ISACA Podcast

Technology is transforming how organizations operate — and IT audit and assurance must evolve alongside it. In this episode, Paul Phillips sits down with Mary Carmichael, contributor to the newly updated IT Audit and Assurance Framework (ITAF 5), to discuss how audit professionals can adapt to today’s increasingly complex digital enterprise.   Together, they explore the major shifts shaping modern audit, including AI governance, digital ecosystems, automation, evolving risk landscapes, cloud environments, and the growing need for stronger data literacy within audit teams. Mary also shares practical guidance on how organizations can begin modernizing their audit approach without overhauling everything overnight.   Key discussion topics include: The evolution from traditional control testing to outcome-based assurance Why audit teams need stronger technology and data capabilities AI governance, automation, and digital risk considerations Building practical audit modernization strategies How ITAF 5 supports governance, credibility, and audit relevance in modern enterprises   Whether you're an auditor, governance professional, cybersecurity leader, or risk practitioner, this conversation provides valuable insight into the future of audit and assurance in a technology-driven world.   Related Resources & Stay Connected Download ITAF 5: https://www.isaca.org/resources/itaf-is-a-framework   Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library   ▶️Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq   🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT audit, governance, risk, and cybersecurity.   #ITAudit #ITAF5 #AuditAndAssurance #Cybersecurity #Governance #RiskManagement #AI #ISACA #DigitalTransformation #InternalAudit

In today’s evolving cybersecurity landscape, strong leadership is the foundation of an effective security posture. Yet many agencies struggle when a “compliance mentality” takes hold, where meeting minimum requirements overshadows proactive risk management. In this ISACA Podcast episode, Lisa Cook, ISACA's Principal Research Analyst, sits down with Patrick Bevill, Chief Information Security Officer (CISO) at the Federal Retirement Thrift Investment Board, to explore how agency leaders can establish a strong tone at the top and foster a culture that prioritizes security resilience over check-the-box compliance.​ Related Resources & Stay Connected Learn more about Williams Adley: Discover how Williams Adley helps organizations navigate audit, assurance, cybersecurity, risk, and advisory services with a focus on integrity and innovation. https://www.williamsadley.com/ Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library  Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq    Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Compliance does not have to be a stressful, last-minute scramble. In this episode, we explore how AI-driven control and automation transforms identity security from a costly headache into an audit-ready powerhouse. We break down the steps to simplify your regulatory processes, reduce operational costs, and enhance security by effectively managing human and non-human identities. You will learn why gaining centralized visibility is your crucial first step, how to instantly spot and remediate risky orphan accounts, and the secret to running seamless, automated access certifications. Join our identity security experts as they share practical strategies to strengthen your defenses without draining your IT resources. Expect actionable tips that will help you build a sustainable, AI-powered compliance process tailored to your organization. Related Resources & Stay Connected Learn more about SailPoint: Explore how SailPoint is helping organizations modernize identity security, strengthen governance, and simplify compliance in an AI-driven world. https://www.sailpoint.com/ Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Women in cybersecurity leaders share their stories and career advice in this SheLeadsTech fireside chat celebrating International Women’s Day. In celebration of International Women’s Day and Women’s History Month, ISACA’s SheLeadsTech initiative brings together three inspiring leaders in cybersecurity for a special fireside conversation. Join Debbie Lew and Jo Stewart-Rattray, both ISACA Hall of Fame inductees and recipients of the Eugene Frank Founders Award, as they sit down with Gail Coury, who will be inducted into the ISACA Hall of Fame in 2026. In this warm and engaging discussion, they reflect on their journeys into cybersecurity, the evolving role of women in technology, and the power of mentorship, leadership, and community in shaping the future of the profession. In this episode, they discuss: • Their personal paths into cybersecurity and IT • How opportunities for women in tech have evolved over time • Lessons learned from leadership and service within the ISACA community • Advice for the next generation of women entering the field The conversation wraps up with a fun rapid-fire round that offers a glimpse into the personalities behind these accomplished careers. Whether you're an experienced professional or just beginning your journey in technology, this fireside chat offers inspiration, insight, and encouragement from women helping shape the future of cybersecurity. 🔗 Learn more about ISACA’s SheLeadsTech initiative: https://www.isaca.org/membership/sheleadstech 🎧 Explore more ISACA Podcasts: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 📺 Subscribe to ISACA on YouTube: https://www.youtube.com/@IsacaHq #WomenInCybersecurity #SheLeadsTech #WomenInTech

