Compliance Unfiltered With Adam Goslin

Total Compliance Tracking
  • 5.0 (2)
  • TECHNOLOGY
  • UPDATED WEEKLY

Compliance Unfiltered is a Podcast Dedicated to Making Compliance Suck Less

  1. 5D AGO

    BEWARE: Promptware - Episode 204

    On this eye-opening episode, cybersecurity expert Adam Goslin joins Todd Coshow to reveal how AI-enabled prompts are rewriting the rules of cyber threats. Most of us are blissfully unaware that AI-driven attack vectors like "Promptware" are already lurking in everyday tools, and a simple calendar invite could secretly become a cyber weapon. If you think your devices are safe, think again. Learn how hackers are embedding hidden prompts into your favorite apps and messages, capable of turning on your camera, stealing geolocation, or even launching DDoS attacks without you realizing it.

    24 min

  2. FEB 6

    Protecting Our Kids - Episode 203

    In this crucial episode, of Compliance Unfiltered, the CU Guys cover some of the alarming tactics of online predators targeting children on platforms like Roblox and Discord. Discover how these predators build trust, impersonate kids, and manipulate them into dangerous situations. Learn about the hidden dangers in popular gaming spaces, the impact of recent exposés, and practical steps for parents to protect their children. This episode is essential listening for anyone concerned about children's safety in the digital world. Arm yourself with the truth and join the fight to protect the next generation.

    25 min

  3. JAN 30

    Imagine Using an Adaptive Compliance Tool - Episode 202

    Struggling with compliance chaos? Join the CU Guys as they uncover how adaptive solutions can transform your compliance process. In this episode, Adam shares insights from his decade of experience, revealing how to streamline compliance with dynamic mapping and adaptable tools like the TCT Portal. Learn to cut time, reduce risks, and save money by customizing workflows and eliminating redundant efforts. Perfect for compliance teams and leaders eager to see real cost savings and efficiency. Tune in to revolutionize your compliance strategy today! Episode Transcript: We're gonna chat today, Adam, about, well, about using our imagination. As a matter of fact, let's imagine using an adaptive compliance tool. Tell the folks about it. Sure. This is a topic that's, it's just, it's applicable for folks that are struggling with compliance, ones that are already familiar with the landscape, et cetera. It's a inventive and special kind of torture that people go through when you're trying to fit your compliance program into some type of a rigid structure or setup. At some point in the game, the light bulbs start going on, or maybe not, that you're spending more time screwing around with manual workarounds, bridging gaps between what you'd like to do and what you're actually doing, et cetera. And there's a lot of tooling out there and there's compliance platforms. They were built in a kind of a best case scenario mindset, initially up against a single standard, and then they started shoehorning in other ones, type of a deal. Somebody that was originally when they started doing things, this is the way they did it. So they built a whole platform around that, and now everybody that uses it is kind of stuck with it, type of a deal. So for folks that are juggling different certs or have some complexity to their engagement, they've got different divisions across the globe, et cetera, then that's where you start moving away from that kind of best case scenario type of a deal. And so it's part of the fun, the adventure that we've been on is we've seen how frustrating it can be to manage a compliance, a compliance engagement that has complexity because we've been through it ourselves. We've experienced as a organization that's gone through compliance. We've assisted and helped innumerable organizations with managing their compliance. We've worked alongside assessors and auditors. I personally spent close to two years doing level one QA work for a large international QSA firm. So it's been a rewarding adventure to navigate the waters of seeing what was out there and then being able to serve folks that are in this space. And it's also important for folks. One of the biggest things that I like to tell people is a lot of people will kind of get into this mode. They do whatever they do to be able to manage their compliance. And they get it to a point where it's almost like, I'm capable of getting this done. And so they go, oh, that's cool. We're just going to go and stick with that. So they get into this point of where it works, AKA they accomplished the objective. But my big recommendation is for those folks, especially if I look at it from the perspective of those in leadership as an example, I love to use this talking point a fair amount because I remember as a frontline person responsible for compliance for the organization, my boss would just swoop by my desk type of a deal. And hey, it's compliance season again. Good luck. Make sure that we have all our crap done by blah, blah, blah, blah, blah. And then he would flip off type of a deal. And between the good luck and where's my f*****g report, There was a whole bunch of blood, sweat, tears, pain, stress, you know, but a lot of that happened.

