Risk Grustlers Scrut Automation

About Aaron Worthman

In this episode of Risk Grustlers, Aaron Worthman, a seasoned leader in the cybersecurity realm, joins us. With over 25 years of experience and currently serving as a Board Member, as well as holding positions as (acting) CIO & CSO at Spire One, Aaron's career trajectory embodies adaptability and forward-thinking. 
Aaron’s journey from hands-on operational roles to strategic leadership positions offers invaluable insights into navigating the complexities of risk management in today's digital landscape.


Description

The winding path of growth in risk management involves navigating uncertainties and establishing a baseline for security.
Prepare with us as we delve deep into finding the right balance between allocating resources for immediate needs and investing in long-term resilience for your security program with Aaron Wurthman. 
Through this episode, we’ll also uncover how underspending on security can be a major concern leading to significant cybersecurity catastrophes. Along with this, we decipher how to begin the security journey within a company with a top-five checklist of key considerations.
Tune in now and seize this opportunity to elevate your understanding of risk management in today's digital age.


Highlight
Dive into the nuanced discussion surrounding security spending and the philosophy that IT and security functions should operate as businesses within a business. Gain valuable insights into the process of setting a spending baseline for security programs, emphasizing the importance of collaboration and transparency.Uncover the critical balance between allocating resources for immediate security needs and investing in long-term resilience. Delve into the repercussions of underspending on security and the potentially catastrophic consequences, such as ransomware attacks and breaches.

Quotes from the episode

"Budgeting with all aspects of security in mind is truly a key requirement."

"By prioritizing collaboration, transparency, and long-term resilience, organizations can effectively safeguard their assets while driving sustainable growth."

"Having precise numbers is always great, but you need to first have established that rapport with the stakeholders in order for that number to be believed."


About Scrut Automation
Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.
To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts

Stepping into the spotlight in the tenth episode of our Risk Grustlers podcast is Shashank Karincheti, the Senior Manager of Compliance Engineering at Razorpay and the mastermind behind Razorpay’s cutting-edge IT GRC.

His unquenchable thirst for knowledge shines through his impressive collection of certifications, showcasing his unwavering commitment to staying on top of the ever-evolving world of cybersecurity. With boundless curiosity and unwavering passion for infosec, Shashank is the ideal guide for anyone looking to explore this fascinating field.

About Shashank Karincheti

In this captivating episode, Shashank Karincheti unravels the secrets to streamlining compliance processes, optimizing efficiency, and achieving unparalleled accuracy in audits.

He offers an exclusive look into the decision-making process between in-house development and partnering with third-party vendors for automation.

He also draws attention to the significant role of culture and strategy, showing how aligning business goals, industry regulations, and company values can lead to triumphant automation strategies.

Whether your organization is just starting or already mature, Shashank will share invaluable perspectives on audit automation that will undoubtedly broaden your infosec knowledge.

Join him as he delves into the strategic considerations behind prioritizing audit processes, establishing metrics and KPIs, and measuring the true effectiveness of automation programs.

His insights will leave you empowered and inspired to optimize your organization’s compliance efforts. Tune in to gain invaluable knowledge from a true industry expert!


Highlights from the episode
Unveiling the benefits of audit automation for organizations Discussing how to measure the effectiveness of automation programsEmphasizing the importance of building a culture of compliance
Quotes
“Audits used to be seen as a mere checklist exercise, completing tasks and calling it a day. But today, they're all about compliance by design. Take certifications like SOC 2, where specific criteria must be met, showing the presence of controls for added reassurance. In our world, audit automation means crafting a platform with built-in compliance and framework requirements, ensuring a broader focus on security and control.”

“Focus on building a culture of compliance and make it a part of your organization’s DNA. Understand the relevant frameworks and prioritize your actions accordingly. Once you have this foundation in place, you can evaluate automation tools and decide which processes to automate and which ones require manual handling.”

About Scrut Automation

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.

To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts

Joining us on the ninth episode of our podcast Risk Grustlers is none other than sec-savvy Akshay Ahuja, the Principal of Information Security at M2P Fintech. He’s not just your average security guru; he's the kind of cybersecurity wizard who makes firewalls feel inadequate!

Akshay started his journey as an electronics and communication engineer, but he threw caution to the wind and embarked on a quest to chase his cybersecurity dreams. Fast  forward over a decade, and he's become a bona fide legend in the cybersecurity realm.

About Akshay Ahuja

Akshay Ahuja vividly recounts his unique career journey in this exciting episode. From graduating as an electronics and communications engineer to becoming the Principal of Information Security at M2P Fintech, Akshay discusses how he followed his passion to get to where he is today.

He dives deep into the need for staying up to date with regulatory changes and leveraging technology, particularly automation and common control frameworks, to enhance compliance efforts.

A strong advocate for automation, he believes AI-driven technology like OpenAI and ChatGPT, will become increasingly essential in the compliance market and recommends embracing automation to keep pace with the evolving cybersecurity landscape.

So, whether you’re a seasoned professional looking to up your game or you’re just embarking on your infosec journey, you will not want to miss this one! Tune in to gain important insights into the world of cybersecurity.

