32 min
Episode 14 - Surviving Audits 101: The Do’s, Don’ts, and Strategies for Seamless Security Compliance Comply or Die
-
- Technology
In this episode of Comply or Die, host Kyle Morris interviews guest Raymond Cheng, a seasoned professional with over 10 years of experience in cybersecurity and compliance.
Raymond shares insights from his extensive career, working with Big Four accounting firms, global tech giants like Google and Salesforce, and his current venture, Decrypt Compliance.
The conversation covers the evolution of security compliance, the importance of balancing business goals with compliance, the role of auditors, and valuable tips for navigating audits successfully.
Topics discussed:
- Raymond Cheng's diverse career journey in cybersecurity and compliance, from Big Four firms to global tech companies like Google and Salesforce.
- The importance of balancing business objectives with security compliance and the significance of strong communication and understanding in compliance management.
- The founding of Decrypt Compliance by Raymond Cheng to address the evolving needs of companies in the security compliance landscape.
- Insights into the changing IT landscape over the years, particularly the impact of cloud computing on security compliance frameworks.
- Dos and don'ts for organizations preparing for audits, including the significance of seeking expertise, understanding compliance as a programmatic process and maintaining open communication with auditors.
- Raymond Cheng's advice on what organizations should ensure and avoid when entering a compliance framework or preparing for an audit, emphasizes the importance of integrating security considerations, risk assessments, training, and feedback loops.
Key takeaways and lessons:
- Security compliance should not be seen as a one-time project but as an ongoing program that requires continuous assessment and improvement.
- Organizations should prioritize top-down commitment to security, integrate security considerations across policies and procedures, conduct regular risk assessments, and invest in training and competency checks for employees.
- Incorporating feedback loops through internal and external audits, penetration testing, and comparison with industry frameworks can help organizations identify gaps and enhance their security measures.
- When preparing for audits, organizations should avoid attempting to navigate compliance alone, understand the dynamic nature of compliance frameworks, and engage in open dialogue with auditors to maximize the value of the audit process.
- Compliance is not just about meeting requirements but aligning security practices with business objectives and customer expectations to build trust and enhance brand reputation.
Connect with Raymond Cheng:
LinkedIn: https://www.linkedin.com/in/raymondvcheng/Decrypt Compliance: https://decrypt.cpa/
Get in Touch:
Host - Kyle Morris: https://www.linkedin.com/in/morribiscuit/
Podcast Manager: https://www.linkedin.com/in/ilona-van-der-berg-b9055189/Website: https://scytale.ai/scytale-podcasts/
⭐️⭐️⭐️⭐️⭐️
Rate & follow this show, it helps others find the podcast!
In this episode of Comply or Die, host Kyle Morris interviews guest Raymond Cheng, a seasoned professional with over 10 years of experience in cybersecurity and compliance.
Raymond shares insights from his extensive career, working with Big Four accounting firms, global tech giants like Google and Salesforce, and his current venture, Decrypt Compliance.
The conversation covers the evolution of security compliance, the importance of balancing business goals with compliance, the role of auditors, and valuable tips for navigating audits successfully.
Topics discussed:
- Raymond Cheng's diverse career journey in cybersecurity and compliance, from Big Four firms to global tech companies like Google and Salesforce.
- The importance of balancing business objectives with security compliance and the significance of strong communication and understanding in compliance management.
- The founding of Decrypt Compliance by Raymond Cheng to address the evolving needs of companies in the security compliance landscape.
- Insights into the changing IT landscape over the years, particularly the impact of cloud computing on security compliance frameworks.
- Dos and don'ts for organizations preparing for audits, including the significance of seeking expertise, understanding compliance as a programmatic process and maintaining open communication with auditors.
- Raymond Cheng's advice on what organizations should ensure and avoid when entering a compliance framework or preparing for an audit, emphasizes the importance of integrating security considerations, risk assessments, training, and feedback loops.
Key takeaways and lessons:
- Security compliance should not be seen as a one-time project but as an ongoing program that requires continuous assessment and improvement.
- Organizations should prioritize top-down commitment to security, integrate security considerations across policies and procedures, conduct regular risk assessments, and invest in training and competency checks for employees.
- Incorporating feedback loops through internal and external audits, penetration testing, and comparison with industry frameworks can help organizations identify gaps and enhance their security measures.
- When preparing for audits, organizations should avoid attempting to navigate compliance alone, understand the dynamic nature of compliance frameworks, and engage in open dialogue with auditors to maximize the value of the audit process.
- Compliance is not just about meeting requirements but aligning security practices with business objectives and customer expectations to build trust and enhance brand reputation.
Connect with Raymond Cheng:
LinkedIn: https://www.linkedin.com/in/raymondvcheng/Decrypt Compliance: https://decrypt.cpa/
Get in Touch:
Host - Kyle Morris: https://www.linkedin.com/in/morribiscuit/
Podcast Manager: https://www.linkedin.com/in/ilona-van-der-berg-b9055189/Website: https://scytale.ai/scytale-podcasts/
⭐️⭐️⭐️⭐️⭐️
Rate & follow this show, it helps others find the podcast!
32 min