    41 min

  4. JAN 22

    What's the Deal with Service Accounts? - Episode 201

    On this episode of Compliance Unfiltered, The CU Guys dive into the often-overlooked world of service accounts. They explore the critical role these accounts play in organizational environments, ensuring seamless communication and authentication across systems. Adam shares best practices for setting up service accounts, including the importance of descriptive naming and secure password management. The episode also features cautionary tales from the trenches, highlighting common pitfalls and the importance of proper documentation and controlled testing. Tune in to learn how to enhance your organization's compliance and security posture by giving service accounts the attention they deserve. Episode Transcript: Well, today, Adam, we're going to talk about something a little different, specifically something we haven't chatted much about before. And that is service accounts. Why don't you give the listeners a high level overview of service accounts and what they're typically used for? Sure. So in an organizational environment, the systems will use accounts for communication, for authentication to the network, for interaction between web servers and database servers or file servers and basically look at it as the accounts that the infrastructure or software within the environment is leveraging to be able to effectively communicate with other systems and other infrastructure and all that fun stuff. So service accounts is kind of a, it's similar to your login when you come in in the morning and you log into the network, you put in your username and password and everything and then you can get to your email and get onto the network, et cetera. Similar type of notion, but it's an account that's just used by the systems within the environment. So it basically, those accounts kind of keep things ticking, communicating, moving, all of that fun stuff within an organization's environment. Sure. Now, what are some of the things that listeners should take into account when setting these accounts up? Well, you know, and this comes from, you know, from a year or three of, you know, kind of dealing with, you know, dealing with different organizations and, you know, and whatnot. Best practices as well, but, you know, just things have tripped across, etc. But, you know, as an example, you know, typically with a user's account, you would, you know, the different organizations have different methodologies, right? First name, dot last name, or first initial and last name, you know, type of a thing. And similarly, get into the habit of using descriptive names for your service accounts. So you actually know what these accounts are doing. With most accounts, there's an additional field that will be providing, like, a description of what this account's being used for. So you don't need to get too wordy with the naming of the account, but you put detailed descriptions in, you know, against those accounts so that it's really clear, you know. You got to remember, you know, a lot of times these accounts, a lot of times these accounts are set up and then people aren't, you know, aren't doing anything with them for extended periods of time. It may be years down the road and somebody's come back in and going, well, what the heck is, you know, XGK42C user account doing? No clue. So it helps if you name them appropriately, et cetera, because what I've seen in some environments, like, well, what's this being used for? Oh, let's shut it off. Yeah. So sometimes it doesn't end up well. You know, for those accounts, setting up long, complicated passwords, these are machine-based accounts. They don't give a hoot about entering in a 50-character password, you know, scrambled, you know, scrambled barf.

