Risk Grustlers

Scrut Automation

Welcome to 'Risk Grustlers,' where we celebrate the extraordinary journeys of modern-day Risk Leaders who embrace the art of 'Grustle'—a powerful fusion of Grind and Hustle. Our podcast dives into the innovative strategies and bold decisions taken by these risk-takers, shaping the future of cybersecurity and risk management. Join us as we explore their inspiring stories, insightful advice, and cutting-edge technologies that define the alternative GRC landscape. 

  1. EP 16 | All about compliance commoditization, GRC 4.0 & AI

    21 DE MAI.

    EP 16 | All about compliance commoditization, GRC 4.0 & AI

    Featuring Nicholas Muy, CISO, Scrut Automation In this episode, our CEO Aayush Ghosh Choudhury sits down with our CISO Nicholas Muy for a candid conversation on some of the most debated trends in GRC today. With nearly two decades in security—including roles at the Department of Homeland Security, Expedia, and high-growth startups—Nicholas knows what it takes to build programs that go beyond the basics. From AI agents to audit-ready automation, this episode is a playbook for where GRC is headed. A special episode packed with actionable ideas to take back to your team. Description Nick doesn't sugarcoat it: compliance is changing—and the shift is bigger than commoditization. It’s convergence. In this episode, he explores how security and compliance are merging into unified, intelligent workflows—with AI agents playing a key role. Drawing on his vast experience in cybersecurity, he breaks down what agentic GRC actually looks like and how early-stage companies can embrace frameworks without being boxed in by them. Whether you're rethinking audits, scaling trust, or experimenting with AI teammates, this episode offers a glimpse into what’s next for GRC. Highlights from the episode Is compliance becoming a commodity—or something more valuable? How security and compliance are converging faster than you think The rise of agentic AI and what it means for GRC teams Building adaptable, audit-ready programs that don’t drain your team Quotes “Personally, I see it less as commoditization and more as democratization.” “Compliance gave us the time and structure to gradually build and refine our security posture.” “Cost and effort alone aren’t reliable indicators of audit quality—especially for small to midsize companies.” “Agentic teammates help us scale by reviewing vendors upfront, surfacing risk, and retaining context between assessments.” About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    32min
  2. EP 15 | Keep your friends close, but your insiders closer

    19 DE FEV.

    EP 15 | Keep your friends close, but your insiders closer

    About the speaker: Srikanth Chavali, Co-Founder and CPO at Kitecyber, dives deep into the growing threat of insider risks and shares approaches to help businesses can stay ahead of the curve. With years of experience tackling complex cybersecurity challenges, Srikanth offers valuable insights and practical advice for organizations of all sizes. Tune in for an insightful conversation packed with actionable strategies you won’t want to miss! Description: In this episode, Srikanth Chavali unpacks the complex terrain of insider threats, highlighting why these risks are growing and how organizations can proactively protect themselves. He emphasizes that even small and mid-sized companies, often without dedicated security teams, can mitigate these threats by setting clear accountabilities and adopting the right technologies. Srikanth discusses how a virtual CISO (vCISO) can help companies build a strong security posture, even with limited resources, and stresses the importance of a dedicated leader driving security efforts.  He also delves into the evolving role of AI and automation in cybersecurity, showing how these technologies are transforming threat detection and data classification. With a focus on actionable insights, Srikanth explains how companies can leverage AI to improve security measures while reducing false positives and increasing efficiency. Highlights from the episode: Managing insider threats without a dedicated security teamThe importance of accountability in cybersecurityLeveraging AI for improved data classification and threat detectionPractical steps small and mid-sized companies can take to improve securityQuotes: “Cybersecurity is not just a technical challenge; it's a responsibility that needs to be owned across the organization.” “Insider threats are not always easy to detect, but with the right tools and mindset, organizations can proactively manage risks.” “AI and automation are changing the game for threat detection, offering more precision with fewer false positives.” “You don’t need to start from scratch—leveraging existing models and tools can be a great way for smaller companies to begin their cybersecurity journey.” About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    30min
  3. EP 14 | Doing the little things right

