GRC Academy Podcast June 5, 2025 S-2 / E-9 00:31:48

The Compliance Playbook to Cybersecurity

Interview with Tim Golden about GRC and why people who say "compliance isn't security" are missing the point.

“Compliance is the security referee – frameworks are the playbooks.”

In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.

Tim shares what he’s learned from decades of hands-on work – from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.

Here are some highlights from the episode:

  • What GRC actually means – and why governance is the most misunderstood part
  • Why people who say “compliance isn’t security” are missing the point
  • How explaining the “why” of cybersecurity controls aids in acceptance
  • Why data retention policies can protect you from major legal headaches
  • And yes… a story about how Tim accidentally ransomwared himself 🙃

This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together!

I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments.

Follow Tim on LinkedIn: https://www.linkedin.com/in/timothygolden/

Compliance Scorecard Website: https://compliancescorecard.com/


Thanks to our sponsor Vanta!

Get back time to focus on strengthening security and scaling your business.

Discover the new way to GRC here: https://vanta.com/grcacademy