    25 min

  5. JAN 16

    How Hackers are Using A.I. in 2026 - Episode 200

    On this milestone 200th episode of "Compliance Unfiltered," The CU Guys delve into the evolving landscape of cybersecurity, focusing on how AI is being leveraged by both defenders and attackers. They explore the dual nature of AI, highlighting its potential to enhance security measures while also lowering the barriers for cybercriminals. From AI-generated malware to sophisticated social engineering tactics, this episode provides a comprehensive look at the current arms race in cybersecurity. Join Todd and Adam as they discuss the implications of these advancements and the importance of staying vigilant in an ever-changing digital world. Episode Transcript: Honestly, we have to go do some digging and some research, but I'm not sure how many compliance-related pods have 200 episodes. So I think it's fair to say we're in a relatively elite group, if you will, but no, it's been fun doing what we do. It's fun to be able to bring data, information, topics, and discussions to folks in the compliance space. Hopefully, they've enjoyed the ride as much as we have, but hey, we'll keep cracking. You and I were talking a little bit ago, we'll do something a little more spectacular for episodes like 250 or something, as we get to that point. It's been fun, been a good ride, but I'd also echo the notion, for the folks that are listening, do us a favor, honestly, what do you want to hear about? Did you hear about something cool, some new topic in the security or compliance space that you want to know more about, something that, in your retrospective, you think that we haven't quite covered in its entirety, something else that we could hit? Follow me, give us the ideas. We love receiving the feedback and the input, always looking for neat new stuff to chat about, so pretty cool. Absolutely. Well, today we're going to chat about, you know, a hot topic, I would say, and that's specifically how hackers are using AI in 2026. So there is a lot of talk of AI being used for good, but at a high level, how is AI helping the bad actors out of it? Well, I mean, with any technology, as it goes from its infancy and starts to blossom, if you will, it has the capability for being used to help those which are protecting organizations or that are outsourcing security-related functions to companies, things along those lines. And so, for the good guys, there are certainly added benefits to the notion of AI, but most certainly, there's no question that the bad actors out there, they similarly, it's almost like getting into an arms race, where they're able to use that same technology for evil. And taking advantage of capabilities for increased speed, automation, more advanced attacks, things along those lines. So, we'll get into a number of those topics today, but now it's being used on both sides of the fence, and it very much feels like an arms race unfolding, as we speak, if you will. No, no, most definitely. Now, for many cybersecurity professionals, the best offense is a great defense. But how is AI lowering barriers to entry for the bad guys? Well, you know, for the bad guys, you know, they're developing, you know, they're developing tools. It used to be that, you know, you have that or whatever. Let's say we go back 10 years, right? You know, you had to have a certain level of capability, level of skill, things along those lines that, you know, that would be, you know, that would be happening.

    22 min

  6. JAN 8

    Q1 Security Insights 2026 - Episode 199

    On this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity. Episode Transcript: So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction. But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera. But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization. So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera. And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.

    19 min

  7. 12/31/2025

    Happy New Year from Compliance Unfiltered - Episode 198

    Join the CU Guys on this special New Year edition of Compliance Unfiltered. As they reflect on the past year and look forward to 2026, the guys discuss the evolution of compliance standards, the role of artificial intelligence in streamlining client engagements, and the importance of client feedback in shaping the future of TCT. Tune in for insights on how TCT plans to enhance its platform to better serve the diverse needs of its clients in the compliance space. Episode Transcript: Today we're going to talk about a happy new year. How about that? We're going to talk about the year that was, the year that is, and the year that will be at TCT and in the compliance space in general. So Adam, before we get started, I wanted to remind the folks, now the beginning of the year is the perfect time of year for you to reach out to us, let us know your thoughts, your suggestions, funny jokes, maybe a great recipe, always interested to hear what you have to say to us at Compliance Unfiltered. Well, happy new year to you, sir. Talk to us a little bit more about what the year is like for you. Yeah, and one thing to add on to what you were just saying there a minute ago, because I similarly would echo the sentiment. We'd love to hear from the listeners and, you know, certainly if there are topics that you're struggling with, if there's a topic that you struggled with that you think somebody else may be in the same situation, like us to cover, et cetera, go ahead and throw the, throw the ideas. We'd love to, love to hear the input, love to hear the feedback. But, man, we're, we're heading into the, heading into the end of a good old 2025. And, well, we got, you know, we got holidays a foot. We've got all sorts of traveling happening. We've got college football all over the place. It's a, it's a good time of year and also a good time to kind of reflect on, you know, reflect on 25, look ahead at 26. So, you know, I don't know, as I, as I, you know, kind of take, take stock of, of 2025, you know, it's just a, in general, it's a time of year where, you know, remain appreciative of the, you know, of the, the, the folks that surround us, you know, whether they be family or family or friends, and certainly in TCT's case, the, you know, the, the awesome client base that we've got, you know, their, their involvement, their, their, their business, unbelievably appreciative of, of everybody, you know, that, that we've got, you know, it's been, yeah, it's been a really, it's been a really fun, really fun year. Lots of stuff going on on, you know, and all that fun stuff. I mean, you know, you look back and, and you just look at, you know, how many new friends that we've, you know, that we've kind of made throughout the, you know, throughout the year, it's been, it's been a, it's been a wild ride. So it's, it's always fun, fun doing that. Part of the, the, the part that I really like about, you know, kind of about how we do what we do and this arena is, you know, is that input, is that feedback that we get from the, you know, from the customers, especially the new ones that, you know, that come on, getting their input on, you know, things they'd like to see within the system and features and functions, et cetera. Um, God, when we, when we started this, it started with like, I don't know, we had, I had 200 or something, uh, different ideas for things that I wanted to, you know, go kind of go do with the system, but when we launched it, it very quickly morphed because, you know, we did encourage the, the, you know, everybody to participate, right? And so when we launched this thing back in 2015, um, it was actually technically, I don't know if anybody knew this, but it was, it was technically ready to ready for prime time in 2014. And it's kind of apropos because we're at the end of the year, right? Well, back in 2014, we were ready to roll in, I think it was around the October, mid to late October timeframe, early November.