    13 DE JAN.

    EP 14 | Doing the little things right

    About the speaker: Drew Danner, Managing Director at BD Emerson, offers a new take on the old security vs. compliance debate—you cannot have one without the other. With ten years in the US Army and a no-nonsense approach to cybersecurity, he’s been in the trenches (literally and figuratively) and is a go-to professional for all things security. So grab a coffee and a notepad, because this conversation is packed with insights you won’t want to miss. Tune in now! Description: In this episode, Drew uncomplicates GRC and stresses the importance of “keeping it stupid and simple.” Drawing from his experiences in both the army and cybersecurity, he shares easy and practical tips for building a sustainable security program. Drew emphasizes the importance of doing the “little things” in GRC. He highlights how small, consistent actions—like reviewing contracts and integrating compliance into daily operations—can drive meaningful change and prevent last-minute crises. Tune in to hear his insights on bridging the gap between compliance and security, navigating intimidating frameworks, and how early attention to security can help companies win customer trust and build stronger businesses. Highlights from the episode: Pro tips for companies that are getting started with complianceOvercoming intimidation with new frameworks like ISO 27001The simplicity of building effective security controlsThe evolving nature of security audits in the age of AI Quotes: “Security is the operation of achieving compliance.” “Consistency, that’s what it’s all about. Doing the little things right, every single time.” “The easiest security controls can have the biggest impact if you just do them right.” “You don’t need a certificate to do the right thing. Start with the basics.” About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    29min
  4. Security on a Shoestring Budget

    10/06/2024

    Security on a Shoestring Budget

    Introduction Kevin Qiu, a seasoned Information Security Professional, joins us on the latest episode of Risk Grustlers to share his journey from Big Four consulting to tech startups, offering invaluable insights on building effective security programs on a limited budget. Don't miss Kevin's practical tips for adapting security infrastructure, managing compliance, and tackling challenges unique to small and medium-sized businesses. Tune in for a masterclass on must do’s when building a security strategy! Description In this episode, Kevin offers a unique perspective on the differences in security infrastructure between large enterprises and startups, highlighting the need for adaptability in smaller companies. Kevin delves into the key areas mid-sized companies should focus on when building an effective security program, emphasizing practical steps and strategic planning.  He also addresses the common perception that compliance is merely box-ticking, discussing its true value and importance in maintaining robust security. Tune in to uncover practical tips for building a robust security program in small to medium-sized companies.  Highlights from the episode Kevin’s career transitionChallenges in startups vs. large enterprisesBuilding a security program in mid-sized companiesCompliance vs. real securityQuotes “Don’t just buy any tool off the shelf because you need one specific feature. That is how your budget becomes bloated. If you can develop it in-house, if it makes sense to do so, then do that before you go and spend money on it.” “One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits.” “Startups often rely heavily on third-party tools. Knowing your vendors is crucial. If a vendor is breached and you didn't even know your team used them, you're in big trouble.”About Scrut Automation Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies worldwide establish enterprise-grade information security processes through an easy-to-use GRC platform. To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    29min
  5. The Upshot of (Un)Continous Compliance

