The Compliance Playbook to Cybersecurity
Interview with Tim Golden about GRC and why people who say "compliance isn't security" are missing the point.
“Compliance is the security referee – frameworks are the playbooks.”
In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC.
Tim shares what he’s learned from decades of hands-on work – from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities.
Here are some highlights from the episode:
- What GRC actually means – and why governance is the most misunderstood part
- Why people who say “compliance isn’t security” are missing the point
- How explaining the “why” of cybersecurity controls aids in acceptance
- Why data retention policies can protect you from major legal headaches
- And yes… a story about how Tim accidentally ransomwared himself 🙃
This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together!
I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments.
Follow Tim on LinkedIn: https://www.linkedin.com/in/timothygolden/
Compliance Scorecard Website: https://compliancescorecard.com/
Thanks to our sponsor Vanta!
Get back time to focus on strengthening security and scaling your business.
Discover the new way to GRC here: https://vanta.com/grcacademy