Created with Sketch.
GRC & Me
18 minutes | 5 months ago
Is GRC a Subset of Cybersecurity?
After nearly two decades in tech, including stints at the Big Four security firms, Scott Jordan is on his 148th governance, risk, and compliance (GRC) implementation. Now the principal and partner at Agile GRC Solutions, Scott puts it simply on this episode of GRC & Me: “I’ve seen a few things in the market.” Specifically, he’s watched as companies large and small have become more vulnerable to ransomware and other types of cyberattacks. While assessing the damage, he’s spotted a few common mistakes, which he calls “security landmines.” GRC tools like LogicGate are powerful and necessary, but they work best when the humans wielding them are doing their due diligence. That’s where Scott and his experience come in. That is if he can resist the tempting job offer from his eight-year-old daughter...
16 minutes | 5 months ago
Adapt to Change with Flexible Data Models
Legacy technology’s grasp on GRC processes is slowly loosening. As LogicGate’s Director of Customer Success Szuyin Leow explains, it appears the future is here, thanks to flexible data models. A former cybersecurity consultant, Szuyin now helps LogicGate’s customers leverage the flexible data model that powers the risk cloud platform the company is recognized for. Adaptability is key across any industry, and that’s what this model specializes in, even in a climate with many unknowns. In this episode of GRC & Me with host Megan Phee, Szuyin explains that compared to rigid data models, flexible ones let organizations “slot things in where they're needed” when external changes force a shift within data structures and new requirements must be implemented. Still, the grass isn’t always greener. Too much design and customization can pose an obstacle for organizations building out their data structures, but Szuyin and her team encourage them to follow LogicGate’s best practices. Can you guess how flexible data models benefit industries outside of GRC? That’s what the LogicGate Risk Cloud IRL competition will reveal.
16 minutes | 6 months ago
Return to Work with Confidence (and avoid GRC Pitfalls)
When the effects of COVID-19 began to tear across industries, GRC Technology Manager Priyam Shah didn’t hesitate to pivot PwC’s services to support their customers. Because PwC resolves complex GRC issues across various industries, Priyam says its collaboration with LogicGate was natural to support the facilitation of the “return to work” program PwC created as a part of its pandemic response. In this episode of GRC & Me with host Megan Phee, Priyam discusses how the PwC x LogicGate Risk Cloud™️ relationship helped organizations bring their workforce back to the office by providing the necessary controls and processes. She also shares thoughts about what to consider as you discover the right tools and solutions for your programs as well as rising trends in the GRC landscape. Then Megan and Priyam discuss common pitfalls faced by companies along with different points of the GRC journey. When it comes to your governance structure, what do you think is preventing you from seeing the value you need? (Hint: Enabling all your programs at once!)
16 minutes | 6 months ago
A Conversation on Risk Language
Asureti co-founder and Practice Director, Melissa Ryan, has been fascinated with language for as long as she can remember — and she has the spelling bee record to prove it. Since she’s worked with people across business operations, the multi-faceted data protection expert has seen firsthand how a common language can bridge gaps between departments, allowing for truly valuable and meaningful conversations. That technical jargon flying across your teams? It actually pulls your organization further apart. Melissa uses a risk rating matrix, for example, to better facilitate communications with clients. These tools — or points of reference like taxonomies — contribute immeasurable value when they are defined through a shared language and then used across the business. “We find that leaders who are leveraging these common definitions, these standard rating, and translation tools, and incorporating them into a GRC technology are truly finding enhanced value,” explains Melissa. Here’s the key: Make sure the underlying structure, calculations, and design of the common language of your tools and technology are consistent. Ready to learn how to connect the dots between the teams in your risk organization?
13 minutes | 7 months ago
Agility 2020 Highlights
In the age of COVID-19, virtual conferences reign supreme — without the handshaking, warm hugs and mingling breaks, are they as compelling and worthwhile to attend? When the content is as relevant and valuable as it was at Agility 2020, LogicGate’s first-ever virtual user conference, the answer is an easy yes. Couldn’t make it? Tune in to this special episode of GRC & Me with host Megan Phee for highlights from the engaging conference that featured a line-up of notable hosts, including LogicGate’s all-star leadership team: CEO Matt Kunkel, VP of Product Management Mark Tattersall and CFO Kevin Jacobson. Through riveting presentations, the leaders addressed the current state of the GRC space, where it’s going and how the LogicGate Risk Cloud™ can build a new path forward. Listen as Matt discusses the importance of enterprise risk management in the emergence of the risk cloud, as Mark explains how vital customer feedback is during product development, and as Kevin shares his journey with the risk cloud to more effective vendor management. While next year’s plans develop, ponder this: What do you want to learn at LogicGate’s 2021 user conference to sufficiently strengthen your organization’s risk protocols in an evolving and post-pandemic environment?