On this episode of the ISACA Podcast, host Chris McGowan is joined by Amit Patel, Senior Vice President at Consulting Solutions, to explore one of the most underestimated threats in cybersecurity: the human element. From accidental errors to insider breaches, they discuss why employee behavior is at the heart of most security incidents—and what organizations can do about it.   Amit shares insights on how ongoing training, strong policies, and AI-powered tools like behavior analytics can help bridge the gap between tech and human responsibility. Whether you're a cybersecurity leader or simply navigating today’s digital landscape, this episode offers practical strategies to strengthen your organization’s human-centric security posture. 📚 Related Resources & Stay Connected 📖 Read the full article: Humans Are IT Security’s Weakest Link https://www.isaca.org/resources/news-and-trends/industry-news/2024/humans-are-it-securitys-weakest-link 🎙 Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library ▶️ Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq 🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

You’re listening to Secure Your Privates™ brought to you by ISACA Podcasts - where security meets privacy, risk meets reality, and governance finally makes sense. We’re here to cut through the noise and get real about what’s actually happening in cyber. The no-BS podcast on security and privacy. We talk about what’s broken, what’s working, and what nobody’s telling you in between.

In this ISACA Podcast episode, host Safia Kazi, Principal Research Analyst – Privacy, is joined by Dirk Schrader, VP of Security Research at Netwrix, to discuss how generative AI is revealing long-standing gaps in enterprise data security and governance. This episode builds on insights from a recent ISACA webinar that explored how generative AI is exposing weaknesses in enterprise data security and governance. The discussion examines why many organizations lack visibility into where sensitive data resides and who can access it, particularly across hybrid and cloud environments. The conversation also addresses emerging risks introduced by AI tools, including non-human access and overexposed data. Listeners will gain practical, governance-focused guidance on how DSPM helps organizations assess risk, support compliance, and prepare data responsibly for AI initiatives. Related Resources: Watch the ISACA Webinar from the ISACA Virtual Summit 2025: “Securing Data in the Age of AI with DSPM” https://www.isaca.org/training-and-events/online-training/virtual-summits/ai-governance-strategies Learn more from Netwrix: https://netwrix.com/en/resources/ Explore more ISACA Podcasts: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library ISACA on YouTube: https://www.youtube.com/@IsacaHq

Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event. 

In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation strategies with business objectives. The conversation also highlights the importance of translating cyberrisk exposure into monetary terms to facilitate high-level discussions and protect shareholder confidence. Listen & Subscribe Catch this episode—and more—on the ISACA Podcast Library: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library or on your favorite podcast platform.

Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide. In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He explains cybercriminals' tactics to exploit social engineering and system misconfigurations to gain unauthorized access, offering actionable insights on the most effective prevention and mitigation strategies. Additionally, Jeremy delivers practical advice that security teams can use to resist ransomware. He shares tips on safeguarding locally stored data, implementing robust backup solutions, enforcing strict access controls and system patching, and educating staff on common red flags associated with ransomware.  Listen & Subscribe to ISACA Podcast  Catch this episode—and more—on the ISACA Podcast Library or on your favorite podcast platform.  Connect & Learn More about Netwrix Netwrix Data Loss Prevention Solution: Learn more Follow Netwrix on LinkedIn: Netwrix Corporation: Posts | LinkedIn Additional Resources Provided by Netwrix: CISA’s Ransomware Guidance SANS Institute White Papers on Ransomware NIST SP 800-61 Rev. 2 – Incident Handling Guide Krebs on Security – Ransomware Articles

Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised? First Line includes internet, cloud, mobile, and social technologies, now mainstream, are platforms inherently oriented for sharing. Outsourcing, contracting, and remote workforces are shifting operational control. Second line includes information and technology risk management leaders who establish governance and oversight, monitor security operations, and take-action as needed, often under the direction of the chief information security officer (CISO) Third line of cyber defense—independent review of security measures and performance by the internal audit function. Internal audit should play an integral role in assessing and identifying opportunities to strengthen enterprise security. At the same time, internal audit has a duty to inform the audit committee and board of directors that the controls for which they are responsible are in place and functioning correctly, a growing concern across boardrooms as directors face potential legal and financial liabilities.  

