The Best Practices for Navigating Governance, Risk, and Compliance in Cybersecurity with Chris Hows

from Cyber Consulting Room · host Gordon Draper

Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.In This Episode:(00:28) Chris's journey into cybersecurity(01:14) Educational path to GRC(02:07) Advice for aspiring cybersecurity professionals(02:54) Defining governance, risk, and compliance(04:19) Understanding compliance challenges(14:39) Benefits of the ASD essential framework(16:30) Challenges of implementing ISO frameworks(17:40) Understanding control intent(22:44) Zero trust principle(24:14) Identifying cybersecurity risks(29:47) Shared responsibility model(39:33) Software compliance and updates(41:11) Regulatory evolution in cybersecurity(42:18) Accountability for cybersecurity(43:37) Best practices for compliance(45:17) Intent behind compliance frameworksNotable Quotes[05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris Resources and LinksCyber Consulting RoomCyber Consulting RoomGordon Draperhttps://cybermarket.com/https://www.linkedin.com/in/gordondraper/Chris Howshttps://mercuryiss.com.au/For more episodes like this visit https://cyberconsultingroom.comYou can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/

What this episode covers

NOW PLAYING

0:00 47:56

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

Bringing it all together.

Mar 31, 2026 ·54m

Why is the vendor role so contentious in the cyber ecosystem?

Mar 27, 2026 ·14m

But what do you really want?

Mar 24, 2026 ·42m

Strategic approaches to talent: A practical guide.

Mar 20, 2026 ·42m

Mid season reflection with Kim Jones.

Mar 17, 2026 ·41m

Is the role of the CISO adding to the confusion?

Mar 13, 2026 ·44m

Similar Podcasts

CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world. Guardians Of Innocence Guardians Of Innocence Guardians of Innocence is a powerful and informative podcast designed to equip parents, teachers, and communities with the knowledge and tools needed to protect children from the growing threat of trafficking. Each episode dives deep into the tactics traffickers use to target vulnerable children—both online and in real life—and provides actionable advice on how to recognize the warning signs.Through expert interviews with cyber safety professionals, law enforcement, and survivors, we uncover the latest grooming methods, share real-world stories, and empower listeners to become vigilant guardians of innocence in their own families and communities.Guardians of Innocence is more than just a podcast; it’s a call to action to safeguard our children, raise awareness, and foster a united front against trafficking.Listen. Learn. Protect. Relaxing Free Sounds Instant Media Access Welcome to RELAXING FREE SOUNDS — your pocket-sized escape into pure atmosphere. This podcast is built for the moments when you need to soften the noise of the day and replace it with something calmer, steadier, and more natural. Whether you’re winding down after work, focusing on a task, trying to drift into sleep, or simply craving a sense of space, you’ll find immersive soundscapes designed to help you breathe a little deeper and feel a little lighter. Each episode is a carefully curated ambience session, created to feel like you’ve stepped into a different place. Expect soothing nature soundscapes like rainfall on leaves, distant thunder rolling across the horizon, gentle ocean waves, forest wind moving through pines, mountain streams, crackling campfires, and night insects humming under a wide sky. You’ll also hear city and indoor ambience for those who love the comfort of lived-in spaces: cozy café chatter, soft library hush, subtle office room tone, a quiet apartment at night, a From the Break Room Quill Do you want to hear awesome work tips but also take a brain break? Do you want to hear from professionals just like you but also experts in other fields too? What if you could do it while getting to know your office supplier a little better, peeking behind the curtain a bit?At Quill, we’re all about helping you in your worklife. That’s why we’ve created From the Break Room, a podcast where we sit down with colleagues and customers to chat about the things that matter to you (and have a little fun).So grab your coffee, or whatever you like to drink, and hang out with us for a few minutes.

Frequently Asked Questions

How long is this episode of Cyber Consulting Room?

This episode is 47 minutes long.

When was this Cyber Consulting Room episode published?

This episode was published on February 19, 2025.

What is this episode about?

Can I download this Cyber Consulting Room episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!