GRC & Me

In the Season 2 premiere of GRC & Me, Megan is talking to John Mumford, Chief Risk Officer at Fellsway Group, a Boston-based consulting firm. Listen in as John discusses why GRC professionals today are hungry for a new way of thinking about risk compliance, how to tackle cyber risk as a business risk, and his passion for risk-taking - not just in business but on the ice rink, too.

In this special episode of GRC & Me, Megan sits down with LogicGate CEO Matt Kunkel and CMO Gina Hortatsos to discuss how a risk management company is handling the COVID-19 pandemic. Matt and Gina walk us through their reactions when the news broke about the pandemic, the free Business Continuity Plan offer for LogicGate customers, and the challenges of leading a company during the statewide shelter-in-place order.

Top 3 Quotes“Trust really is ‘security, compliance, and privacy’—it's the three-legged stool.”“The ‘compliance’ is a byproduct [of risk], ‘governance’ is the way you operate, but how you truly define ‘risk’ is where the focus is.”“Sensitive data being pushed around an organization through e-mails and spreadsheets—that kind of model is not sustainable.”Show Highlights[01:43] From a detective in England to Chief Trust & Security Officer at DocuSign[03:17] Duties and responsibilities of a Chief Trust Officer[04:26] Evolution of GRC[05:26] Exciting trends in GRC[06:42] “Duct tape and bubble gum” concept is alarming[07:30] What compelled Emily to join LogicGate’s Board of Directors?[08:57] Advice for women in tech who are seeking leadership roles[11:15] A little birdy told us...Resources:Connect with Emily on LinkedInConnect with Emily on TwitterDocuSign

Top 3 QuotesThere's a number of players providing solutions, but only a small number of true winners that will emerge to set this new standard for usability and effectiveness combined with affordability.Risk and compliance needs change so fast that the technology has to be flexible enough to keep up.The market is wide open for a company to set the pace for the rest of the pack and for the industry.Show Highlights[01:26] Karry's humble start[03:44] What lead Karry to the GRC space[04:50] The emergence of SaaS as a business model and how Karry got involved with it[06:18] Why GRC is a perfect fit for SaaS delivery model[07:34] What is exciting about GRC today?[08:33] Where else the market is going in the future?[09:27] Karry's one element that instills positive cultureResources:Connect with Karry on LinkedInConnect with Karry on TwitterKarry’s LogicGate Profile

Top 3 QuotesRisk assessment is not the same thing as conducting an assessment of your compliance program.The risk assessment is not designed to be an audit of every activity your company is doing; it’s designed to scan across the breadth of what your company is doingThe skill-set needs are changing.Show Highlights[01:41] Jack shares what led him to risk and compliance as a career path.[03:51] How Jack crossed paths with LogicGate founders.[04:34] Jack explains what is RAMP and how it benefits clients today.[06:19] How companies can adopt continuous improvement within their compliance programs according to Jack.[08:58] Some more examples of what you can do for continuous improvement.[10:13] How things are changing in the near, medium and long term future in the risk and compliance world.[13:24] The processes clients and companies have taken to ensure success and enabled them to move forward.[15:00] A brief origin of Jack's other talent.Resources:Connect with Jack on LinkedInConnect with Jack on TwitterConnect with Deloitte on LinkedInDeloitte USDeloitte UKNavigant ConsultingHuron ConsultingKPMGLogicGateMatt Kunkel LinkedIn

Top 3 Quotes“I'm a firm believer that cyber security is very much a journey.”“Do the basics and do them well—that's a strong foundation.”“Doing security from a sustainable point of view is trying to develop the right people, the right processes and technologies, which would allow for cyber resilience against whatever the threat landscape might be.”Show Highlights[01:12] How Dominic got into his current position[02:35] The answer to Megan's million dollar question[03:16] Dominic shares his favorite story[04:32] How small businesses can develop cyber security while staying in budget[05:34] Megan agrees that CIS control set is a great tactical and practical way to begin[06:14] Differentiating cyber security from corporate and enterprise needs[08:18] Security issues in Canada and how it differs from anywhere else in the world[09:30] What keeps Dominic up at night[10:52] What is sustainable security and how to attain it[12:18] Dominic tells how he got into comedyResources:Cyber SCConnect with Dominic on LinkedInConnect with Dominic on TwitterCyber SC FacebookCyber SC TwitterCyber SC YouTube Channel

