In this episode, I sit down with Owen Jones — founder of Loopli and creator of the OSbD™ (Organisational Security by Design) framework — to unpack why traditional InfoSec often fails to scale, and how to build security into your business without burning out your teams or your budget.

We talk about:

• What modular security looks like in practice — and why it reduces compliance overhead by up to 50%

• Why most GRC efforts overload the business (and how to reverse that dynamic)

• How to make cybersecurity a strategic asset for finance, ops, product, and procurement

• Why cyber insurance requirements are a ticking time bomb — unless InfoSec has a seat at the table

• How to operationalise security into workflows, not just policy docs

Owen doesn’t just talk frameworks — he’s built them into fast-growing startups and complex enterprises alike. If you’ve ever struggled to articulate InfoSec’s value to the business, or you’re stuck in audit purgatory, this one’s for you.