The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Justin Rende, founder and CEO at Rhymetec, shares insight on the top concerns for cybersecurity professionals, the most in-demand skills, and the impact of AI on cybersecurity. 

Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper explores the evolution, current state, and future trajectory of authentication technologies. 

Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologies help rather than hurt humanity.   In this ISACA Podcast, join Safia Kazi and Collin Bedder as they explore the applications and risks associated with emerging healthcare technologies.

SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated w SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executing response actions for Linux or Microsoft environments. SAP teams must be integrated with other cybersecurity groups within an organization to empower them with a security approach that unifies the entire enterprise landscape. A chief information security officer (CISO) has many priorities, but when it comes to SAP environments, CISOs must fully understand how SAP applies to the IT enterprise and organizational environment to help them achieve all security goals. In addition, CISOs need to know their SAP team members personally so they can integrate them rather than contain them in silos. Finally, SAP must be secured to the same degree as other enterprise applications. When there is a Linux, Microsoft, or even a hybrid cloud incident, cybersecurity teams have a detailed plan of action upon which they are ready to act. SAP requires high-level consideration, or critical elements of the business will be vulnerable to malicious cyber actors—with no apparent response.

Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe.   In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity professionals and the overall goal of enterprise security, as well as how cybercriminals who want to exploit it can leverage it as well. He believes the world is entering a time when AI is fighting AI, and security professionals must focus on feeding ChatGPT technology more relevant data faster than the adversary. Folk also addresses how AI is affecting social engineering and his predictions for upcoming AI developments.

Welcome to Episode 4 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the world of cybersecurity standardization. In this episode, titled "Becoming a License Body," Ameet is joined by esteemed guests Bryan Lillie, Strategic Technical Lead at the UK Cyber Security Council, and Peter Leitch, Co-Founder and Managing Partner at ANSEC. Together, they explore the intricacies of licensed bodies in shaping the cyber profession. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Welcome to Episode 3 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the essential aspects of applying for and assessing candidates in the cybersecurity field. In this episode, titled "How to Apply," Ameet is joined by distinguished guests Ethan Duffell, representing the UK Cyber Security Council, and Allan Broadman, Director of CyberAdvisor London. Together, they shed light on the launch of specializations and the significance of professional standards in the cybersecurity sector. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Traditional security questionnaires just aren't cutting it anymore. Tune into this ISACA Podcast episode, Chris McGowan chats with VISO TRUST CEO and Co-founder, Paul Valente as they delve into the evolving landscape of Third-Party Risk Management (TPRM), exposing the limitations of current methods and exploring how emerging AI trends are shaping a more secure future and driving more effective third-party risk management programs. To learn more about VISO Trust please go to https://visotrust.com/

Are you curious about how to maximize the strategic value and impact of your bug bounty program? In this episode, you can learn how Adobe continuously develops and improves its bounty program to engage security researchers and hackers globally and improve its security posture from an adversary perspective. In this ISACA Podcast, Chris McGown, ISACA's Information Security Professional Practices Principal, chats with Alex Stan, Product Security Engineer and member of the Product Security Incident Response Team (PSIRT), discusses the value of bug bounty programs and shares how you can develop a metrics-driven approach to enhance the internal security testing and detection capabilities of your organization. Explore Further: Delve deeper into the subject with additional resources https://blog.developer.adobe.com/adobe-announces-researcher-hall-of-fame-initiative-for-security-researchers-5e677286dbd6 https://blog.developer.adobe.com/researcher-q-a-aem-solution-architect-by-day-adobe-bug-bounty-hunter-by-night-aed39a4750e4 https://blog.developer.adobe.com/attention-security-researchers-level-up-your-skills-and-join-our-private-bug-bounty-program-2da9d5979d8b https://blog.developer.adobe.com/adobe-recap-2023-ambassador-world-cup-final-four-df701e1a1b12

