#AuditTuesday GRC Podcast

Identity is still the #1 control auditors and attackers look at first — but most small and mid-sized organizations are still struggling to answer:Who has access to what… and is it a risk?Join us for a live conversation with Dino Price (AgileGRC) as we break down how identity directly impacts:- SOC 2, HITRUST, and CMMC readiness- Day-to-day security operations- Real-world risk (not just audit checkboxes)No theory. No enterprise fluff. Just what actually works.What we’ll cover (more practical framing) ✅ What an Identity Risk Assessment actually looks like for SMBs ✅ The most common identity gaps we see in SOC 2, HITRUST, and CMMC ✅ How to find orphaned accounts, stale users, and over-permissioned access ✅ Why service accounts and shared access are still a major blind spot ✅ Practical steps you can take this quarter (not a 12-month roadmap)

Thinking about a career in GRC—or trying to hire the right talent?Join us for this live #AuditTuesday session featuring Pete Strouse, “The GRC Recruiter”, CEO & Founder of InfoSec Connect. Pete brings deep, real-world insight from the front lines of GRC hiring—and will share what he’s seeing across the market today.This isn’t just theory—Pete will break down what actually works, what employers are looking for, and where opportunities are emerging. Plus, he’ll be taking your live questions during the session.In this episode, we’ll cover:The most in-demand GRC roles for 2026What backgrounds, certifications, and experience actually matterHow the GRC job market is evolving with AI, identity, and compliance pressuresPractical insights for both job seekers and hiring managersWhether you're looking to break into GRC, level up your career, or understand how to build a high-performing GRC team—this session will give you real-world perspective you won’t get from job boards.

Identity has become the control plane for modern security — yet most organizations still don’t have a clear answer to one critical question:Who has access to what… and should they?Join us for a live conversation with Neil Chapman, PhD (IntraSystems) as we explore why identity is now at the center of cyber security.In this session, we’ll break down: ✅ What an Identity Risk Assessment is — and why it’s overdue ✅ How to uncover orphaned, stale, and over-privileged accounts ✅ Why service accounts and key roles create hidden exposure ✅ What auditors and attackers look for first in the identity layer ✅ Practical steps security and governance teams can take immediately🎙 Featuring: Neil Chapman, Ph.D – IntraSystems Garret Grajek – YouAttestIf identity governance, least privilege, and modern risk assessments are on your 2026 roadmap, this is a discussion you won’t want to miss.💬 Live Q&A included — bring your real-world identity challenges.

DORA is no longer theoretical. The EU’s Digital Operational Resilience Act (Regulation (EU) 2022/2554) is in force.Financial institutions and the organizations that support them must now demonstrate measurable digital operational resilience. Regulators will expect clear evidence of ICT risk management, incident response readiness, third-party oversight, and governance accountability.More importantly — what will regulators expect to see when they examine your identity and access governance controls?Identity is at the center of DORA compliance:Access governance and least privilegeControl over privileged accountsThird-party and vendor access oversightEvidence of monitoring, review, and remediationTo help you prepare for 2026 supervisory reviews, YouAttest welcomes leading EU regulatory expert Ralf Mennegatti, CEO of Luxembourg-based DAQS, for a focused discussion on what regulators will expect — and how to prepare now.We’ll cover:The current state of DORA enforcementWhat supervisors are reviewing in 2026How DORA impacts identity governance programsPractical steps to align your identity systems with regulatory expectationsThis will be a live session with actionable guidance and real-world insight.Bring your questions — Fragen gerne auf Deutsch!To learn more about how YouAttest helps organizations strengthen identity governance and audit readiness, contact us at [email protected].

AI adoption is accelerating — but governance, risk, and regulatory readiness are still lagging behind.As organizations move toward 2026, leaders must cut through the hype and understand what AI governance actually means, what regulations truly require, and how to operationalize governance across the enterprise.Join us live as we discuss: ✅ What AI governance really means in 2026 ✅ What regulations require vs. what frameworks recommend ✅ How organizations can prepare for AI risk, audits, and oversight ✅ How Reliath AI and YouAttest help address AI governance in practice🎙 Featuring:Herb Roitblat — Chief AI Officer & CTO, Reliath AIYves Binda — SVP, Solutions Architect, Reliath AIAsha Mehesh — Data & Technology StrategistGarret Grajek — CEO and Founder, YouAttest Jerry Sisson — Host and CRO of EdgeRealm.ai 💬 LIVE Q&A — ask your toughest questions on AI risk, governance, and compliance.If you’re responsible for AI strategy, risk management, compliance, or executive readiness, this session is built for you.