    10/06/2024

    The Upshot of (Un)Continous Compliance

    About the Speaker With a dynamic personality and over 25 years of IT management and security expertise, Todd Dekkinga steps into the spotlight as the new host of Risk Grustlers. As the CISO at Scrut Automation and Zluri and advisor to startups like Box and Zoom, Todd is the perfect guide to help you navigate the complexities of risk and compliance. Todd and our CEO and Co-Founder, Aayush Ghosh Choudhury, share an undeniable passion for security and startups, which shines through in this lively episode. They share actionable advice and deep insights, including trade secrets you wouldn’t hear elsewhere. You don’t wanna miss this! Introduction In this episode, we explore Todd’s unorthodox path to compliance, GRC, and risk management – a testament to the diverse paths that can lead to a career in risk management.  He highlights the pivotal moments that shaped his expertise, including the dot-com crash of 2001 and his work in highly controlled environments like biotech. Todd discusses the common mistakes startups make during the SOC 2 compliance process and offers practical advice on maintaining compliance post-certification.  He also elaborates on the role of automation in GRC, particularly in optimizing compliance efforts for companies of different sizes. Todd's insights will provide valuable perspectives on navigating the complexities of compliance and risk management. Tune in to uncover the true upshot of continuous and non-continuous compliance. Highlights: Todd’s journey into compliance and risk managementNavigating compliance in startups vs. large companiesThe role of automation in GRCPractical tips for continuous compliance Quotes "The dot-com crash of 2001 was a turning point for me, leading me to focus on IT efforts in regulated industries like biotech. Working in highly controlled environments laid the foundation for my understanding of compliance and risk." "One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits." "Automation plays a crucial role in simplifying compliance tasks, particularly for smaller companies with limited resources. Automated tools like Scrut streamline processes, reduce manual effort, and ensure consistency in meeting regulatory requirements."About Scrut Automation Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform. To watch more of our episodes and learn more about us, visit us at About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    23min
  6. Security: Building a Business Within a Business

    15/02/2024

    Security: Building a Business Within a Business

    About Aaron Worthman In this episode of Risk Grustlers, Aaron Worthman, a seasoned leader in the cybersecurity realm, joins us. With over 25 years of experience and currently serving as a Board Member, as well as holding positions as (acting) CIO & CSO at Spire One, Aaron's career trajectory embodies adaptability and forward-thinking.  Aaron’s journey from hands-on operational roles to strategic leadership positions offers invaluable insights into navigating the complexities of risk management in today's digital landscape. Description The winding path of growth in risk management involves navigating uncertainties and establishing a baseline for security. Prepare with us as we delve deep into finding the right balance between allocating resources for immediate needs and investing in long-term resilience for your security program with Aaron Wurthman.  Through this episode, we’ll also uncover how underspending on security can be a major concern leading to significant cybersecurity catastrophes. Along with this, we decipher how to begin the security journey within a company with a top-five checklist of key considerations. Tune in now and seize this opportunity to elevate your understanding of risk management in today's digital age. Highlight Dive into the nuanced discussion surrounding security spending and the philosophy that IT and security functions should operate as businesses within a business. Gain valuable insights into the process of setting a spending baseline for security programs, emphasizing the importance of collaboration and transparency.Uncover the critical balance between allocating resources for immediate security needs and investing in long-term resilience. Delve into the repercussions of underspending on security and the potentially catastrophic consequences, such as ransomware attacks and breaches. Quotes from the episode "Budgeting with all aspects of security in mind is truly a key requirement." "By prioritizing collaboration, transparency, and long-term resilience, organizations can effectively safeguard their assets while driving sustainable growth." "Having precise numbers is always great, but you need to first have established that rapport with the stakeholders in order for that number to be believed." About Scrut Automation Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform. To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    34min
  7. The Perks Of Automating Audits

    25/09/2023

    The Perks Of Automating Audits

    Stepping into the spotlight in the tenth episode of our Risk Grustlers podcast is Shashank Karincheti, the Senior Manager of Compliance Engineering at Razorpay and the mastermind behind Razorpay’s cutting-edge IT GRC. His unquenchable thirst for knowledge shines through his impressive collection of certifications, showcasing his unwavering commitment to staying on top of the ever-evolving world of cybersecurity. With boundless curiosity and unwavering passion for infosec, Shashank is the ideal guide for anyone looking to explore this fascinating field. About Shashank Karincheti In this captivating episode, Shashank Karincheti unravels the secrets to streamlining compliance processes, optimizing efficiency, and achieving unparalleled accuracy in audits. He offers an exclusive look into the decision-making process between in-house development and partnering with third-party vendors for automation. He also draws attention to the significant role of culture and strategy, showing how aligning business goals, industry regulations, and company values can lead to triumphant automation strategies. Whether your organization is just starting or already mature, Shashank will share invaluable perspectives on audit automation that will undoubtedly broaden your infosec knowledge. Join him as he delves into the strategic considerations behind prioritizing audit processes, establishing metrics and KPIs, and measuring the true effectiveness of automation programs. His insights will leave you empowered and inspired to optimize your organization’s compliance efforts. Tune in to gain invaluable knowledge from a true industry expert! Highlights from the episode Unveiling the benefits of audit automation for organizations Discussing how to measure the effectiveness of automation programsEmphasizing the importance of building a culture of compliance Quotes “Audits used to be seen as a mere checklist exercise, completing tasks and calling it a day. But today, they're all about compliance by design. Take certifications like SOC 2, where specific criteria must be met, showing the presence of controls for added reassurance. In our world, audit automation means crafting a platform with built-in compliance and framework requirements, ensuring a broader focus on security and control.” “Focus on building a culture of compliance and make it a part of your organization’s DNA. Understand the relevant frameworks and prioritize your actions accordingly. Once you have this foundation in place, you can evaluate automation tools and decide which processes to automate and which ones require manual handling.” About Scrut Automation Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    30min
  8. The Art Of Breaking Into The Security Space

