When Governance, Risk, and Compliance (GRC) issues are in the headlines, it’s usually a bad thing. It’s only when a major data breach happens, or a company runs afoul of some regulation, that these important responsibilities get their time in the limelight. GRC & Me is here to shine a light on those individuals tasked with safeguarding their employers’ information and integrity, day in and day out. Tune in every other week as host Megan (Phee) Brown, Director of International Sales at LogicGate, and her guests explore the issues and ideas that give shape to these interconnected functions. Just as GRC touches many parts of a business, so too will the podcast delve into a wide array of concerns—from current events and modern methodologies to cultural nuances and game-changing developments. Join us and learn why GRC is so critical to the future of any organization, where the industry has been—and where it’s going.
Shifting Gears To Quantify Risk with Netflix’s Tony Martin-Vegue
Switching from traditional risk analysis methods like ordinal lists or red-yellow-and-green charts to more modern approaches like risk quantification requires a paradigm shift in how you think about measuring risk, but the increased accuracy, specificity, and reliability you’ll gain by doing so pays dividends.
On this episode of GRC & Me, Netflix’s Tony Martin-Vegue join LogicGate’s Chris Clarke to explore the best ways to navigate this transition, how to learn and leverage popular risk quantification frameworks like Open FAIR, and why you shouldn’t completely throw your colored charts out the window just yet.
Please Hack Me: Hacking Companies for Good
They say it takes a thief to catch a thief, so why not a hacker to catch a hacker?
That was the premise behind Ted Harrington’s Independent Security Evaluators, a company dedicated to poking holes into other companies’ cyber defenses — for the right reasons, of course. On this episode of GRC & Me, Ted takes LogicGate’s Chris Clarke on a journey down the benevolent hacker’s rabbit hole, where they discuss:
The difference between white box and black box testing (and which is better.)Why carrying these exercises out can build trust and become a competitive advantage in third-party risk assessment.Why it’s important to shift your mindset from one that views security as an obstacle to one that views it as an opportunity.Uncovering the unknown unknowns in cybersecurity.How “defense in depth” strategies can put security teams a step ahead of threat actors.The four traits that lead hackers to be successful, and why thinking like one can be an effective way to bolster your cyber defenses.
Rockets, Radios, and Risk: How NASA Manages Uncertainty in Orbit
Few careers involve managing as much risk as one where you’re responsible for launching humans riding gigantic rockets into outer space. That’s exactly what Barrios Technology Chief Strategy Officer Ginger Kerrick did during her three-decade career working for NASA.
On this episode of GRC & Me, Ginger joins LogicGate’s Chris Clarke to discuss methods for developing methodical, standardized thought processes for risk decision-making in high-stakes scenarios, how NASA employees are trained to separate logic from emotion, how disasters can inform future mitigation planning, and why the most important part of managing risk is having the right leaders in place.
Managing Risk on the Frontlines of the Financial Sector
One of the most high-profile risk events of the last year was the swift collapse of Silicon Valley Bank and other regional banks amid spiking interest rates. Part of the problem? The lack of a complete, comprehensive view of the risks these banks were facing — in particular, liquidity risk.
Allstate Canada's Chief Risk Officer Jason Wang has spent his career assessing and analyzing risk in the financial services space, dedicated to anticipating and mitigating risks just like the one that sank SVB. On this episode of GRC & Me, Jason joins LogicGate’s Chris Clarke to discuss the importance of building a holistic risk register, how to position risk management as a strategic enabler instead of a “revenue prevention” department, why it’s critical to include your chief risk officer on the executive team, and more.
Staying in the Fed’s Favor: Navigating Government Contracts with Intel Federal’s John Griffin
When doing business with the federal government and its myriad agencies, organizations are bound to run into plenty of mandates, regulations, and other requirements. Navigating them all can cause a headache for even the most detail-oriented compliance managers.On this episode of GRC & Me, Chris Clarke is joined by Intel Federal’s Compliance Program Manager, John Griffin. Griffin draws on his decades of experience in federal contracting and working with government agencies at companies like Honeywell and Boeing to explore methods for better managing product development and performing diligence on third-party vendor relationships while operating under strict and stringent government standards and requirements. Plus, learn a few of Griffin’s more creative methods for determining how risky a particular organization might be to work with.
Building Robust Risk Cultures Through Collaborative Cyber Risk Management
Oftentimes, cyber risk teams are viewed as reactive “audit police,” swooping into projects to flag risks and forcing changes at key points. This approach can generate a resentful — even toxic — risk culture. There’s a better way to build healthier risk cultures: Taking a more collaborative, embedded approach to cyber risk management by positioning cyber risk leaders as advisors and partners, working side-by-side with project teams from the start.
On this episode of GRC & Me, Chris Clarke is joined by Cyberpink’s Founder & Owner, Praj Prayag-Deb, to discuss how to shift your organization’s risk culture toward this new approach, her formula for building successful cyber risk programs from scratch, how leveraging the right technology makes it all possible, and why adopting a growth mindset is critical for every cyber risk leader.
Go-to source for all things GRC 🙌
Love this show - it consistently levels me up and is an invaluable resources for anyone in the GRC space