    17 min

  8. 12/24/2025

    Happy Holidays from TCT and Compliance Unfiltered - Episode 197

    On this festive edition of Compliance Unfiltered the CU Guys delve into the challenges and joys of the compliance season. With a focus on gratitude and reflection, they discuss the importance of operational mode in easing compliance burdens and share insights on how TCT is making compliance management more manageable. Tune in for a heartfelt conversation filled with appreciation for clients and colleagues, and a sneak peek into TCT's future innovations. Don't miss this engaging episode that promises to make your compliance journey a little brighter. #ComplianceUnfiltered #TCT #ComplianceManagement Episode Transcript: Well, Adam, this time of year, I like to spend my time being thankful. Thankful for a lot of things. Thankful for my kids. Thanks for my dog. Thanks for my family and job and all the things. What are you thankful for this year, sir? Oh, well, um, you know, just, it's been, uh, it's been a, uh, been a good year. We'll, we'll be, we'll be doing like, uh, officially a new year's, uh, a new year's edition, you know, type of thing for the official reflection on the year and all that fun stuff, so stay tuned. But, um, no, it's just, uh, you know, you get to this point in the year and, uh, you know, every, it's, it's funny, you know, um, you know, some, you know, I'm, thankful, I'm thankful we're at this point, we're about to, you know, go embark on, uh, you know, whatever, in about 10 days or so of, uh, primarily, uh, food and family and all of that fun stuff. But no, it's, uh, it's a, it's a fun time of year. You know, it, it makes me, it makes me think about some of the poor souls that are like, especially in the compliance space, right? You've got, there's a lot of organizations. I think, I think it was born from, you know, a lot of organizations, the, the compliance endeavors started by somebody originating out of like the, the CFO, you know, the, the accounting arena, and they're so used to having their, their engage, you know, their, their stuff go on a, you know, an annual cycle, you know, most companies are, are going January, December, right? And so there's a lot of people that, uh, that have their compliance engagements that go from January 1st to December 31st. So, you know, while a lot of people are heading off in, into the, uh, into the holiday sunset, if you will, you know, there's definitely some people in this compliance space. They're, they're kind of gearing up, right? They're mentally preparing themselves for, uh, for all of the fit that's about to hit the Shan. They got an extra cup of eggnog over there. Uh, yeah, with hopefully a couple of additives in it to help them navigate the waters. But I mean, it's for a lot of folks in the, in the, in the compliance arena, this time of year is, is, uh, it's kind of stressful, uh, extra stressful, right? You're not, you're not just worrying about trying to navigate holidays and all that fun stuff, but you're, you're also, you know, staring down, uh, staring down a big hole in, uh, engagement and, and all of that fun stuff. So that definitely makes it, uh, make, makes it a little bit more exciting for some of the, some of the poor souls in the, in the, in the compliance management arena. That totally tracks. Now, what type of messages of peace and goodwill do you have for those compliance teams out there right now in the stick of it? Well, you know, we started this wild extravaganza for a reason, right? We were trying desperately to, you know, to help folks navigate their compliance engagements in a more peaceful manner, if you will. And a good part of that just comes down to, you know, the one thing I'd say to the folks in the compliance arena that, you know, they're, you know, about to enter the kind of fray, if you will, for their, for the annual engagement. I always try to, you know, find ways to make, make things better.

    14 min
See All (204)

Ratings & Reviews

5
out of 5
2 Ratings

About

Compliance Unfiltered is a Podcast Dedicated to Making Compliance Suck Less

Information