Welcome to Episode 2 of "The Cyber Standard Podcast"! Join host Ameet Jugnauth, Vice President of the London Chapter of ISACA, as he delves into the intricacies of cybersecurity standardization. In this episode, titled "Audit and Assurance," Ameet is joined by esteemed guests Leanne Sperry, Project Manager for Standards Development at the UK Cyber Security Council, and Mike Hughes, the ISACA Immediate Past President for ISACA Central UK. Together, they explore key challenges, lessons learned, and insights from related workshops in the realm of Audit and Assurance. Don't miss this insightful conversation! Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme

Tune in to the inaugural episode of "The Cyber Standard Podcast," “The Vision!” Join host Ameet Jugnauth as he interviews Robin Lyons, ISACA Principal, IT Audit Professional Practices, and Annmarie Dann, Director of Professional Standards at the UK Cyber Security Council, in a compelling discussion about the standardization of specialisms in cybersecurity. Explore the Council's and ISACA's visions for the future, the significance of the Audit & Assurance specialism, and the collaborative efforts between the two organizations. Don't miss this insightful conversation that sets the stage for the podcast's journey into the world of cybersecurity standardization. Explore Further: Delve deeper into the subject with additional resources provided in the episode description. https://www.isaca.org/about-us/newsroom/press-releases/2023/uk-cyber-security-council-partners-with-isaca-for-audit-and-assurance-pilot-scheme 

Getting dressed is a routine example of everyday life packed with choices. Should I wear pants or shorts? Do I need a sweater? Shoes or sandals? While we often make these choices subconsciously, even actions that don’t appear as choices include several microscopic risk-based calculations. These judgments are executed based on some estimate of risk, and as known in the cybersecurity industry, what is believed to be safe today may no longer be safe tomorrow (or possibly even within the hour). Given this unique challenge, how do you establish a process that allows you to identify, analyze, prioritize, and treat security risks that are constantly evolving and where the threat is persistently adapting? In this podcast, ISACA's Lisa Cook discusses with Adobe's Matt Carroll, Senior Manager of Technology Governance, Risk, and Compliance the risk methodology and practices his team has developed at Adobe that have helped the company rapidly measure security risk in a constantly changing landscape.

ISACA recently marked the 25th anniversary of Steve Ross’ ISACA Journal Information Security Matters column. Over the last quarter century, technology, security, and the workforce have evolved, while certain challenges remain the same. In this ISACA Podcast episode, Safia Kazi speaks to Steve about how he started writing for the Journal, societal shifts in security perceptions, and how writing skills are invaluable for anyone in the security industry.

Organizations can no longer rely on legacy vulnerability management solutions to protect against even basic attacks. Instead, vulnerability management is just one small component in a unified continuous threat exposure management (CTEM) approach to securing an enterprise from malicious intruders and ransomware. In addition to vulnerability management, security around misconfigurations, patching, identity, software, external attack surfaces, and more must be included. In this ISACA Podcast, Nanitor Chief Strategist Derek Melber explains that an organization can prevent breaches and ransomware by taking an asset-centric prioritized-security approach that includes all of these security areas. For more ISACA Podcasts, visit www.isaca.org/podcasts To learn more about Nanitor, please visit https://nanitor.com/ To view the Nanitor article, please click https://nanitor.com/resources/blog/cybersecurity/exploring-continuous-threat-exposure-management-ctem/

In this ISACA Podcast episode, we’ll delve into how leveraging Agile concepts can mitigate common challenges neurodiverse auditors face in the workplace. Neurodivergent auditors can bring a fresh and dynamic energy to projects if given appropriate accommodation. Join us as ISACA's Robin Lyons chats with Program External Audit IT Program Manager Amanda Tucker as they explore small changes that can significantly impact not only neurodiverse individuals on your team but the entire team itself. 

With the increasing demand for audits and risk assessments, artifact requests will not be going away anytime soon. However, the burden these activities bring to the organization can be drastically reduced when audit and risk work together. In this ISACA Podcast episode, Paul Phillips, Director of Event Content Development at ISACA, hosts Staff Governance, Risk, and Compliance Analyst Benjamin Bartz. Ben takes a deeper dive and elaborates on some of the must-haves for this partnership to live to its full potential.

Effective IT issue management is crucial for organizations to mitigate financial loss, reputational damage, and operational disruptions. Issue management tools streamline the process by tracking and resolving issues, while risk rating helps prioritize responses based on their impact and likelihood. In this ISACA Podcast episode, ISACA's GRC Professional Practices Principal, Lisa Cook chats with IT Risk Manager, Eric Peck about why acknowledging and addressing high-risk issues with a structured approach empowers organizations to protect themselves and ensure compliance in today's complex regulatory landscape.

Software-as-a-Service (SaaS) providers continue to face increasing customer demand to attain security compliance certifications that demonstrate commitment to security, privacy, confidentiality, and more. Pursuing every national and international certification individually results in a repetitive cycle of ongoing walkthroughs, interviews, testing, and evidence requests (i.e., audits). A central CCF can be considered a one-stop shop response to the complex alphabet soup of compliance standards on the market today. In this ISACA Podcast episode, ISACA's Lisa Cook listens in as James Huang, Global Cloud Compliance Senior Manager, explains why having a central CCF can help various product engineering teams meet their security compliance needs and understand the level of effort required for each compliance certification.

Understanding product security risk starts before a single code line is written. Teams can discover threats to the architecture of a system early in the development life cycle with Threat Modeling. While it’s not a new concept, how do we transform traditional ways of Threat Modeling to meet the complexities of modern software development at scale? In this ISACA Podcast episode, Chris McGowan chats with Lauren Strope, Manager of Application Security at Adobe. Lauren offers her expertise on strategies for scaling your program and provides unique perspectives on the future of Threat Modeling. Learn more about Adobe at www.adobe.com For more ISACA Podcasts, please visit https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

Security risks introduced by vendors have become a top-of-mind concern for executives today, driven by recent supply chain incidents that have exposed organizations to operational and reputational risks. A robust vendor security program is now a must, as it helps ensure compliance and proactively identifies and mitigates these risks throughout the vendor lifecycle. However, many vendor security teams today face an ever-growing backlog of security reviews, creating increased urgency and pressure for teams to maintain quality assessments. These reviews are often perceived as time-consuming in the procurement process, calling for a balance between meeting business demands and conducting thorough assessments to identify and isolate potential risks. In this ISACA Podcast, Adobe's Manager of Vendor Security Nidhi Bandi shares about recent enhancements Adobe has made to calculate risk in the vendor space better and provides guidance on how you can stand up a strong vendor security program that balances procurement needs at your organization. Learn more about Adobe at https://www.adobe.com/ Listen to more ISACA Podcasts at https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

If we want people to bring their most creative, innovative selves to work, we need to cultivate a culture where inspiration is given, encouraged, and fostered.   In this ISACA Podcast, Kristi Hedges, executive coach, and leadership development consultant, speaker, and author, gives a sneak peek of her upcoming member-exclusive 'Cultivating Inspired Leaders, a CPE-eligible event. At the event, Kristi Hedges will provide a roadmap for building an inspired mindset for leaders, teams, and individuals.   Register for this ISACA event at https://www.isaca.org/membership/member-exclusive-speaker-series

Neurodiversity within cybersecurity offers many benefits but requires organizations and hiring managers to re-evaluate hiring practices and job descriptions typically structured for neurotypical applicants. Join ISACA's Director of Professional Practices and Innovation as he hosts a conversation with a company helping to remove barriers and maximize the value neurodiverse talent brings to cybersecurity.   For more ISACA Podcast, go to https://www.isaca.org/resources/news-and-trends/isaca-podcast-library 

Agile Scrum is a lightweight framework that promises to significantly improve internal audits by creating a mindset that generates stakeholder value through adaptive solutions for complex auditing problems. This mindset is needed as organizations face unprecedented changes and pressures in today's business landscape. Internal audits must keep leaders informed and aware of potential risks. Such a mindset addresses some of the often-experienced auditing challenges such as a lack of senior management support, insufficient audit preparation time, difficult auditees and lack of time needed to write audit results. Featuring special guest Thomas Bell and hosted by ISACA's Robin Lyons.

Chronic workplace stress can lead to burnout, which poses a significant risk to the mental health of busy professionals, such as auditors. But how can these professionals protect themselves from burnout? And how can their employers help them do so? If you are interested in learning the answers to these questions, then watch as ISACA’s Robin Lyons and Dr. Elena Klevsky, Assistant Professor of Accounting at the University of Tampa, discuss strategies for avoiding burnout. Inspired by the Sustainable Model of Human Energy proposed by Ryan Quinn, Gretchen Spreitzer and Chak Fu Lam, these strategies focus on managing your personal energy by increasing resources, decreasing job demands, practicing skills and tasks, and monitoring energy. Properly implementing these strategies has the potential to help busy professionals ensure that they have sufficient resources to meet their job demands, and, therefore, increase the likelihood that they feel energized instead of exhausted.

While users of technology are becoming more educated in how to avoid cyberattacks such as phishing, a distracted user might be more prone to missing signs of social engineering. This project explored whether users immersed in augmented reality applications were more inclined to fall for an on-screen text message that prompted familiarity (such as a friend calling in) or urgency (such as a warning to update software or be subject to an automatic device re-boot within a certain timeframe). Featuring special guest Sarah Katz and hosted by ISACA's Collin Beder.

A comprehensive information security awareness program must be in place to ensure that employees are aware of and educated about the threats they may encounter at the workplace. The workforce needs to be prepared to know how to respond to these threats. It all starts with a risk assessment to identity the most critical of risks that need to be mitigated through preparedness. Making security a part of the organization’s culture reduces these risks to an acceptable level. Featuring special guest Chris Madeksho and hosted by ISACA's Lisa Cook.

This podcast speaks about how an Information Systems (IS) Auditor can prepare for the Interruptions, Disruptions and the Emergence events that happen to the business and to technology. Describing the features of Interruptions, Disruptions and Emergence events and distinguishing the differences between them, special guest Anantha Sayana outlines how the IS Auditor can prepare, react, and contribute to all the three. Hosted by ISACA's Hollee Mangrum-Willis.

On this podcast, ISACA's Hollee Mangrum-Willis and special guest Cindy Baxter discuss the disparities between American communities and access to electronic health records. From there, they examine how key data insights from the ISACA community can help us all be healthier.

ISACA Digital Trust Advisory Council Members Anne Toth and Michelle Finneran Dennedy will discuss privacy concerns and priorities around emerging tech and the most critical considerations for ensuring strong digital trust. Hosted by ISACA's Safia Kazi. 

Scott Gould is the author of 'The Shape of Engagement: The Simple Process Behind how Engagement Works.' In this podcast, Scott gives a sneak peak at his upcoming member-exclusive, CPE-eligible event. Scott will discuss the essential frameworks for understanding and operationalizing engagement and building enduring connections with your networks and communities.

In security, aligning with product teams has never been more important, especially when outmaneuvering adversaries. To foster a truly productive and action-oriented cybersecurity culture, security teams must begin addressing their product engineering counterparts as customers they serve rather than entities they govern. In this podcast, ISACA’s Chris McGowan listens in as Adobe’s Manager of Adversary Intelligence Gurpartap “GP” Sandhu provides unique insight into how he’s bringing intrapreneurship to life in product security through a key project that delivers actionable data that product teams can use to enhance their security posture more rapidly. They’ll also discuss how his team is harnessing strong adversary focus using the power of data and share advice on how you can stay ahead of adversaries by better predicting their next move in the ever-changing threat landscape. Tune into this ISACA Podcast to learn more! Check out more from Adobe, https://www.adobe.com/trust.html For more ISACA podcasts, www.isaca.org/podcasts  

We, as a society, have always lived by certain norms that are driven by our communities. These norms are enforced by rules and regulations, societal influence and public interactions. But is the same true for artificial intelligence (AI)? In this podcast we discuss and explore the answers to some of the key questions related to the rapid adoption of AI, such as: What are the risks associated with AI and the impact of its increasing adaption within almost every industry? And, what role should we as IT Auditors should play in this fast changing technological landscape? Hosted by ISACA's Hollee Mangrum-Willis and featuring special guest Jai Sisodia.