19 minutes | 8 months ago
Transformative Risk Management
David Ponder, a partner at Cential, has used COVID-19 to teach his five-year-old daughter about the interconnectedness of the world: “To change the world, you've got to start with yourself first and your closest circle second,” he advises. This lesson parallels the interconnectivity of risk management ecosystems — organizations should never stop reevaluating the principles that determine their actions. Why? Because risk management is no longer done by standalone entities. Like herd immunity, transformative risk management introduces the idea that if one organization in the risk ecosystem is weak (or strong!), everyone else is, too. One band; one sound. Enter Jannie Wentzel, a partner and principal consultant at Cential, who authored a whitepaper about the emerging tools and technologies that are transforming risk management today. Together, Jannie and David assert that transformative risk management’s emphasis on data will provide leaders the confidence to base critical decisions and drive valuable business solutions for each participant in a risk ecosystem. With host Megan Phee, these GRC experts posture that risk leaders will soon shift their understanding of compliance-focused risk management and GRC as a whole. Could this be the Next Big Thing of risk?
16 minutes | 8 months ago
What is The Risk Cloud™?
What do you get when you cross innovation and pioneering? CEO Matt Kunkel and Chief Product Officer Jon Siegler — AKA two of the three founders of LogicGate. Historically, the old-school GRC software space aimed to operationalize regulatory risk and compliance and security programs in two ways: 1) Using technology platforms with rigid data models and 2) Using point solutions — that don’t integrate well with other applications — to solve specific use cases, third-party risk and more. In Matt and Jon’s opinion, that’s why The Risk Cloud™ represents a departure from what we know about GRC. In this episode of GRC & Me, tune in to hear how these visionaries have disrupted the GRC industry with The LogicGate Risk Cloud, a platform that presents a solution and has the flexibility to reimagine what risk is entirely. With host Megan Phee, they discuss The Risk Cloud’s extensibility at length, especially what it enables companies (and risk managers!) to do. After listening, ask yourself this: How can The LogicGate Risk Cloud enable effective risk operation for you?
16 minutes | 9 months ago
How LogicGate Uses The LogicGate Risk Cloud
A simple question — “why?” — jumpstarted Heath Anderson’s journey with governance, risk and compliance (GRC). Today, he’s LogicGate’s Information Security Manager. Before that, he worked with development teams in the United States Air Force designing tests to ensure compliance, and the rest is security — err, history. For his first-ever podcast appearance, Heath joined an episode of GRC & Me to discuss how The LogicGate Risk Cloud adds value to the company as well as how he uses it to push security frameworks forward. The LogicGate Risk Cloud is essential for Heath, and not just because he was able to adjust his program to accommodate society’s new normal — it automates Control Management activities and even revealed how he and his team could improve their third party risk management return on investment (ROI) metrics. Plus, can you guess the neat hobby that gets his creative juices flowing?
17 minutes | 9 months ago
Cyber Risk as a Business Risk
In the Season 2 premiere of GRC & Me, Megan is talking to John Mumford, Chief Risk Officer at Fellsway Group, a Boston-based consulting firm. Listen in as John discusses why GRC professionals today are hungry for a new way of thinking about risk compliance, how to tackle cyber risk as a business risk, and his passion for risk-taking - not just in business but on the ice rink, too.
24 minutes | a year ago
How Does a Risk Management Company Handle the COVID-19 Pandemic?
In this special episode of GRC & Me, Megan sits down with LogicGate CEO Matt Kunkel and CMO Gina Hortatsos to discuss how a risk management company is handling the COVID-19 pandemic. Matt and Gina walk us through their reactions when the news broke about the pandemic, the free Business Continuity Plan offer for LogicGate customers, and the challenges of leading a company during the statewide shelter-in-place order.
12 minutes | a year ago
Emily Heath | The GRC World Needs An Overhaul
Top 3 Quotes“Trust really is ‘security, compliance, and privacy’—it's the three-legged stool.”“The ‘compliance’ is a byproduct [of risk], ‘governance’ is the way you operate, but how you truly define ‘risk’ is where the focus is.”“Sensitive data being pushed around an organization through e-mails and spreadsheets—that kind of model is not sustainable.”Show Highlights[01:43] From a detective in England to Chief Trust & Security Officer at DocuSign[03:17] Duties and responsibilities of a Chief Trust Officer[04:26] Evolution of GRC[05:26] Exciting trends in GRC[06:42] “Duct tape and bubble gum” concept is alarming[07:30] What compelled Emily to join LogicGate’s Board of Directors?[08:57] Advice for women in tech who are seeking leadership roles[11:15] A little birdy told us...Resources:Connect with Emily on LinkedInConnect with Emily on TwitterDocuSign
10 minutes | a year ago
Karry Kleeman | The Value of SaaS in GRC
Top 3 QuotesThere's a number of players providing solutions, but only a small number of true winners that will emerge to set this new standard for usability and effectiveness combined with affordability.Risk and compliance needs change so fast that the technology has to be flexible enough to keep up.The market is wide open for a company to set the pace for the rest of the pack and for the industry.Show Highlights[01:26] Karry's humble start[03:44] What lead Karry to the GRC space[04:50] The emergence of SaaS as a business model and how Karry got involved with it[06:18] Why GRC is a perfect fit for SaaS delivery model[07:34] What is exciting about GRC today?[08:33] Where else the market is going in the future?[09:27] Karry's one element that instills positive cultureResources:Connect with Karry on LinkedInConnect with Karry on TwitterKarry’s LogicGate Profile
17 minutes | a year ago
Jack Tanselle | Pursuing Sustainable and Continually Improving Programs
Top 3 QuotesRisk assessment is not the same thing as conducting an assessment of your compliance program.The risk assessment is not designed to be an audit of every activity your company is doing; it’s designed to scan across the breadth of what your company is doingThe skill-set needs are changing.Show Highlights[01:41] Jack shares what led him to risk and compliance as a career path.[03:51] How Jack crossed paths with LogicGate founders.[04:34] Jack explains what is RAMP and how it benefits clients today.[06:19] How companies can adopt continuous improvement within their compliance programs according to Jack.[08:58] Some more examples of what you can do for continuous improvement.[10:13] How things are changing in the near, medium and long term future in the risk and compliance world.[13:24] The processes clients and companies have taken to ensure success and enabled them to move forward.[15:00] A brief origin of Jack's other talent.Resources:Connect with Jack on LinkedInConnect with Jack on TwitterConnect with Deloitte on LinkedInDeloitte USDeloitte UKNavigant ConsultingHuron ConsultingKPMGLogicGateMatt Kunkel LinkedIn
14 minutes | a year ago
Dominic Vogel | The Journey of Cyber Security
Top 3 Quotes“I'm a firm believer that cyber security is very much a journey.”“Do the basics and do them well—that's a strong foundation.”“Doing security from a sustainable point of view is trying to develop the right people, the right processes and technologies, which would allow for cyber resilience against whatever the threat landscape might be.”Show Highlights[01:12] How Dominic got into his current position[02:35] The answer to Megan's million dollar question[03:16] Dominic shares his favorite story[04:32] How small businesses can develop cyber security while staying in budget[05:34] Megan agrees that CIS control set is a great tactical and practical way to begin[06:14] Differentiating cyber security from corporate and enterprise needs[08:18] Security issues in Canada and how it differs from anywhere else in the world[09:30] What keeps Dominic up at night[10:52] What is sustainable security and how to attain it[12:18] Dominic tells how he got into comedyResources:Cyber SCConnect with Dominic on LinkedInConnect with Dominic on TwitterCyber SC FacebookCyber SC TwitterCyber SC YouTube Channel
27 minutes | a year ago
Rafael Moscatel | The Blessing of CCPA
Top 3 Quotes“The more that you can show your customers that you're being a good steward with their data, the more they're likely to trust you. And from a reputational standpoint and a branding standpoint, that's always one of the best benefits and one of the reasons that consumers will choose one product or service over the other.”“And I think if you look carefully, the CCPA is quite a blessing. It helps reduce expenses and monetize the information life cycle because you have a better understanding of what's under the hood in your company.”“...you know there's not one silver bullet when it comes to preparing data for an information governance strategy, IG is essentially a multidisciplinary type of approach.”Show Highlights[01:28] Rafael’s background in law and consulting[02:35] Discussing Rafel’s company and beginnings[04:36] The “Olympics of Privacy” [05:59] A watershed moment in Compliance and Privacy[08:05] Rafael’s personal connection to records in California [09:05] The incredible moment Rafael received his birth records[12:00] The “blessing” of CCPA[14:11] Rafael’s personal opinion of CCPA[16:19] Best practices for privacy and policy management[19:30] Policy management systems[21:04] How to read more about Rafael’s thoughts on these issues[22:58] The Little Girl With The Big Voice[24:03] Vendor Risk Management [25:00] Being mindful of what’s outside your company walls as well as what’s within themResources:Connect with Rafael on LinkedInConnect with Rafael on TwitterRafael’s WebsiteThe Little Girl With the Big Voice
20 minutes | a year ago
Bryan Graf | Cybersecurity as a Positive Business Driver
Top 3 Quotes“Ultimately, you wouldn't go through any of these assessments unless it's driving business.”“You don't want to be more secure just so you can be more secure, it's got to be a part of your overall business plan.”“You have to start looking at this as a positive business driver instead of something that is just a line item that costs money at the end of the year.”Show Highlights[01:15] How Bryan got to where he is now[01:54] SAS 70 Solutions was born[03:18] Bryan starts with Abacode[04:21] The trend Bryan is witnessing in cybersecurity[05:28] How companies determine what to apply[07:01] What is FedRAMP?[08:31] The FedRAMP process[10:36] What to do internally before seeking outside counsel[12:39] Bryan's value for customers in the market today[15:41] GRC best practices and cybersecurity trends[17:54] A different type of security that Bryan provides!Resources:Connect with Bryan on LinkedInAbacode Cybersecurity WebsiteAbacode Cybersecurity LinkedInAbacode Cybersecurity TwitterAbacode Cybersecurity FacebookTampa Bay Dalmatian Rescue
26 minutes | a year ago
Donata Kalnenaite | What To Know About CCPA
Top 3 TakeawaysTransparency is very important to consumers right now. You want to make sure that you're clear about what's happening to personal information.Have a full and complete understanding of who you share information with.You don't want to be held liable for a vendor who misused data.Show Highlights[00:50] Sharing Donata’s background[02:12] The nitty-gritty of regulations[03:30] The CCPA Bill exodus[05:49] Who does the CCPA Bill apply to?[06:50] How does the CCPA affect consumers today?[07:45] The fundamental differences between CCPA and GDPR[10:40] CCPA penalty provisions[11:52] Top three tactical tips to ensure compliance[15:34] Will there be swifter actions for non-compliant companies?[17:29] CCPA as a bellwether for future regulations.[19:24] Trends to anticipate[22:32] How Donata and Termageddon works with folks[24:05] Termageddon's origin and the impetus behindResources:TermageddonConnect with Termageddon on TwitterConnect with Termageddon on FacebookConnect with Donata on LinkedInUS Federal Privacy Law TrackerGDPRCCPA
14 minutes | 2 years ago
Neil Watkins | The Concept of Defensibility
Top 3 Takeaways Defensibility is the ultimate concept that everybody drives to—whether they say it out loud or not. In the security landscape we see today, there are many opportunities for improvement. Even when I employ all of my resources, even when I put my best foot forward out there, failures can occur in my ability to protect data. Show Highlights [00:47] Neil introduces Asureti. [01:23] What is SRCP? [02:45] Do organizations have solid strategy around GRC principles today? [04:50] The functions that need to be in place. [07:36] The concept of "Good enough can be the cool." [09:30] What should organizations be thinking about in terms of preparedness or potential consequences? [11:09] The cliche of "Nothing bad has ever happened before.'' [12:54] Neil's encouragement to everyone. Resources: Asureti Website Connect with Neil on LinkedIn
2 minutes | 2 years ago
Introducing Megan Phee
Show Highlights: [00:22] A new taste of the podcast [00:26] Meet your new host [00:55] What to expect moving forward Resources: Connect with Megan on LinkedIn Connect with Megan on Twitter Connect with Megan on LogicGate
35 minutes | 2 years ago
Alexei Sidorenko | The Most Controversial Risk Thought Leader
Top 3 Quotes Risk Management is not really a profession. It's a competency that should be part of most degrees, if not all the degrees, at universities. Most organizations have been disillusioned with the astrology version of risk management. Sometimes, even a little quantification improves the quality of decision-making significantly. Show Highlights [01:17] Alex shares what the Risk Academy provides [03:02] How Alex got into risk [05:13] Alex's "controversial" blog [08:04] Methodologies, strategies, importance [13:52] What forces Alex to be controversial [16:16] Brilliant idea of dumbing it down [17:42] Approaching risk quantification [20:37] The real question is, how complex can we go? [23:29] How and when organizations should approach quantification [26:00] An unrealistic fairytale based on averages [29:03] Cultural difference in risk management approach [30:00] Alex's predictions in the coming years [34:17] Final nuggets of wisdom Resources: RISK-ACADEMY Connect with Alex on LinkedIn Connect with Alex on Twitter Prospect Theory: An Analysis of Decision Under Risk by Daniel Kahneman and Amos Tversky Judgment under Uncertainty: Heuristics and Biases by Daniel Kahneman and Amos Tversky Foundations of Behavioral and Experimental Economics by Daniel Kahneman and Vernon Smith How to Measure Anything: Finding the Value of ‘Intangibles’ in Business Probability Management Conference Monte Carlo Simulation Moneyball The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertainty by Sam L. Savage
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2020