Shared Microsoft files are everywhere — but do you actually know who has access, what’s still exposed, and which links never expire?Join us for a live discussion where we break down:✅ What Microsoft files are being shared across your enterprise✅ How to actually discover shared access in OneDrive, Teams, and SharePoint✅ Why expired (or never-expiring) links are a hidden risk✅ What identity + GRC teams should be doing right now to reduce exposure🎙 Featuring:Alan Sugano – Cyber Expert, ADS Consulting GroupIf you care about identity governance, audit readiness, and Microsoft security, this is a session you don’t want to miss.Contact us at YouAttest:  https://youattest.com/contact or [email protected] 

Join us for this #AuditTuesday LinkedIn Live as we break down CISA’s Secure Cloud Business Applications (SCuBA) framework and what it really takes to execute on SCuBA compliance in real-world environments.As organizations increasingly rely on Microsoft 365 and Google Workspace, securing identities and cloud configurations has become a top audit and risk priority. In this live session, we’ll cut through the noise and focus on what auditors, GRC professionals, security leaders, and MSPs need to know now.YouAttest’s Garret Grajek will be joined by Jason  Dunn-Potter(CW5-R), ex-Whitehouse Chief Warrant Officer to join on this informative SCuBA webinar.   Jeff Kushner, GRC expert at Allgress will provide input on how to start you SCuBA compliance- Why SCuBA matters for audits, risk assessments, and compliance programs- Key identity risks and misconfigurations auditors are seeing today- How SCuBA secure configuration baselines actually work- What SCuBA means for Microsoft 365 and Google Workspace security- How to approach a SCuBA risk assessment without overcomplicating itLive session.   Questions were taken/answered by the audience.

Active Directory remains the backbone of enterprise identity — and one of the largest sources of audit findings, security gaps, and insider risk. Yet many organizations still rely on manual reviews, spreadsheets, and outdated processes to prove compliance.In this #AuditTuesday LinkedIn Live, we’ll break down why Active Directory auditing is more critical than ever — especially for SOX compliance, access governance, and Zero Trust identity security.You’ll learn:Why AD continues to be a top risk area for SOX, auditors, and security teamsHow manual access reviews fail — and where auditors focus firstHow YouAttest automates Active Directory audits with continuous evidence, AI-driven insights, and auditor-ready reportingHow automated user access reviews strengthen Zero Trust by enforcing least privilege and accountability

A critical discussion on cybersecurity in the wake of the BRICKSTORM attack—a sophisticated Chinese APT campaign targeting critical infrastructure. This live session will explore how organizations can pivot to identity-first security strategies to defend against nation-state threats.What is Covered:- Understanding the Threat- What was the BRICKSTORM hack?- Who was targeted and how did the attack unfold?- The broader implications for critical infrastructure security- Building Defense Through IdentityHow to construct an identity-first architectureTWho Should Watch:- CISOs and security leaders- IT administrators and identity management professionals- Anyone responsible for protecting critical infrastructureFeatured SpeakersGreg Kutzbach,  Cybersecurity Expert, Exhibit A Cyber & YouAttest MSPGarret Grajek CEO, YouAttest,  Multi-Patented AI & Identity Innovator

Discussion on how sloppy identity practices made 2025 breaches worse2025 delivered zero-day nightmares: SharePoint RCE, Oracle EBS privilege escalation, VMware vCenter remote code execution — all exploited in the wild.But the real catastrophe? Sloppy IAM. Overprivileged accounts, ghost users, and orphan access turned surgical strikes into enterprise-wide meltdowns. One compromised admin in VMware? Full domain takeover. One stale Oracle account? Financial data exfiltrated.Join Garret Grajek (CEO, YouAttest) and Darrick Richardson (IAM & Cloud Security Architect) for a no-BS breakdown of 2025’s worst breaches — and how automated user access reviews stop the bleeding.🔍 We’ll cover:• Real 2025 zero-day attack chains• How overprivileged & orphan accounts amplify damage• One-click fixes with modern identity governanceExpect a lively discussion with live Q&A—questions welcomed! Don’t miss this chance to stay informed about AI governance’s future.

Are you an IT leader, auditor, or professional navigating the complexities of Sarbanes-Oxley (SOX) compliance? Join our upcoming webinar, "SOX Preparation: Mastering IT Controls for Seamless Compliance," where we'll dive deep into the IT-specific aspects of SOX to help you build robust systems and avoid costly pitfalls.What You'll Learn:Key IT General Controls (ITGC): From access management and change controls to data integrity and cybersecurity measures essential for SOX Section 404 compliance.Audit-Ready Strategies: Practical tips on documenting processes, implementing automated controls, and preparing for IT audits without disrupting operations.Common IT Challenges & Solutions: Real-world examples of SOX pitfalls in IT environments, including cloud migration, remote access, and emerging tech risks.Best Practices for 2025 & Beyond: Stay ahead with updates on evolving regulations, tools like COSO frameworks, and how AI/ML can enhance IT compliance.This session is perfect for CIOs, IT managers, compliance officers, and anyone involved in financial reporting systems. Gain actionable insights to strengthen your organization's internal controls and ensure audit success.Session includes Paul Feather, experienced SOX Auditor and Craig Guinasso, experienced hand-on compliance officer.  Both have participated and conducted multiple SOX Audits. 

Join us for an engaging #AuditTuesday session on California’s CA SB 53 - America’s First AI Transparency Law.CS SB 53 was signed into law on September 29, 2025. Hosted by Karlina Klever, GRC Expert from Klever Compliance, and featuring Garrett Grajek, CEO of YouAttest and Multi-Patented AI & Identity Innovator, this event promises valuable insights.This is a pioneering law targeting frontier AI models with over 10^26 FLOPs. It mandates that large developers (over $500 million revenue) disclose safety protocols to mitigate catastrophic risks like bioweapons or cyberattacks, and it sets up public incident reporting channels. Effective January 1, 2026 - it’s focus is accountability. What is CA SB 53? Learn about this first U.S. law focused on AI transparency and safety.What is AI Transparency? Understand its role in building trust in AI systems.Why Should You Care? Essential for engineers, data scientists, compliance officers, and policy makers to navigate its technical and governance implications.Expect a lively discussion with live Q&A—questions welcomed! Don’t miss this chance to stay informed about AI governance’s future.

In this dynamic #AuditTuesday webinar, cybersecurity expert Greg Kutzbach, Cybersecurity Expert, will dive into the critical topic of keeping SharePoint secure after recent hacks. He will be joined by Garret Grajek, CEO of YouAttest, to discuss robust identity security strategies. The session will explore real-world threats and actionable solutions to protect your SharePoint environment. Key Discussion Points:-  Why SharePoint Matters: Understand the importance of SharePoint in your organization and the risks it faces.-  Identity Security in SharePoint: Learn why identity security is crucial to safeguarding SharePoint data.- Knowing Your Permissions: Discover why managing and auditing permissions is essential to prevent breaches.Recent SharePoint Hack: Gain insights into the latest SharePoint vulnerability and its identity security implications.Know you identities w/ YouAttest - https://youattest.com, [email protected]

In this dynamic #AuditTuesday webinar, cyber security expert Alan Sugano, President of ADS Consulting Group, we’ll dive into the escalating threat of AI-powered cyberattacks. He will be joined w/ Garret Grajek, CEO of YouAttest on how robust access governance can protect your business and Shannon Noonan, GRC and Cyber Expert.The session explores real-world tactics like AI-driven credential cracking, deepfake scams, and invisible malware, offering actionable strategies to counter them.Key Discussion Points:AI Threats Unveiled: Learn how hackers use AI to exploit weak credentials, craft convincing deepfakes, and hide malware, as outlined in ADS’s blog.Access Governance Solutions: Discover how YouAttest’s automated user access reviews and Identity Trust Score, paired with ADS’s managed IT and cybersecurity services, enforce the Principle of Least Privilege (PoLP) to mitigate risks.Practical Defenses: Hear Alan Sugano share ADS’s 30 years of experience securing SMBs, including insights from their Free Dark Web Scan and Veeam Cloud Connect backups, alongside YouAttest’s tools for compliance (e.g., NIST CSF 2.0, HIPAA).Partnership Power: Explore how YouAttest’s identity governance platform integrates with ADS’s network assessments and 24/7 support to create a comprehensive cybersecurity strategy.Contact YouAttest and [email protected] to address your identity vulnerabilities..

Tune in for an engaging #AuditTuesday GRC podcast focused on mastering the complexities of PCI DSS 4.0. This live session, hosted by YouAttest, a premier identity governance solution, will feature Truvantis, a leading GRC consulting firm, sharing expert insights to guide you toward confident compliance.In this session, we’ll cover:Key PCI DSS 4.0 Updates: Understand critical changes and how they impact your organization.Streamlined Compliance Strategies: Learn how Truvantis’ expert GRC services simplify risk management and compliance processes.Identity Governance Simplified: See how YouAttest’s automated user access reviews strengthen security and ensure PCI DSS compliance.Who Should Attend: Compliance officers, IT security professionals, and business leaders responsible for safeguarding payment card data.Why Attend: Gain actionable insights from Truvantis’ GRC experts and see YouAttest’s cutting-edge identity governance platform in action. Equip your organization with the tools and strategies to excel under PCI DSS 4.0.

Join us for an engaging #AuditTuesday webinar featuring renowned AI governance expert Ashley Robinson, hosted by YouAttest. This session will explore the critical elements of AI governance, addressing the risks, standards/frameworks/guidances, and actionable steps needed for responsible AI adoption.Many organizations overlook the importance of education and governance awareness in AI use—leaving leaders and staff unprepared! This session will highlight the need for practical policies and training to build public trust.Ashley will share insights on translating frameworks like NIST AI RMF and ISO/IEC 42001 into actionable classroom and workforce policies, while YouAttest will discuss/demo how to ensure robust AI governance through auditing and proof. Garret Grajek of YouAttest and Jeff Kushner of Allgress will also join to share their expertise on AI governance and innovative tools.Key Discussion Points:What’s the risk of AI?What are the standards/frameworks/guidelines?What needs to be done?How YouAttest’s tools support AI governance and compliance.This webinar is a must-attend for AI strategists, educators, government advisors, and compliance officers! Gain practical insights from Ashley Robinson’s expertise in AI education and governance.

Join us for an engaging #AuditTuesday webinar featuring renowned auditor Robert Berry, #ThatAuditGuy, hosted by YouAttest.  This session will explore the critical elements of conducting effective t user access reviews for identity security vulnerabilities and meeting compliance regulations SOX, GLBA, HIPAA, PCI-DSS, NYRR 500, CCPR/CCPA.Many organizations fall short by relying on the identity managers to conduct the reviews - without consulting the business and application owners!   This  practice violates audit guidelines!Robert will inform you how audits are done the right way!   And YouAttest will discuss/demo how to ensure access to  sensitive data and applications is properly reviewed!.  Key Discussion Points:Common mistakes in user access reviews and why technical certifications are non-compliant.The essential role of business line managers in conducting legitimate access reviews.Best practices for ensuring audit-ready user access reviews that meet regulatory standards.How YouAttest’s automated identity governance tools simplify and enhance compliant access reviews.Actionable strategies to prevent risks like privilege creep, insider threats, and access misuse.   YouAttest - know your identities - https://youattest.com

#AuditTuesday Presents: The CISO’s Playbook: Strengthening Security with Identity and Supply Chain GovernanceCISOs need robust strategies to secure their ecosystems and the supply chain and identities that make these supply chains secure - are core to a secure enterprise. Join our #AuditTuesday GRC Podcast, where YouAttest’s Garret Grajek and InvisiRisk experts explore how user access reviews and GRC platforms fortify security across identity and software development lifecycles.What’s on the Agenda?Real-World Security Lessons: Learn from the experts on real world use cases where faulty supply chain security and identity security has cost revenue and reputation.Identity Governance Frameworks: Discover best practices for implementing user access reviews to enforce the Principle of Least Privilege, ensuring only authorized personnel access critical systems.Supply Chain Security: Explore InvisiRisk’s GRC platform for managing risks in software development and third-party integrations, maintaining compliance throughout the lifecycle.Interactive Discussion: Garret Grajek, certified GRC expert, and InvisiRisk leaders share actionable strategies for CISOs to remediate vulnerabilities and align with compliance standards.Join us for a high-impact session on empowering CISOs with YouAttest and InvisiRisk solutions to secure identity and supply chain governance. Don’t miss this must-attend #AuditTuesday event to build a resilient digital ecosystem! https://youattest.com

As AI transforms industries, ensuring robust governance, risk, and compliance (GRC) is critical to building secure and ethical AI systems. In this dynamic #AuditTuesday GRC Podcast,welcomes Robert Hilliker, an AI project leader, to explore how GRC integrates into AI development.What’s on the Agenda?Real-World AI Insights: Robert Hilliker shares experiences from his diverse AI projects, highlighting challenges and successes.AI Governance Frameworks: Introduction to NIST AI Risk Management Framework (AI RMF) and ISO 42001, and the OWASP Guide on LLAM and Generative AI  for responsible AI development.GRC Across the AI Lifecycle: Practical strategies for embedding GRC in planning/scoping, data augmentation/fine-tuning, application development, and deployment/maintenance.Interactive Discussion: YouAttest’s own Garret Grajek, certified GRC expert will offer insights on aligning AI projects with governance and compliance requirements.Join us for a high-impact session on launching AI projects with robust GRC integration. Gain actionable strategies to ensure your AI initiatives are secure, compliant, and ethically sound. Don’t miss this must-attend #AuditTuesday event!https://youattest.com

With cyber threats escalating and compliance requirements tightening, organizations need flexible, expert-driven solutions to stay secure. Virtual CISOs (v-CISOs) are redefining governance, risk, and compliance (GRC) by delivering strategic expertise without the cost of a full-time CISO.In this exciting edition of the #AuditTuesday GRC Podcast, Jerry Sisson, Founder/CEO of MyTechNetwork, moderates a compelling discussion with Jeff Kushner, a cybersecurity marketing and GRC expert, and Garret Grajek, CEO of YouAttest, a certified cybersecurity innovator (CEH, CISM, CGEIT, CISSP) with 10+ patents in identity security.What’s on the agenda?The rise of v-CISOs: How they deliver strategic oversight, risk management, and compliance expertise for organizations of all sizes.Why user access reviews (UARs) are essential for compliance with standards like NIST CSF 2.0, ISO 27001, and HIPAA, and how v-CISOs drive their adoption.How YouAttest’s automated UAR platform empowers v-CISOs to streamline identity governance, ensuring audit-ready compliance with minimal effort.Insights from Garret Grajek on leveraging YouAttest’s solutions to enhance security and compliance, drawing on his patented innovations.Practical strategies for scaling GRC programs using v-CISOs and YouAttest, tailored for startups to enterprises.Join Jerry Sisson, Jeff Kushner, and Garret Grajek for a high-energy discussion on transforming GRC with v-CISOs and YouAttest’s identity security solutions. Don’t miss this opportunity to gain actionable insights from industry leaders!

MSPs – it's time to expand your security service offerings with a critical, high-demand compliance function: User Access Reviews (UARs).In this special edition of the #AuditTuesday GRC Podcast, Garret Grajek, CEO of YouAttest, sits down with Joe Rojas, Co-Founder of Start Grow Manage, to discuss how MSPs can unlock new revenue and compliance value by partnering with YouAttest as their backend Managed Security Service Provider (MSSP) for UARs.What’s on the agenda? - What exactly is a User Access Review (UAR) and why is it foundational to any cybersecurity compliance framework?-  The increasing compliance pressure from regulations like SOX, HIPAA, NIST 800-53, and ISO 27001 – and how UARs play a key role.-  Why MSPs are in the perfect position to deliver UARs-as-a-service to their clients – but often lack the right tools or resources.-  How YouAttest fills this gap by becoming the UAR engine for MSPs, providing a turnkey, automated, multi-tenant platform purpose-built for audits and continuous identity governance.Watch for a  practical discussion on compliance, opportunity, and execution – and learn how your MSP can start delivering UARs the smart way, today.https://youattest.com.com                            [email protected]

As identity risk rises across enterprises, CISOs are being called to lead the charge in governance and access oversight. But are they equipped for the challenge?In this edition of the #AuditTuesday GRC podcast, we sit down with Larry Whiteside Jr., veteran CISO and Co-Founder of Confide—a peer-based leadership network for cybersecurity executives—for a frank discussion on how identity fits into modern risk strategy. Larry also brings his perspective as Co-Founder of the ICMCP, focused on advancing diversity in the cybersecurity space.Key Topics:Why identity governance is a CISO’s responsibility nowCommon blind spots in enterprise access managementThe role of access reviews in reducing riskAligning identity strategy with compliance and business prioritiesWhat Confide is hearing from security leaders at the topA strategic, no-fluff conversation on identity risk—plus a live Q&A with one of cybersecurity’s most respected voices.Know your identities w/  YouAttest.com, contact us:    https://youattest.com/contact/

As artificial intelligence reshapes business, compliance, and security landscapes, organizations are under pressure to implement clear governance strategies. Yet, many lack a roadmap for ethical, secure, and compliant AI deployment.In this special edition of the #AuditTuesday GRC podcast series, we welcome James Sayles, author of Principles of the Governance Model for Risk Management, to explore the critical issues surrounding AI governance. Sayles will share his expert perspective on where current governance frameworks fall short—and what enterprises, auditors, and boards must do to close the gap.Key Points:The current state of AI governance in enterprise environmentsWhat’s missing from today’s AI oversight modelsWhat board members and executives need to know right nowGovernance frameworks and tools you can leverage (e.g., NIST AI RMF)Near- and long-term visions for sustainable, effective AI governanceA compelling discussion that connects AI innovation with GRC discipline, featuring practical insights and a live Q&A with one of today’s thought leaders in risk governance.

Governance Risk and Compliance is a $45.6B market - a market the Managed Service Providers (MPSs) need to be in they want to grow.But GRC, the concept of helping enterprises obtain not only compliance but be able to show proper governance is out of the comfort zone of many MSPs.   How to start?  How do MSPs get into this much needed space that benefits both the MSP and their clients.      That’s what we cover in this webinar. Key Points:How to get started w/ GRC?What needs to be offered?What verticals care the most?How do you staff?To delve into this key security topic we have invited the governance, risk and compliance and MSP experts.  We will be joined by Shannon Noonan, GRC expert and CEO of HiNoon Consulting.   In addition, MSP CEO and founder Daneil Morrison will be relaying his real world concerns and efforts.  The webinar will also have a live demo how YouAttest creates a multi-tenanted experience for MSPs to begin and conduct their identity governance.

Shared Signals - for those in the identity know - it’s a subject that time has come.Shared Signals refers to a standardized system where organizations can exchange real-time security information about users across different platforms.What we cover, here:Why do we need shared signals?How can we use shared signals?Where will WE get these signals?And what will consume them?To delve into this key security topic we have invited the security and identity experts.  We will be joined by Craig Guiansso, cyber security expert at Alector and David Worthington Synoptek.   They will be bringing real live use cases on where privilege users needed to be reviewed and how YouAttest helped. The webinar will also have a live demo how YouAttest creates an identity trust score (ITS) for a shared signal for enforcement points.

Privileged users are the source of most enterprise problems:  from outsider attacks, insider threads and compliance - the focus usually involves admin accounts.These accounts have to be reviewed - and on a regular basis.   How?This webinar addresses:Why privileged accounts need to be reviewed?When do these accounts become stale and dangerous?How to build best practices around these accounts?And...How do we even get started?To delve into this key security topic we had invited the security and managed service experts at Synoptek.   They bring real live use cases on where privilege users needed to be reviewed and how YouAttest helped. Our guests, Matthew Murdock and George Rhodes are experts in both on-going security practices but also the concept of being “helicoptered” into troubled sites for V-CISO work. The webinar will also have a live demo how Synoptek uses YouAttest to review enterprise entitlements.Contact us at YouAttest: https://calendly.com/gg01/30min

Huge regulatory changes face the EU nations and the companies that work w/ the EU: Digital Operational Resilience ACT (DORA).  The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identity governance efforts?To answer these questions - YouAttest invites a foremost authority in EU regulations:  Concedro, featuring CEO, Armin Binsteiner and compliance expert Ralf Menegatti.The webinar will include the following information:What is DORA?When does it go into effect?What does it mean to my identity governance programs?How do I get my identity systems to compliance?Will be an informative event with specific guidance and recommendations around identities and DORA. Will be live - so bring your questions!       To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

AWS is the premier cloud vendor - AWS is the basis of most enterprises cloud strategy.   To help us understand the importance of AWS and AWS entitlements, YouAttest has partnered with CloudArmee, prominent AWS experts.CloudArmee and YouAttest have partnered together to help enterprises determine what their access entitlements are for their AWS deployments.E.G. for your AWS deployment: What roles have been created?  Who has access? What is the identity security posture of the enterprise AWS server and services? This is not a question easily answered.But it needs to be. According to Palo Alto’s Unit 42 - their threat research group - 99% of accounts in the cloud are overly permissive.This webinar will address how CloudArmee utilizes YouAttest to execute a comprehensive user access review of your enterprise AWS entitlements.  YouAttest automates the audit of access privileges for all your resources - cloud and on-premise. Contact us and we’ll help w/ your access review problems:  https://youattest.com/contact/

The U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (32 CFR) for the Cybersecurity Maturity Model Certification (CMMC) program. The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this mean? For Contractors?  How do enterprise adhere to the new standards - and document their process to prove that they are compliant?To help answer this, we have D.o.D. experts, Jeff Chao of Short Arm Solutions.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

 New administration - new attitude, regulations, priorities on cyber governance? No question.But what will it be?  What about CISA?What about NIST?What about the SEC?What about CMMC?All of these and more will be discussed.To answer these questions - YouAttest invites authorities in compliance and security matters, Stacey Cameron, CEO of Cycam Strategies, Karina Klever of Klever Compliance, and Mike Andrewes of YastisTo learn more about YouAttest and how we can help secure your identities, contact us at [email protected]                       

Okta announced that they had a flaw in their authentication - where under “specific circumstances” a user could gain access w/o inputting the password associated with the account.How is this possible?What does this mean?And most importantly…How to secureThat’s what will be discussed this very important #AuditTuesday w/ Greg Kutzbach,  Cyber Security and Digital Forensic Expert of Exhib A Cyber.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

You can’t talk about cyber security with a professional today without the conversation turning to the topic of the next generation.Namely our youth - with questions coming up,Are they ready for jobs in cyber security?Are they capable of taking the reins of responsibility for cyber security?At what level?And what needs to be done to get them more ready. But how AI is created is not longer a science project - it’s a regulated business.   Key aspects of the creation of the AI components must be govern, especially for AI created from data that stems from regulated business.That is:How was the data collected?Who collected the data?Who handled the data?How was the data stored/disposed after the AI algorithm was created?Today’s webinar covers this vital topic.   We have guest speaker, Ted Alben from GetSmart Cyber Defense, a YouAttest partner.    Ted is also leader of a mentoring program at UCLA hiping  students map their goals and careers in the cyber world.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

