Governance, Risk, & Compliance…so What? – Part 1 – Allan Alford – SCW #94

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it’s all risk-based or should be RGC not GRC; legal and privacy issues/focus – and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don’t handle the people/process part very well. Visit for all the latest episodes!

Full Episode Show Notes

Governance, Risk, & Compliance…so What? – Part 1


Allan Alford

Allan Alford – CISO/CTO @ TrustMAPP at TrustMAPP


With 20+ years in information security, Allan Alford has served as CISO four times in three industries. Alford parlayed an IT career into a product security career and then ultimately fused the two disciplines. Allan has worked in companies from 5 employees to 50,000 and executes a risk-based approach to security, as well as compliance with NIST CSF, CIS CSC 20, GDPR, ISO 27001, DFARS and others.



Fredrick “Flee” Lee – CSO at Gusto


Fredrick “Flee” Lee is the Chief Security Officer at Gusto, where he leads information and physical security strategies including consumer protection, compliance, governance and risk. Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square’s Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite and Twilio. Lee was born and raised in Mississippi and holds a bachelor’s degree in computer engineering from the University of Oklahoma.

Jeff Man

Jeff Man – #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems


Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Kat Valentine

Kat Valentine – Compliance Free Agent (Consultant) at Osmosis Security

Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess at ChaudhryLaw PLLC


Criminal Defense Trial Lawyer


  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Join us for our next live webcast on November 11th to learn the key insights and takeaways from the the 2021 OWASP top ten. Then join us December 2nd to see what’s under the XDR hood. Visit to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at