Highlights from the episode
Uncovering common myths around standards applicable to fintech companiesBest practices every company needs to follow for effective cybersecurityDiscussing how a current day in the life of an infosec leader/expert looks likeProviding career guidance for aspiring cybersecurity professionals

Quotes
“When it comes to automation, it’s all about showcasing what it can do for you. It’s about creating evidence automatically and reducing manual effort. And let me tell you, this new age of AI, with powerhouses like OpenAI and ChatGPT, is already disrupting the market. So I would say that it will soon disrupt the market of compliance. It is the future, and there is no way around it.”

“Regulations and compliance requirements in the realm of Infosec share a significant overlap. Many regulators emphasize similar aspects such as information security, major industry practices, and more. Around 65 to 75% of these requirements align across various frameworks. The goal now is to devise an objective approach for companies to develop their own common control framework.”

About Scrut Automation

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.

To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts

Risk management isn't all crunchy and rigid - GRC teams and individuals deal with several professional difficulties, fears, and uncertainties that impact their risk decisions. But what is being done about it?

Oftentimes, GRC professionals on the crunchy side have to carry out softer tasks that require things like behavior changes across teams, which in turn require steps to be taken. What does the bridge between this gap look like?

Join us as we learn about what the soft and squishy side of GRC entails with Jason and also understand the impact his organization - kinkou.org has been having on bringing this soft side to a new light.

In this episode, Jason offers practical insights highlighting the importance of skills like communication and relationship-building in strengthening risk management. Tune in now!

About Jason

Joining us on the eighth episode of Risk Grustlers is Jason Leuenberger, a Leadership and Team Coach whose journey in GRC speaks for itself. Jason has been immersed in the crunchy approach towards GRC for the past 20 years, deep into technical domains, and now he’s sharing why the softer side of GRC may be the hidden gold mine no one’s paying attention to.

With over twenty years of experience in the industry, Jason is the perfect guide to help you master the often-overlooked softer side of GRC.

You can reach out to Jason directly at jason@kinkou.org to learn more about his services.

Highlights from the episode
Demystifying what the soft and squishy side of GRC entailsUnderstanding the difference between buy-in and weigh-in for expandingBridging the gap between crunchy GRC side and softer GRC sideQuotes

“The human side of risk is what I like to call the softer side. We often assume that people are either naturally born with talents like communication and relationship-building or they’re not. But the truth is, these are skills that we can learn, understand, and actually develop over time.”

About Scrut Automation

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.

To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts

Renae Martin, whose love for information security developed in a rather unorthodox way, is joining us for our seventh episode of Risk Grustlers! Her journey as a journalist turned senior technical program manager is one full of interesting pathways, anecdotes, and challenges. 

Tune in as Renae shares the inside stories from her years of experience tackling several security projects! 

About Renae

Drawn by the excitement of the early 2000s tech landscape, Renae chose to transition from an entirely different field - journalism to the cybersecurity industry. In this episode, we are uncovering her experience of starting in this industry as a very beginner to what she feels now as an experienced professional.

GRC often faces perceptions of being unexciting and undervalued compared to development teams - and Renae is no stranger to this conception.

However, as a project manager who’s lead several security projects - she has seen the role evolve and is sharing how the real value lies in understanding optimal solutions and collaborating closely with teams to innovate.

That’s not it though, we are going deep and hitting Renae with just the right questions - who wins in GRC - a pushover or a hard ass? What are the implications of assertiveness and empathy in long-term GRC success?

If you’re interested in learning her thoughts on these topics, then don’t forget to tune in to our seventh episode of Risk Grustlers!

Highlights from the episode
Transitioning to the information security industry and navigating the GRC spaceBalancing collaboration and assertiveness while executing risk management activities Understanding the security budget for establishing a minimum viable risk program in growth-stage companies Quotes

“I've learned from past experiences that when flashy tools were brought in without the necessary structure and support, it often led to issues. There's no magic solution in a tool alone; it requires knowledge and effort to work effectively. Establishing a strong foundational risk program comes first.” 

"While checklist-based approaches can be dull, the real value lies in understanding optimal solutions and collaborating closely with teams to innovate."

About Scrut Automation

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.

To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts

Building a security team, let alone scaling it, is no small feat; there are several layers and factors to consider. In this episode, Satya shares with us his experience of building teams across different environments and some core concerns he makes sure to address.

Moving along, the conversation also tackles the question of how much growth-stage companies should invest in security, with special attention on the kind of messaging that they should be focusing on first.

There is a sharp distinction between feeling secure and being secure - an approach that Satya uses to determine which side of the coin a company wishes to fall into.

If you’re interested in learning the key strategies from an esteemed security professional on how to get your security budget approved, how to keep up with the attackers in the present threat landscape, as well as the know-how on staying up-to-date with the new frameworks, then tune in right now!

About Satya

Satya Nayak, Head of Security Engineering & Operations at Outreach, is joining us for the sixth episode of Risk Grustlers to share what sparked his passion for cybersecurity and give solid advice on leading security teams with finesse.

Being one of the fastest-growing professionals in the industry, Satya has some incredible tips up his sleeve that will have you see GRC in an entirely new light.

Highlights from the episode
Building security teams without killing the passion of your team membersFeeling secure vs. being secure - two sides of a coin Using hard numbers to back up larger scale and advancements Navigating the framework soup and scaling your GRC team with it Quotes

“Operating from the sidelines won’t cut it. You’ve got to be in the know about what’s happening out there. That’s how you back up your team, manage projects, and make those smart moves.”

"It is important to not smother your team's passion for security under a pile of processes and organizational rules."

About Scrut Automation

Scrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.

To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcasts