Governance, Risk, & Compliance…so What? – Part 2 – Allan Alford – SCW #94



Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it’s all risk-based or should be RGC not GRC; legal and privacy issues/focus – and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don’t handle the people/process part very well. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Governance, Risk, & Compliance…so What? – Part 2

Guests

Allan Alford

Allan Alford – CISO/CTO @ TrustMAPP at TrustMAPP

@AllanAlfordinTX

With 20+ years in information security, Allan Alford has served as CISO four times in three industries. Alford parlayed an IT career into a product security career and then ultimately fused the two disciplines. Allan has worked in companies from 5 employees to 50,000 and executes a risk-based approach to security, as well as compliance with NIST CSF, CIS CSC 20, GDPR, ISO 27001, DFARS and others.

Hosts

Fredrick

Fredrick “Flee” Lee – CSO at Gusto

@fredrickl

Fredrick “Flee” Lee is the Chief Security Officer at Gusto, where he leads information and physical security strategies including consumer protection, compliance, governance and risk. Before Gusto, Lee spent more than 15 years leading global information security and privacy efforts at large financial services companies and technology startups, most recently as Square’s Head of Information Security. He previously held senior security and privacy roles at Bank of America, NetSuite and Twilio. Lee was born and raised in Mississippi and holds a bachelor’s degree in computer engineering from the University of Oklahoma.

Jeff Man

Jeff Man – #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

@MrJeffMan

Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.

Kat Valentine

Kat Valentine – Compliance Free Agent (Consultant) at Osmosis Security

Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess at ChaudhryLaw PLLC

@Chaudhrylaw

Criminal Defense Trial Lawyer

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista! Keynotes from Alyssa Miller, John Strand, Lesley Carhart, Dave Kennedy, & Maril Vernon! Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!