"Compliance is the security referee - frameworks are the playbooks."

In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.

Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.

Here are some highlights from the episode:

• What GRC actually means - and why governance is the most misunderstood part
• Why people who say "compliance isn't security" are missing the point
• How explaining the "why" of cybersecurity controls aids in acceptance
• Why data retention policies can protect you from major legal headaches
• And yes… a story about how Tim accidentally ransomwared himself 🙃

This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together!

I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments.

Follow Tim on LinkedIn: https://www.linkedin.com/in/timothygolden/

Compliance Scorecard Website: https://compliancescorecard.com/

-----------

Thanks to our sponsor Vanta!

Get back time to focus on strengthening security and scaling your business.

Discover the new way to GRC here: https://vanta.com/grcacademy

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s2-e9&utm_campaign=courses

#cybersecurity