    25/09/2023

    The Art Of Breaking Into The Security Space

    Joining us on the ninth episode of our podcast Risk Grustlers is none other than sec-savvy Akshay Ahuja, the Principal of Information Security at M2P Fintech. He’s not just your average security guru; he's the kind of cybersecurity wizard who makes firewalls feel inadequate! Akshay started his journey as an electronics and communication engineer, but he threw caution to the wind and embarked on a quest to chase his cybersecurity dreams. Fast  forward over a decade, and he's become a bona fide legend in the cybersecurity realm. About Akshay Ahuja Akshay Ahuja vividly recounts his unique career journey in this exciting episode. From graduating as an electronics and communications engineer to becoming the Principal of Information Security at M2P Fintech, Akshay discusses how he followed his passion to get to where he is today. He dives deep into the need for staying up to date with regulatory changes and leveraging technology, particularly automation and common control frameworks, to enhance compliance efforts. A strong advocate for automation, he believes AI-driven technology like OpenAI and ChatGPT, will become increasingly essential in the compliance market and recommends embracing automation to keep pace with the evolving cybersecurity landscape. So, whether you’re a seasoned professional looking to up your game or you’re just embarking on your infosec journey, you will not want to miss this one! Tune in to gain important insights into the world of cybersecurity. Highlights from the episode Uncovering common myths around standards applicable to fintech companiesBest practices every company needs to follow for effective cybersecurityDiscussing how a current day in the life of an infosec leader/expert looks likeProviding career guidance for aspiring cybersecurity professionals Quotes “When it comes to automation, it’s all about showcasing what it can do for you. It’s about creating evidence automatically and reducing manual effort. And let me tell you, this new age of AI, with powerhouses like OpenAI and ChatGPT, is already disrupting the market. So I would say that it will soon disrupt the market of compliance. It is the future, and there is no way around it.” “Regulations and compliance requirements in the realm of Infosec share a significant overlap. Many regulators emphasize similar aspects such as information security, major industry practices, and more. Around 65 to 75% of these requirements align across various frameworks. The goal now is to devise an objective approach for companies to develop their own common control framework.” About Scrut Automation Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an ea About Scrut Automation: Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos. To watch more of our episodes and learn more about us, visit us at : https://www.scrut.io/podcasts

    54min
Ver tudo (16)

Sobre

Welcome to 'Risk Grustlers,' where we celebrate the extraordinary journeys of modern-day Risk Leaders who embrace the art of 'Grustle'—a powerful fusion of Grind and Hustle. Our podcast dives into the innovative strategies and bold decisions taken by these risk-takers, shaping the future of cybersecurity and risk management. Join us as we explore their inspiring stories, insightful advice, and cutting-edge technologies that define the alternative GRC landscape. 

Informações

  • Criado por
    Scrut Automation
  • Anos de atividade
    2023 - 2025
  • Episódios
    16
  • Classificação
    Livre
  • Copyright
    © 2025 Risk Grustlers
  • Site do podcast
    Risk Grustlers