The U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (the Final Rule) for the Cybersecurity Maturity Model Ceritficat (CMMC) program.The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this?  For Contractors?  How should this change this practices and documentation procedures?To help answer this, we have D.o.D. expert, Michael Andrewes w/ his opinion and perspective on this ruling. To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

Practically all enterprises are under some sort of IT compliance and regulations.   Holding any data that is classified as sensitive - puts the enterprise under the watchful eye of of the regulators.But with all this compliance and regulatory guidances - comes the fatigue.   What is the genesis of this fatigue - and what can be done to alleviate the grind of regulatory compliance.To answer these questions - YouAttest invites an authority in compliance and security matter, Stacey Cameron,  CEO of Cycam Strategies.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]      

Cyber Attacks are worldwide. Germany is not immune to these attacks.  In fact Deutsche Bank in September 2024, stated that “Cyber-attacks alone cost the German economy an enormous 148 billion euros every year.”At the same time Germany and the rest of EU is struggling to enact the Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identity governance efforts?To answer these questions - YouAttest invites a foremost authority in EU regulations: Ralf Mennegatti, CEO of the Luxembourg-based DAQS. To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]    

This YouAttest podcast highlights the YouAttest offering for Identity security and compliance for managed service providers (MSPs.)Automating and simplifying user access reviews.

HR systems for many enterprises is the identity store of record (ISoR). This is where identities are created, roles are assigned, and privileges are entitled.  But these HR systems (HRS) are NOT enforcement points – they are the container of entitlements. The enforcement of these entitlements usually falls to identity and access management (IAM) systems.   Hence comes the identity variance between:What roles/entitlements are created/documented in the HR system?What roles/entitlements are ENFORCED by the IAM?Contact us at YouAttest - https://youattest.com/ - we will identify the anomalies between your HR and IAM systems and create a better identity audit experience for your enterprise.https://youattest.com/contact/Web Page:https://youattest.com/hr-vs-iam-identity-variance/

The U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (the Final Rule) for the Cybersecurity Maturity Model Ceritficat (CMMC) program.The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this?  For Contractors?  How should this change this practices and documentation procedures?To help answer this, we have D.o.D. expert, Michael Andrewes w/ his opinion and perspective on this ruling. To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

Change Healthcare announced Thursday, Feb 29th  that a ransomware group that had claimed responsibility for the attack was at faultHealth care providers across the country are reeling from a cyberattack on a massive U.S. health care technology company that has threatened the security of patients’ information and is delaying some prescriptions and paychecks for medical worker.What was the hack? How will it affect Health Care Providers?What should be done for prevention?That’s what will be discussed this very important #AuditTuesday w/ Greg Kutzbach,  Cyber Security and Digital Forensic Expert of Exhib A Cyber and Craig Guinasso, cyber and forensic healthcare expert.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

AWS is the premier IAAS vendor - AWS is the basis of most enterprise cloud strategy.   To help us understand the important of AWS and AWS entitlements the video has Raj Sawhney, Managing Director, IT and Internal Audit, Cybersecurity and Business Process at CDW. But what roles have been created?  Who has access?   What is the identity security posture of the enterprise AWS server and services?   This is not a question easily answered.But it needs to be.   According to  Palo Alto’s Unit 42 - their threat research group, say 99% of accounts in the cloud ar overly permissive./YouAttest walks through how customers are using YouAttest to audit their access to AWS.  This video show how YouAttest can be utilized by the risk manager and/or security manager to execute a Access Discovery on the AWS resources.  That is YouAttest - automating the audit of access privileges for all your resources - cloud and on-premise. Contact us and we’ll help w/ your access review problems:  https://youattest.com/contact/

Practically all enterprises are under some sort of IT compliance and regulations.   Holding any data that is classified as sensitive - puts the enterprise under the watchful eye of of the regulators.But with all this compliance and regulatory guidance - comes the fatigue.   What is the genesis of this fatigue - and what can be done to alleviate the grind of regulatory compliance.To answer these questions - YouAttest invites an authority in compliance and security matters, Stacey Cameron, CEO of CyCam Strategies.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

Cyber Attacks are world-wide.   Germany is not immune to these attacks.  In fact Deutsche Bank in Sept 2024, stated that “Cyber-attacks alone cost the German economy an enormous 148 billion euros every year.”At the same time Germany and the rest of EU is struggling to enact the Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identity governance efforts?To answer these questions - YouAttest invites a foremost authority in EU regulations: Ralf Mennegatti, CEO of the Luxembourg-based DAQS. To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]     

