ISO 27001 Expert: Why Compliance Doesn't Equal Security For CISOs episode artwork

EPISODE · May 28, 2026 · 1H 2M

ISO 27001 Expert: Why Compliance Doesn't Equal Security For CISOs

from Full Metal Packet

John Verry is the Managing Director at CBIZ Cybersecurity, ISO 27001 certified lead auditor since 2006, and has guided hundreds of organizations through ISO 27001, SOC 2, CMMC, FedRAMP, and HITRUST. He has seen firsthand what separates organizations that get genuinely secure from those that just collect certifications.In this episode, John breaks down the gap between compliance and actual security, why shadow AI is already embedded in tools your team uses daily, and why agentic AI is the risk no CISO is truly prepared for yet.He explains:◼ Why you can be fully compliant and completely insecure at the same time◼ Why operationalizing your security program inside tools your team already uses matters more than buying another GRC platform◼ How 65% of SaaS platforms now have AI built in and why most organizations have no inventory of it◼ Why the EU AI Act's August 2026 deadline is real and what organizations need to do now◼ Why agentic AI shifts the risk from hallucination to autonomous business decisions made at scale without a human in the loopTimestamps(00:00) Introduction (06:27) Meet John Verry: Managing Director at CBiz Cybersecurity (07:47) What compliance theater actually means and why it matters (09:34) Security is a journey, compliance is a destination (12:30) The most common mistakes companies make after getting certified (15:07) What it actually takes to operationalize a security program (17:34) The merchants of complexity problem and why less tooling wins (20:50) Third party risk management and the hidden operational debt of every new vendor(22:19) What shadow AI is and why most organizations still do not know they are using it (28:21) How to balance moving fast on AI with slow-moving compliance frameworks (31:40) Why ISO 27001 updates slowly and why that might actually be a good thing (36:41) How to risk model different types of AI from Grammarly to agentic systems (40:14) Why shadow AI is lower risk than deeply integrated AI but still dangerous (43:29) Sycophantic AI behavior, what causes it, and why it creates real danger (52:29) AI coding AI, the hard takeoff, and the model collapse problem (54:24) EU AI Act deadlines, ISO 42001, and why AI compliance urgency is now (58:44) How ISO 42001 works as an extension of ISO 27001 (01:01:27) When auditors do not understand AI governance and certifications become theater(01:02:28) The main blocker stopping CISOs from escaping compliance theater (01:05:41) The next 12 to 18 months: why the era of agentic AI is already here (01:07:48) Closing thoughts: What should actually scare every CISO right nowConnect with John Verry on LinkedInhttps://www.linkedin.com/in/jverry/Hosts ⬇️Alex: https://www.linkedin.com/in/alex-paguis-53a21815/Yegor: https://www.linkedin.com/in/yegor-sak-725330b2/Powered by Control D

NOW PLAYING

ISO 27001 Expert: Why Compliance Doesn't Equal Security For CISOs

0:00 1:02:26

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Raw Force

Apr 29, 2026 ·111m

Dixie Cups

Apr 18, 2026 ·89m

Wyatt Vurp

Apr 9, 2026 ·82m

Full Metal RPG The Full Metal RPG Crew Tabletop RPG Podcast that talks about Tough subjects and probably has some fun. Explicit Shut Up I Love It Sasha Feiler and Joe Cabello Many years ago, Sasha Feiler and Joe Cabello met in line for an improv show. They were young, dumb, and full of it. What followed were comedy shows so explicit, “genitalia” was practically a term of endearment.Fast forward 5 dogs, 6 cats, and way too many weird inside jokes later, Sasha and Joe are no longer young or dumb—but they’re still brimming with you-know-what. Here, they’ve teamed up to bring you a podcast where they interview a guest who passionately defends something universally hated, misunderstood, forgotten, overlooked, Mandela-effected, canceled—you name it. The key? They LOVE it. From toupees... to B-movies... to aliens, psychedelics, and the occasional surprise character, Sasha and Joe are here to spread love to the world that birthed them (but maybe should’ve used protection).So come and get that love because no one else will give it to you like we do.Also, don’t forget to check out the Patreon Bonus version of the show:https://www.patreon.com/c/ShutUpILoveItP Explicit Unauthorized Disclosure Kevin Gosztola Become a Paid Subscriber: https://anchor.fm/unauthorized-disclosure/subscribe"Unauthorized Disclosure" is a weekly podcast hosted by Rania Khalek and Kevin Gosztola. It focuses on issues and topics that are overlooked or pushed aside by the more mainstream media.The hosts champion adversarial journalism. Guests featured are often rarely heard or unheard voices. Or they are voices who we think can benefit from a space to have conversations, which allow for dissent and the unpacking of unpopular ideas.SUBSCRIBE on Spotify for $4.99/month and gain access to full episodes instead of clips or highlights from each week's show. Explicit Needless to Say... NTS Podcast In a world full of social divide, does anyone really need another comedy podcast starring four guys in a garage? According to Craig, Brad, Matt and Dave, yes ... yes they do.So, if you were into Opie and Anthony when they got along, Howard Stern when he wasn’t star-humping, or Ron Bennington when he still had a Fez, Needless to Say might be exactly what you’re looking for. Explicit

Frequently Asked Questions

How long is this episode of Full Metal Packet?

This episode is 1 hour and 2 minutes long.

When was this Full Metal Packet episode published?

This episode was published on May 28, 2026.

What is this episode about?

John Verry is the Managing Director at CBIZ Cybersecurity, ISO 27001 certified lead auditor since 2006, and has guided hundreds of organizations through ISO 27001, SOC 2, CMMC, FedRAMP, and HITRUST. He has seen firsthand what separates organizations...

Can I download this Full Metal Packet episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!