The GRC Podcast Mark Graziano
-
- Technology
Governance, Risk, and Compliance (GRC) is boring, uninspiring and bureaucratic – at least that’s what you’ve probably been told. In reality, GRC is a dynamic security discipline, which requires professionals to develop a deep understanding of their business, products, colleagues, and customers to be successful. Join Mark Graziano, as he partners with incredible security champions to challenge the GRC industry stereotype and outline security career and program strategies you can implement today.Visit www.thegrcpodcast.com for more information
-
Say the Taboo: Vendor Risk Management is Bullsh*t
In today's episode we take a candid look at the efficacy of vendor risk management programs in the face of breaches. This time, we're reflecting on a conversation that pushed me out of my comfort zone and made me question the very fundamentals of vendor risk management. The startling realization that the well-trodden path of best practices might not hold all the answers spurred a much-needed debate on whether it's time to disrupt the status quo and embrace a more proactive stance in man...
-
Beyond the Numbers: Balancing Metrics with Intuition in GRC
Ever found yourself in a tug-of-war between hard numbers and gut instinct? Brace yourself for a candid journey into the world of data, as we uncover the truth behind the numbers that drive our decisions. This episode is not just another number crunching monologue; it's a story-rich exploration of how metrics can mislead and the power of anecdotal evidence, as demonstrated in a memorable moment with Jeff Bezos and Lex Friedman.With a dynamic blend of personal anecdotes and professional insight...
-
Small Steps, Big Impact: The Path to Smart GRC Automation
In this episode we unpack the often overlooked value of starting with manual routines in GRC and the strategic path to effective automation.Key Takeaways:The Value of Manual Work: Although manual work is often viewed with disdain, it holds significant value in understanding the nuances of GRC processes. Manual routines force a deeper engagement with the components of a process, leading to a more comprehensive understanding of what "better" truly looks like.Understanding Before Automating: Jum...
-
The Intersection of Compliance and Security
In this episode, we delve into a widely accepted notion within the industry: the idea that compliance is not equivalent to security. While I don't disagree with this perspective, our discussion draws attention to the fact that compliance frameworks didn't just appear out of nowhere; they were developed in reaction to recurring detrimental effects on consumers.We explore this concept further using one of my favorite analogies—the shopping cart theory—to underscore the importance of self-govern...
-
Reconciling Ideal Security with Practical Risk Management
Listen in as we tackle the gritty complexities of risk management within the sphere of Governance, Risk, and Compliance (GRC), highlighting the delicate dance between aspirational security protocols and the more achievable, pragmatic solutions. This discussion takes place through the lens of PCI DSS compliance and examines the interplay of power, liability, and practicality as companies navigate the prescriptive demands of payment card brands. This insights highlight the complex layers of ris...
-
Don't Think Like a GRC Professional
Unlock a new perspective on GRC that intertwines innovation with customer-centric values. This segment shines a spotlight on the integral role of user experience in governance, risk, and compliance, advocating for a business approach that isn't merely beneficial but fundamentally the right thing to do. Drawing from the wisdom in Tony Fadell's book 'Build', the episode intricately examines the strategic decisions that kept Nest afloat, highlighting the broader implications for solution minded ...