GRC Uncensored – Details, episodes & analysis

In the pilot episode of GRC Uncensored, hosts Troy Fine and Elliot Volkman introduce the podcast aimed at having unfiltered discussions about Governance, Risk, and Compliance (GRC). This episode was recorded before any interviews and offers some retrospectives of what became reality or not. They detail their professional backgrounds, especially highlighting Troy's unexpected journey into auditing and meme culture on LinkedIn. The hosts share the focus of future episodes (which have already been published), including the commoditization of compliance and the quality of audits, while emphasizing the importance of honest and authentic conversations in the GRC field. They also discuss the potential for disagreement among industry professionals and encourage audience engagement and feedback.

00:00 Introduction to GRC Uncensored

00:42 Meet the Hosts: Troy Fine and Elliot Volkman

01:34 Troy's Journey into Auditing and Memes

03:10 The Role of CPAs in Cybersecurity

05:29 The Purpose of GRC Uncensored

07:08 Pilot Season and Episode Preview

09:51 Commoditization of Compliance

19:02 Quality of Audits and Future Topics

21:45 Conclusion and Call for Feedback

Hosted on Acast. See acast.com/privacy for more information.

In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman, continue their pursuit of trying to understand what is explicitly holding the GRC world back. Joined by ISO expert David Foreman, the discussion tackles the roles of auditors, tech vendors, and market forces in shaping audit quality.

They explore the significance of audit integrity, the staying power of governance programs, and the varying expectations of companies undergoing audits. Amidst an insightful dialogue, the hosts debate the future of automated compliance tools, check-the-box audits, and the elusive definition of audit quality. Ultimately, the episode underscores the issue's complexity, emphasizing that it's not just about the vendors or auditors but also market demands and expectations.

00:00 Introduction to GRC uncensored

00:42 Meet the hosts: Troy and Kendra

01:05 Controversies and LinkedIn debates

01:37 International expansion and podcast updates

02:28 Commoditization of compliance 03:07 Introduction to Dave and his expertise

04:43 The role of vendors in compliance

07:49 Audit quality and market dynamics

09:49 The importance of audit integrity

13:11 Defining audit quality

20:26 Market expectations and audit quality

23:48 Staying power in compliance programs

28:00 High-quality vs. low-quality audit firms

28:59 Top qualities of a good auditor

29:19 Importance of knowledge in auditing

31:06 Compliance automation tools

32:26 Challenges in finding quality auditors

34:30 The reality of check-box audits

35:34 Accreditation and certification nuances

42:12 The future of auditing and trust centers

43:42 Closing remarks and shameless plugs

47:05 Final thoughts and tagline

Hosted on Acast. See acast.com/privacy for more information.

GRC Uncensored is back, and your hosts Troy Fine and Elliot Volkman are joined by Martin Cozzi, CEO of Pima, to discuss when, if at all, it makes sense to invest in a GRC tool to support a company's compliance efforts.

The discussion spans the necessity and use of various compliance tools, the challenges of scaling compliance, and the importance of having well-defined processes and dedicated personnel. They highlight the actual costs and benefits of compliance, questioning superficial practices and emphasizing the need for personalized solutions. The episode also addresses misconceptions and executive decisions crucial for maintaining compliance, offering comprehensive insights into modern GRC strategies and the evolving role of tools in achieving SOC 2 compliance.

00:00 Introduction to GRC Uncensored

00:22 Meet the Hosts and Guest Introduction

00:38 The Need for GRC Tools

02:52 Legacy vs. Modern GRC Tools

05:26 Challenges with GRC Tools

12:12 When to Choose GRC Tools

12:49 The Role of Processes in GRC

20:49 GRC Tools for Startups

23:20 The Cost of Compliance

24:43 The Role of Auditors

26:47 Touchless Audits: Pros and Cons

28:19 The Value of SOC 2 Reports

30:50 Choosing the Right Compliance Tools

32:31 The Future of Compliance Tools

40:46 Final Thoughts and Reflections

Hosted on Acast. See acast.com/privacy for more information.