Top 3 Quotes“The more that you can show your customers that you're being a good steward with their data, the more they're likely to trust you. And from a reputational standpoint and a branding standpoint, that's always one of the best benefits and one of the reasons that consumers will choose one product or service over the other.”“And I think if you look carefully, the CCPA is quite a blessing. It helps reduce expenses and monetize the information life cycle because you have a better understanding of what's under the hood in your company.”“...you know there's not one silver bullet when it comes to preparing data for an information governance strategy, IG is essentially a multidisciplinary type of approach.”Show Highlights[01:28] Rafael’s background in law and consulting[02:35] Discussing Rafel’s company and beginnings[04:36] The “Olympics of Privacy” [05:59] A watershed moment in Compliance and Privacy[08:05] Rafael’s personal connection to records in California [09:05] The incredible moment Rafael received his birth records[12:00] The “blessing” of CCPA[14:11] Rafael’s personal opinion of CCPA[16:19] Best practices for privacy and policy management[19:30] Policy management systems[21:04] How to read more about Rafael’s thoughts on these issues[22:58] The Little Girl With The Big Voice[24:03] Vendor Risk Management [25:00] Being mindful of what’s outside your company walls as well as what’s within themResources:Connect with Rafael on LinkedInConnect with Rafael on TwitterRafael’s WebsiteThe Little Girl With the Big Voice

Top 3 Quotes“Ultimately, you wouldn't go through any of these assessments unless it's driving business.”“You don't want to be more secure just so you can be more secure, it's got to be a part of your overall business plan.”“You have to start looking at this as a positive business driver instead of something that is just a line item that costs money at the end of the year.”Show Highlights[01:15] How Bryan got to where he is now[01:54] SAS 70 Solutions was born[03:18] Bryan starts with Abacode[04:21] The trend Bryan is witnessing in cybersecurity[05:28] How companies determine what to apply[07:01] What is FedRAMP?[08:31] The FedRAMP process[10:36] What to do internally before seeking outside counsel[12:39] Bryan's value for customers in the market today[15:41] GRC best practices and cybersecurity trends[17:54] A different type of security that Bryan provides!Resources:Connect with Bryan on LinkedInAbacode Cybersecurity WebsiteAbacode Cybersecurity LinkedInAbacode Cybersecurity TwitterAbacode Cybersecurity FacebookTampa Bay Dalmatian Rescue

Top 3 TakeawaysTransparency is very important to consumers right now. You want to make sure that you're clear about what's happening to personal information.Have a full and complete understanding of who you share information with.You don't want to be held liable for a vendor who misused data.Show Highlights[00:50] Sharing Donata’s background[02:12] The nitty-gritty of regulations[03:30] The CCPA Bill exodus[05:49] Who does the CCPA Bill apply to?[06:50] How does the CCPA affect consumers today?[07:45] The fundamental differences between CCPA and GDPR[10:40] CCPA penalty provisions[11:52] Top three tactical tips to ensure compliance[15:34] Will there be swifter actions for non-compliant companies?[17:29] CCPA as a bellwether for future regulations.[19:24] Trends to anticipate[22:32] How Donata and Termageddon works with folks[24:05] Termageddon's origin and the impetus behindResources:TermageddonConnect with Termageddon on TwitterConnect with Termageddon on FacebookConnect with Donata on LinkedInUS Federal Privacy Law TrackerGDPRCCPA

Top 3 Takeaways Defensibility is the ultimate concept that everybody drives to—whether they say it out loud or not. In the security landscape we see today, there are many opportunities for improvement. Even when I employ all of my resources, even when I put my best foot forward out there, failures can occur in my ability to protect data. Show Highlights [00:47] Neil introduces Asureti. [01:23] What is SRCP? [02:45] Do organizations have solid strategy around GRC principles today? [04:50] The functions that need to be in place. [07:36] The concept of "Good enough can be the cool." [09:30] What should organizations be thinking about in terms of preparedness or potential consequences? [11:09] The cliche of "Nothing bad has ever happened before.'' [12:54] Neil's encouragement to everyone. Resources: Asureti Website Connect with Neil on LinkedIn