigate even the scariest of threat seas.In this GRC & Me episode, we are joined by Adam Gladsden, a third-party risk advisor who heads up the risk advisory practice at SecurityScorecard. Adam guides us as we look at the current cyber threat landscape, the connection to the enterprise's third-party and cyber risks, and how it affects all risk categories. We also discuss how organizations can improve and mature their third-party risk programs.

Learn how risk quantification can help organizations prioritize risks, the limitations of qualitative risk assessment, the use of the Monte Carlo method to reduce uncertainty, quantifying risk based on financial impact, and the importance of cyber insurance in risk management.

Charlie Meyer is LogicGate’s Implementation Services Manager. In his role, he has served at the helm of countless implementation strategies for GRC solutions. Charlie provides guidance for best practices for implementation and shares real-world examples of how companies have run successful launches with a GRC provider.While Charlie primarily works in the initial implementation process, he advises customers to maintain a relationship with their GRC provider and look for ongoing opportunities for improved services and applications.

Jason Wang, Chief Risk Officer at Synergy Credit Union, joined the financial institution  to build out and enhance its  enterprise risk management functions, including a disaster recovery and pandemic response framework — all just before the start of the pandemic.Jason’s forethought and preparation positioned Synergy to successfully navigate COVID-19.In this episode of GRC & Me, Jason shares his experiences chairing Synergy’s COVID-19 Committee and discusses how to evaluate new risks that have emerged within your company in the aftermath of the pandemic. Jason also speaks to the importance of understanding Environmental Social Governance (ESG), why it’s here to stay, and what you should be doing about it.Jason believes that everyone is a risk manager in your organization and provides strategies to help you create company-wide buy-in for mitigating risk and protecting your data.

Dustin Owens’ extensive background in GRC began with an undergraduate degree in computer information systems. When he realized programming wasn’t his professional calling, he transitioned to the security and cybersecurity space — now, he’s accrued 25 years of experience in the field. After being introduced to risk quantification in 2003 as part of the National Security Agency’s INFOSEC Assessment Methodology, Dustin hasn’t looked back. As LogicGate’s Principal GRC Architect, he focuses heavily on how risk quantification can help obtain consistent risk findings that are accurately defined in monetary terms.In this episode of GRC & Me, Dustin breaks down why organizations have much to benefit from adopting risk quantification practices to better assess, manage and respond to risk. Plus, it helps organizations better prioritize the activities that require more attention and investments.“It makes it very easy to compare risk mitigation activities and whether they do risk acceptance or transfer risk, based on the amount of impact that that risk has to the business,” explains Dustin,” which allows organizations to “see if it makes sense to go in one direction versus another.”

LogicGate’s Chief Marketing Officer Gina Hortatsos joins the podcast to discuss the findings. One of the surprising results is that while the vast majority (91%) acknowledged the importance of GRC programs to their organization, but only 45% of survey respondents said their current programs are extremely effective.

How can you best articulate the value of your security program to non-security professionals in your organization? Or even to board members?It starts with asking questions. Five of them, to be exact.Emily Heath, DocuSign’s Chief Trust & Security Officer, covers five questions or pillars to ensure you’re able to confidently speak about your company’s security program.In this episode of GRC & Me, Emily returns to the podcast to discuss her advice for organizations seeking to drive transparency and competence with both their board of directors and customers. Because the pandemic has changed the risk landscape, Emily believes that the world of GRC must become more resilient. By that, she means organizations should improve their ability to rebound with minimal impact to business. A global pandemic has taught both organizations and people that risk is everywhere. And while Emily, who also serves on the board of directors for LogicGate and NortonLifeLock, is determined to help organizations prepare for risks, she also finds time for the small things, such as the cooking blog she began during the pandemic.

Brian Clark has had a front-row seat to both sides of the regulatory compliance coin: He was a regulator during the post-financial crisis in 2008. Years later, he transitioned to being a chief compliance officer and general counsel.With such varied experience, the president and founder knew exactly what he set out to solve when he founded Ascent in 2015: simplifying the knowledge work required to keep up with regulations and maintain compliance. To help clients build and automate repeatable compliance programs, Ascent employs artificial intelligence (AI) to produce knowledge sets and streamline processes — for example, it can produce an output in two minutes for a task that could take humans thousands of hours (it’s true!)In an episode of GRC & Me, Brian explains why AI is the right tool for the job because it allows “people to unlock their potential and their time to focus on different activities.”