In this episode of Tech Done Different, we hear from compliance expert AJ Yawn. Perhaps the most surprising takeaway from this dynamic chat with a guru in compliance? Security and compliance are not the same thing. Yet, done properly, compliance can be a powerful driver for security. 

Listen in to learn:

• why compliance reports should get better over time (and why a "clean report" is neither realistic nor a good thing)
• why cursory, scan-based "penetration testing" (meaning, really vulnerability scanning) does a disservice in many cases
• how to get meaningful work done, in two steps: 1) meditate, and 2) the 90/90/1 Rule
• why to wake up early
• how technology will shape the future of compliance testing
• why auditors should be advisors, not box-checkers
• how to vet auditors, and why different auditors are appropriate for different projects (and they're not all the same!)
• why you don't want auditors who have framework knowledge, but rather technical knowledge
• why compliance is not security (but security could be compliance)
• how to think about change, reassessments, and doing them sooner
• why the power of following up is "where you catch things"

Guest
AJ Yawn, CEO, ByteChek (@AjYawn on Twitter)

Host
Ted Harrington

This Episode’s Sponsors

If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorships

For more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships

Learn more about Ted and his book at https://hackablebook.com