Welcome to today’s AuditTuesday - this YouAttest podcast highlights the YouAttest offering for Identity security and compliance for managed service providersTo help with the discussion we have Bill Lauterbach, YouAttest Channel Director Kashif Mehmood, YouAttest Field Services DirectorTo learn more about YouAttest and how we can help secure your identities, contact us at [email protected]                       

HR systems for many enterprises is the identity store of record (ISoR). This is where identities are created, roles are assigned, and privileges are entitled.  But these HR systems (HRS) are NOT enforcement points – they are the container of entitlements. The enforcement of these entitlements usually falls to identity and access management (IAM) systems.   Hence comes the identity variance between:What roles/entitlements are created/documented in the HR system?What roles/entitlements are ENFORCED by the IAM?Contact us at YouAttest - https://youattest.com/ - we will identify the anomalies between your HR and IAM systems and create a better identity audit experience for your enterprise.https://youattest.com/contact/

Lots of products out there for MSPs to review and deploy - that’s why the market appreciates those that review the products for the consultants and managed service providers.This is exactly what Christophe Foulon and CPF Coaching did.They reviewed the products in the identity attestation and identity governance category  - specifically w/ an eye to how MSPs would utilize the offering.   The offering needed to be:Multi-tenantedEasily deployedIntuitiveAnd no-codeThe solution that met these criteria was YouAttest.    #AuditTuesday will talk to Christophe Foulon and ask him about his work and why he recommended YouAttest.   We will also have Bill Lauterbach to discuss how the MSP and consulting practice works and how they can make money with YouAttest.

Most enterprises are under compliance, be it in healthcare, finance, insurance, government, education or defense.And most of the enterprises have compliance projects that need to be started or re-started. And thus the quandary... how to get these projects under way!YouAttest is fortunate to have Karina Klever, GRC expert and the team at CloudPSO to help out on how to get your GRC project started.Topics will include:What are the key compliance projects?How to get started?Where enterprise go wrong w/ starting their GRC projects?What if/any tools should be used?To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

AWS is the predominant cloud service for most enterprises w/ over $90B a year and growing.Which warrant security products that are not only designed to work in the AWS marketplace, but could be sold on the AWS marketplace.That’s why YouAttest, the fastest time-to-value next-gen identity governance tool, with dedicated functionality to AWS - is now offered on the AWS marketplace.So let’s learn:What is the AWS marketplace?Why is it important?What are the challenges of securing identities on AWS?How does YouAttest meet these identity security and audit challenges?The panel will review these topics and show a live demo of how to get to YouAttest on the AWS marketplace and what it does to secure and audit identities in AWS. Special guests will include Chris Kesik, CTO of CloudArmee.

In fiscal year 2023, the federal government spent around $759 billion on contracts with outside companies and organizations. In 2024 there are over 200,000 government contractor firms that generate $1.1 trillion in annual revenue.But the U.S. government wants the supply chain secured - and to this end has asked these suppliers especially those in the defense industrial base (DIB) to know and follow the guidelines and frameworks that come from the National Institutes of Standards and Technologies (NIST).This webinar will address:What are key frameworks that the suppliers should know & follow?What are the ramifications of non-compliance?What are the key controls?What about my identities and how does it relate to these controls?YouAttest will discuss how identities matter to all of these frameworks and guidelines and how YouAttest/ShortArm can automate your identity compliance. Our guests, Jeff Chao and Rick Mischka are experts in assisting federal suppliers in compliance and security - and will help drive the conversation.  Special cybersecurity guest, Wes Jones will be speak on how his enterprise utilizes YouAttest to implement identity security and compliance.

The Managed Service Provider (MSP) space is experiencing significant growth, with the global market currently valued at around $299 billion and projected to expand at a compound annual growth rate (CAGR) of 13.6% through 2030, indicating a substantial increase in demand for MSP services across various industries.But with this growth - comes responsibility. MSPs are expected to be able to manage the risk in the enterprise - and the biggest risk to the enterprise is identity.   Identity the MSP holds for the enterprisePermissions and entitlements for the enterpriseAccess the MSP grants to resource for enterpriseAnd the truth is we know NO ONE, including the MSPs, are doing that well at this job.  According to Palo Alto’s hacking team,To help address this, we have lauded entrepreneurs and MSP expert, Eldon Sprickerhoff. Who was not only the founder of E-Sentire, but of a new category of service called MDR, Managed Detection and Response.To learn more about YouAttest and how we can help secure your identities, contact us at [email protected]

More than 20,000 professionals will go to Black Hat 2024 this year. The who’s who of cyber security, hacking and prevention.    Let’s get two professionals’ thoughts on this:Mel Reyes - everyone’s favorite cyber spokespersonShaun Walsh,  Chief Marketing Officer at Peak NanoNeed to automate your identity audits?  Contact us at YouAttest - we will show you how -  https://youattest.com/contact/