Compliance Is Not Security | A Conversation With Compliance Guru, AJ Yawn

Channel:
United States ITSPmagazine
Subscribers:
4,690
Published on ● Video Link: https://www.youtube.com/watch?v=z0AUSEdnds8


Duration: 44:40
5 views
0

In this episode of Tech Done Different, we hear from compliance expert AJ Yawn. Perhaps the most surprising takeaway from this dynamic chat with a guru in compliance? Security and compliance are not the same thing. Yet, done properly, compliance can be a powerful driver for security.

Listen in to learn:

-why compliance reports should get better over time (and why a "clean report" is neither realistic nor a good thing)
-why cursory, scan-based "penetration testing" (meaning, really vulnerability scanning) does a disservice in many cases
-how to get meaningful work done, in two steps: 1) meditate, and 2) the 90/90/1 Rule
-why to wake up early
-how technology will shape the future of compliance testing
-why auditors should be advisors, not box-checkers
-how to vet auditors, and why different auditors are appropriate for different projects (and they're not all the same!)
-why you don't want auditors who have framework knowledge, but rather technical knowledge
-why compliance is not security (but security could be compliance)
-how to think about change, reassessments, and doing them sooner
-why the power of following up is "where you catch things"

Guest
AJ Yawn, CEO, ByteChek (@AjYawn on Twitter)

Host
Ted Harrington

This Episode’s Sponsors

If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorships

For more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships

Learn more about Ted and his book at https://hackablebook.com



Other Videos By ITSPmagazine


2022-05-31Create Jobs People Want | A Conversation With Mark Geller
2022-05-31Gender Diversity Matters | A Conversation With Jacqui Loustau And Aby Swabey
2022-05-31The Art & Science Of Venture Capital | A Conversation With Wes Barton
2022-05-31Trust Your Gut | A Conversation With Arjun Rai
2022-05-31Simplify & Automate | A Conversation With Rich Schnitzel
2022-05-31Why Responsible Disclosure Programs Make You Better | A Conversation With Tom Kuzler
2022-05-31Be Brave Enough to Try | A Conversation With Josh Little
2022-05-31You Gotta Listen To What The Market Tells You | A Conversation With Dr Wanda Toro Turini
2022-05-30Solve Your Customer's Problem | A Conversation With Brian Requarth
2022-05-30Gratitude: The Tech Entrepreneur's Superpower | A Conversation With Marcus Bullock
2022-05-30Compliance Is Not Security | A Conversation With Compliance Guru, AJ Yawn
2022-05-30Power Of The Pivot | A Conversation With Las Vegas Headliner, Jeff Civillico
2022-05-30Building A Culture Of Security | A Conversation With Dr. Keri Pearlson
2022-05-30Doing The Right Thing Is Always The Right Thing | With Consumer Advocate Christopher Elliott
2022-05-30You're Compensated By How Much You Help People | A Conversation With Venture Capitalist Will Lin
2022-05-29The Key To Technology Is Relationships | A Conversation With Ben Stanbury
2022-05-29Money Flows When Security Is A Competitive Advantage | A Conversation With Peter Harris
2022-05-29Why You Should Learn Lessons From Unexpected Places: A Leadership Perspective... | With Ron Thurston
2022-05-29Radical Transparency | A Conversation With Andrew Smith | Tech Done Different With Ted Harrington
2022-05-29Trust, Gratitude, Mentorship & Other Lessons From A Spy Recruiter | A Conversation With Robin Dreeke
2022-05-29Pushing Through Failure and Other Lessons From Super Bowl Laser Shows | Guest: William Benner