Sign up to save your podcasts
Or
Share Security Is a Human Problem, Not a Tool Problem ft Steven Asifo, Director of Security & GRC @ Yahoo
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Is a Human Problem, Not a Tool Problem ft Steven Asifo, Director of Security & GRC @ Yahoo
In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Steven Asifo, Director of Security & GRC at Yahoo, for one of the most refreshing conversations the show has had on communication, influence, and the human side of security. Drawing on his unusual dual life as both a cybersecurity leader and a stand-up comedian, Steven makes the case that security and GRC are not just technical disciplines — they are fundamentally communication disciplines. From using analogies to explain vulnerabilities, to reframing GRC as the “Draymond Green” of cybersecurity, Steven shows how the best security leaders translate complexity into clarity, help the business make better decisions, and meet people where they are instead of overwhelming them with jargon.
Key Takeaways:
- Security and GRC succeed when they communicate clearly to humans, not when they simply present more technical detail.
- The best GRC teams act as guides that help the business make reasonable, compliant, cyber-conscious decisions.
- Metrics only matter when they drive a clear outcome or decision, not when they exist for their own sake.
- Strong GRC teams build trust by doing the hard, cross-functional work that others often avoid.
- Storytelling is a core security skill because people act on messages they understand, remember, and relate to.
What You’ll Learn:
- Why Steven believes security is ultimately a human communication problem.
- How to tailor security messaging for engineering leaders, CISOs, and business stakeholders.
- What “guardrails not gates” looks like in a practical GRC program.
- How to think about data, metrics, and reporting without overwhelming your audience.
- Why AI may change the consumption layer of GRC, but not eliminate the human need for storytelling.
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Steven Asifo | Director of Security & GRC | Yahoo
Connect on LinkedIn: https://www.linkedin.com/in/asifosays/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450
View all episodes
By Raj KrishnamurthyIn this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Steven Asifo, Director of Security & GRC at Yahoo, for one of the most refreshing conversations the show has had on communication, influence, and the human side of security. Drawing on his unusual dual life as both a cybersecurity leader and a stand-up comedian, Steven makes the case that security and GRC are not just technical disciplines — they are fundamentally communication disciplines. From using analogies to explain vulnerabilities, to reframing GRC as the “Draymond Green” of cybersecurity, Steven shows how the best security leaders translate complexity into clarity, help the business make better decisions, and meet people where they are instead of overwhelming them with jargon.
Key Takeaways:
- Security and GRC succeed when they communicate clearly to humans, not when they simply present more technical detail.
- The best GRC teams act as guides that help the business make reasonable, compliant, cyber-conscious decisions.
- Metrics only matter when they drive a clear outcome or decision, not when they exist for their own sake.
- Strong GRC teams build trust by doing the hard, cross-functional work that others often avoid.
- Storytelling is a core security skill because people act on messages they understand, remember, and relate to.
What You’ll Learn:
- Why Steven believes security is ultimately a human communication problem.
- How to tailor security messaging for engineering leaders, CISOs, and business stakeholders.
- What “guardrails not gates” looks like in a practical GRC program.
- How to think about data, metrics, and reporting without overwhelming your audience.
- Why AI may change the consumption layer of GRC, but not eliminate the human need for storytelling.
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Steven Asifo | Director of Security & GRC | Yahoo
Connect on LinkedIn: https://www.linkedin.com/in/asifosays/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450