Episoder

  • In this episode, host Troy Fine and producer Elliot Volkman welcome guest Kevin Kriebel, VP of Business Development at Drata. The conversation focuses on the challenges and intricacies of maintaining auditor independence and integrity in the compliance automation landscape. Key topics include the impact of bundling and price fixing on audit quality, the need for improved TPRM functionality, and the role of enterprises in ensuring higher standards. The discussion also addresses the importance of education and transparency in mitigating the risks associated with low-quality audits and driving market changes.


    01:04 Introductions and Ground Rules

    02:23 Discussing Auditor Independence

    04:30 Challenges in the Audit Industry

    06:19 Vendor Relationships and Audit Integrity

    10:14 Education Gap in Compliance

    23:58 Industry Price Fixing Concerns

    27:30 Discussing Audit Automation and Vendor Practices

    28:19 The Problem with Bundling Services

    29:02 Challenges in Vendor Accountability

    30:34 The Role of TPRM and AI in Compliance

    33:29 The Importance of Education in Compliance

    38:24 Market Dynamics and Compliance Requirements


    Hosted on Acast. See acast.com/privacy for more information.

  • In the pilot episode of GRC Uncensored, hosts Troy Fine and Elliot Volkman introduce the podcast aimed at having unfiltered discussions about Governance, Risk, and Compliance (GRC). This episode was recorded before any interviews and offers some retrospectives of what became reality or not. They detail their professional backgrounds, especially highlighting Troy's unexpected journey into auditing and meme culture on LinkedIn. The hosts share the focus of future episodes (which have already been published), including the commoditization of compliance and the quality of audits, while emphasizing the importance of honest and authentic conversations in the GRC field. They also discuss the potential for disagreement among industry professionals and encourage audience engagement and feedback.


    00:00 Introduction to GRC Uncensored

    00:42 Meet the Hosts: Troy Fine and Elliot Volkman

    01:34 Troy's Journey into Auditing and Memes

    03:10 The Role of CPAs in Cybersecurity

    05:29 The Purpose of GRC Uncensored

    07:08 Pilot Season and Episode Preview

    09:51 Commoditization of Compliance

    19:02 Quality of Audits and Future Topics

    21:45 Conclusion and Call for Feedback


    Hosted on Acast. See acast.com/privacy for more information.

  • Manglende episoder?

    Klik her for at forny feed.

  • In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman, continue their pursuit of trying to understand what is explicitly holding the GRC world back. Joined by ISO expert David Foreman, the discussion tackles the roles of auditors, tech vendors, and market forces in shaping audit quality.


    They explore the significance of audit integrity, the staying power of governance programs, and the varying expectations of companies undergoing audits. Amidst an insightful dialogue, the hosts debate the future of automated compliance tools, check-the-box audits, and the elusive definition of audit quality. Ultimately, the episode underscores the issue's complexity, emphasizing that it's not just about the vendors or auditors but also market demands and expectations.


    00:00 Introduction to GRC uncensored

    00:42 Meet the hosts: Troy and Kendra

    01:05 Controversies and LinkedIn debates

    01:37 International expansion and podcast updates

    02:28 Commoditization of compliance 03:07 Introduction to Dave and his expertise

    04:43 The role of vendors in compliance

    07:49 Audit quality and market dynamics

    09:49 The importance of audit integrity

    13:11 Defining audit quality

    20:26 Market expectations and audit quality

    23:48 Staying power in compliance programs

    28:00 High-quality vs. low-quality audit firms

    28:59 Top qualities of a good auditor

    29:19 Importance of knowledge in auditing

    31:06 Compliance automation tools

    32:26 Challenges in finding quality auditors

    34:30 The reality of check-box audits

    35:34 Accreditation and certification nuances

    42:12 The future of auditing and trust centers

    43:42 Closing remarks and shameless plugs

    47:05 Final thoughts and tagline


    Hosted on Acast. See acast.com/privacy for more information.

  • GRC Uncensored is back, and your hosts Troy Fine and Elliot Volkman are joined by Martin Cozzi, CEO of Pima, to discuss when, if at all, it makes sense to invest in a GRC tool to support a company's compliance efforts.


    The discussion spans the necessity and use of various compliance tools, the challenges of scaling compliance, and the importance of having well-defined processes and dedicated personnel. They highlight the actual costs and benefits of compliance, questioning superficial practices and emphasizing the need for personalized solutions. The episode also addresses misconceptions and executive decisions crucial for maintaining compliance, offering comprehensive insights into modern GRC strategies and the evolving role of tools in achieving SOC 2 compliance.


    00:00 Introduction to GRC Uncensored

    00:22 Meet the Hosts and Guest Introduction

    00:38 The Need for GRC Tools

    02:52 Legacy vs. Modern GRC Tools

    05:26 Challenges with GRC Tools

    12:12 When to Choose GRC Tools

    12:49 The Role of Processes in GRC

    20:49 GRC Tools for Startups

    23:20 The Cost of Compliance

    24:43 The Role of Auditors

    26:47 Touchless Audits: Pros and Cons

    28:19 The Value of SOC 2 Reports

    30:50 Choosing the Right Compliance Tools

    32:31 The Future of Compliance Tools

    40:46 Final Thoughts and Reflections


    Hosted on Acast. See acast.com/privacy for more information.

  • In the first episode of 'GRC Uncensored,' hosts Troy Fine, dubbed the 'GRC Meme King,' and Elliot Volkman, alongside guest Kendra Cooley dive into the complexities of Governance, Risk, and Compliance (GRC) in cybersecurity. The discussion unravels the 'love-hate' relationship many security professionals have with compliance frameworks like SOC 2, exploring how they have become commoditized and possibly devalued over time.


    The conversation touches upon the challenges security practitioners face in conveying the true value of GRC to businesses, the potential pitfalls of 'SOC in a box' offerings, and the broader implications of compliance becoming a 'check the box' exercise. Moreover, the episode delves into the broader regulatory landscape and the ongoing debates about the role of government regulations in cybersecurity compliance. This candid dialogue sets the stage for future episodes that promise further to dissect the nuances of cybersecurity audits and standards.


    00:00 Welcome to GRC Uncensored

    01:34 Introducing Kendra Cooley

    02:05 Love-Hate Relationship with GRC

    03:16 The SOC 2 Debate

    04:33 Challenges with SOC 2 Audits

    09:10 The Value of SOC 2 in the Industry

    12:04 The Evolution of Compliance Frameworks

    20:39 False Sense of Security in Compliance

    24:46 The Buzz Around AI and Quantum

    25:10 Staying Updated as a Security Professional

    26:45 Challenges in Penetration Testing and Vendor Assessments

    27:37 Compliance and Its Impact on Security

    30:10 Government Regulations and Their Effectiveness

    32:23 The Complexity of Privacy Laws

    38:29 The Role of GRC Teams in Risk Management

    42:30 Concluding Thoughts and Future Episodes


    Hosted on Acast. See acast.com/privacy for more information.

  • GRC Uncensored is an experimental podcast designed to elevate real conversations with GRC professionals, auditors, regulators, and those building programs around it. Your hosts are Troy Fine and Elliot Volkman.

    Hosted on Acast. See acast.com/privacy for more information.