In the first episode of 'GRC Uncensored,' hosts Troy Fine, dubbed the 'GRC Meme King,' and Elliot Volkman, alongside guest Kendra Cooley dive into the complexities of Governance, Risk, and Compliance (GRC) in cybersecurity. The discussion unravels the 'love-hate' relationship many security professionals have with compliance frameworks like SOC 2, exploring how they have become commoditized and possibly devalued over time.

The conversation touches upon the challenges security practitioners face in conveying the true value of GRC to businesses, the potential pitfalls of 'SOC in a box' offerings, and the broader implications of compliance becoming a 'check the box' exercise. Moreover, the episode delves into the broader regulatory landscape and the ongoing debates about the role of government regulations in cybersecurity compliance. This candid dialogue sets the stage for future episodes that promise further to dissect the nuances of cybersecurity audits and standards.

00:00 Welcome to GRC Uncensored

01:34 Introducing Kendra Cooley

02:05 Love-Hate Relationship with GRC

03:16 The SOC 2 Debate

04:33 Challenges with SOC 2 Audits

09:10 The Value of SOC 2 in the Industry

12:04 The Evolution of Compliance Frameworks

20:39 False Sense of Security in Compliance

24:46 The Buzz Around AI and Quantum

25:10 Staying Updated as a Security Professional

26:45 Challenges in Penetration Testing and Vendor Assessments

27:37 Compliance and Its Impact on Security

30:10 Government Regulations and Their Effectiveness

32:23 The Complexity of Privacy Laws

38:29 The Role of GRC Teams in Risk Management

42:30 Concluding Thoughts and Future Episodes

Hosted on Acast. See acast.com/privacy for more information.

Hosted on Acast. See acast.com/privacy for more information.

In this episode, host Troy Fine and producer Elliot Volkman welcome guest Kevin Kriebel, VP of Business Development at Drata. The conversation focuses on the challenges and intricacies of maintaining auditor independence and integrity in the compliance automation landscape. Key topics include the impact of bundling and price fixing on audit quality, the need for improved TPRM functionality, and the role of enterprises in ensuring higher standards. The discussion also addresses the importance of education and transparency in mitigating the risks associated with low-quality audits and driving market changes.

01:04 Introductions and Ground Rules

02:23 Discussing Auditor Independence

04:30 Challenges in the Audit Industry

06:19 Vendor Relationships and Audit Integrity

10:14 Education Gap in Compliance

23:58 Industry Price Fixing Concerns

27:30 Discussing Audit Automation and Vendor Practices

28:19 The Problem with Bundling Services

29:02 Challenges in Vendor Accountability

30:34 The Role of TPRM and AI in Compliance

33:29 The Importance of Education in Compliance

38:24 Market Dynamics and Compliance Requirements

Hosted on Acast. See acast.com/privacy for more information.

In this episode of GRC Uncensored, hosts Troy Fine, Kendra Cooley, and producer Elliot Volkman dive into an unfiltered discussion with Joseph Kirkpatrick, founder and president of KirkpatrickPrice. The focus is on the implications of private equity and compliance automation tools in GRC.

Joseph shares his insights on how the influx of private equity funding and the rise of 'SOC in a box' platforms have transformed the GRC landscape, often negatively impacting audit quality and independence. Key topics include the challenge of maintaining ethics in auditing, the adverse effects of aggressive marketing by compliance tools, and the importance of conducting thorough, unbiased audits. The conversation also touches on the difficulty audit firms face when pressured to lower costs or cut corners to retain business.

01:21 The Impact of SOC 2 Platforms

02:51 Private Equity's Influence on the Industry

03:04 Challenges Faced by Licensed Practitioners

04:32 Marketing Dollars and Industry Perception

06:06 The Role of Compliance Tools

10:51 Conflicts of Interest in Auditing

21:08 The Reality of Zero-Touch Audits

24:46 Trusting Compliance Platforms

33:44 Challenging the Status Quo in Auditing

34:27 Targeting the Right Market

35:09 The Role of Audit and Customer Expectations

35:44 Critique of AICPA and Cybersecurity Education

36:55 Practitioners' Responsibility in Auditing

39:13 The Problem with Automation Tools

43:30 Shady Business Practices in Auditing

47:29 Ethics and Integrity in Auditing

50:34 The Importance of Thorough Audits

Hosted on Acast. See acast.com/privacy for more information.

The latest episode of GRC Uncensored dove deep into the magical world of AI governance, specifically on ISO 42001. This week, our guests are Chris Honda, Whistic’s Manager of Security, Risk, and Compliance; and Jonathan LeBaron, MasterControl Senior GRC Engineer with the golden voice. Our due shared their firsthand experiences navigating compliance, business adoption, and the broader implications of AI risk management.

• ISO 42001 is becoming essential for companies adopting AI, not just for compliance but to build customer trust.
• AI risk assessments are more complex than traditional security frameworks, requiring new approaches to impact analysis.
• Shadow IT and vendor AI features introduce unexpected risks—companies must proactively monitor and review new AI functionalities.
• AI governance isn’t just about compliance; it’s about trust. Businesses that prioritize transparency and ethical AI use will have a competitive edge. Also, AI may or may not be making us dumber.

02:23 Discussing AI in GRC and ISO 42001

02:56 ChatGPT and AI Experiences

08:07 Implementing ISO 42001: Challenges and Insights

19:20 Third-Party Risk Management and AI

26:43 Scope and Complexity of AI in Software Products

27:57 Challenges in High-Risk AI Applications

29:43 Regulatory Landscape and AI

32:02 Driving Forces Behind ISO Certification

38:53 AI Risks and Business Understanding

43:56 Ethical and Societal Impacts of AI

Hosted on Acast. See acast.com/privacy for more information.

On a recent episode of GRC Uncensored, host Troy Fine and producer Elliot Volkman were joined by guest Stanley Krochik, a now seasoned GRC professional and former city security program manager, to discuss the realities of third-party risk Management (TPRM). The conversation focused on the growing issue of low-quality audits, the challenge of assessing vendor security postures, and the dilemma risk managers face when reviewing third-party documentation.

04:43 The Importance of Third Party Risk Management

05:45 Challenges with Low Quality Audits

07:45 Evaluating SOC 2 Reports

12:55 Issues with Sales-Focused GRC Tools

14:44 The Need for Better Compliance Programs

27:50 High-Risk Vendor Architecture Review

29:07 SOC 2 Reports and Vendor Risk Management

31:50 Challenges with SOC 2 and Auditor Quality

36:49 Financial Impact of Data Breaches

38:10 Differences in Security Between Old and New Systems

47:43 Proactive vs. Reactive Security Measures

Hosted on Acast. See acast.com/privacy for more information.

In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman chat with Rob Wood, founder and CEO of Sidekick Security, to explore the relationship between compliance and security. They dig into topics such as the limitations of compliance as a security measure, the role of compliance tools and platforms, and the importance of effective communication and leadership in fostering robust security programs. Various perspectives on compliance as a foundational element for security, contrasting viewpoints on automation tools, and the impact of breaches highlight the intricate balance between meeting compliance requirements and achieving genuine security improvements.

05:38 Compliance vs. Security: A Deeper Dive

11:26 The Role of Compliance in Building Security

25:19 The Impact of Breaches on Security Practices

32:35 Balancing Security Spending and Compliance

34:08 Risk Reduction and Customer Trust

38:03 Quantifying Risk and Compliance

47:09 Compliance Tools and Automation

51:00 High Trust Certification and Breach Impact

Hosted on Acast. See acast.com/privacy for more information.