Organizations today struggle with vulnerability management. More specifically, remediating vulnerabilities in a timely manner poses a challenge. With vulnerability remediation backlogs growing at an alarming rate, what can organizations do to meet their established remediation timelines and to protect the organization from cybersecurity threats. Cybersecurity leader Ray Payano will discuss the exponential increase in published vulnerabilities, the lack of resources in cybersecurity to perform remediation and balancing remediation with reduced maintenance windows. These challenges contribute to organizations struggling with remediation backlogs. Ray will explain how calculating vulnerability risk can help organizations prioritize their vulnerabilities based on risk level to help determine the order in which vulnerabilities are addressed. Hosted by ISACA's Chris McGowan.

Guests Jack Freund and Natalie Jorion discuss the need for additional data for quantitative risk analyses and methods to derive that data when it does not exist. They cover how this was done in the past and their updated method for interpolation of such data from record losses and other firmographic data. They end with a discussion of the role of model validation and how it can enable reliable risk management decision making. Hosted by ISACA's Safia Kazi.

Are you wondering about the ever-changing landscape of IT compliance and risk management? Look no further. Hyperproof, a leading SaaS compliance operations provider, conducts an annual survey of over 1,000 IT risk, compliance, and security professionals to uncover their top challenges. Tune in to this exclusive episode to hear about the top five most important statistics uncovered from the survey and get an overview of how your industry peers are managing IT risk and compliance programs within their organizations. We’ll cover: ● The top five findings from the survey ● How your peers are planning to handle compliance, audit management, and risk management in the midst of this year’s volatile economy ● What companies are doing differently in response to recent and highly publicized security breaches to avoid security lapses and compliance violations   Download Hyperproof’s 2023 IT Compliance and Risk Benchmark Report https://hyperproof.io/it-compliance-benchmarks/

The world of business has changed dramatically over the past few years. Our digital world is more connected than ever, leaving security and technology teams stretched even thinner. Privacy and data regulations are increasing on a state and national level, threat actors are learning and evolving, and cybersecurity has finally become a boardroom priority! Now that you have leadership’s attention- what will you do? If your answer is “risk management as usual”, that may be holding you back. Traditional risk management approaches make a lot of promises, but most of them are myths. Do any of these sound familiar? ● You can make better-informed decisions by using a single platform. ● You can use automation to achieve continuous compliance. ● You can implement risk management by creating a risk register. ● You can use qualitative attributes to measure and assess risk. In this episode, we’ll assess risk management myths and discuss how to establish scalable, quantifiable, and always-on risk management for the future.   Hosted by Lisa Cook and featuring special guest Megan Maneval.

Cyber threats are now a “clear and present danger” to most organizations, companies and governments of the world. A good cyber defense involves many, intricate layers. You can never have enough layers, just like you can never remove all the risk. In order for organizations to reduce as much risk as possible, in a rapidly shifting threat landscape, they must constantly make improvements. The threat groups are making rapid improvements and increasing their expertise at a steady rate. They are investing  in R&D and Zero-Day exploits. To offer a good defense, we must make progress at the same rate as the threat groups or we may fall behind, increasing risks and allowing the cyber world to become like the “wild-wild west.”

Conducting adequate preparation including risk assessments, assessing resource requirements and ensuring ongoing communication to harness both the benefits and to address the potential challenges faced when conducting hybrid or fully virtual audits.

This podcast is a practical discussion with two IT Internal Auditors, Frans Geldenhuys and Gustav Silvo, that have automated IT General Controls across their highly diversified and decentralized group. They will share some of the pitfalls they have experienced in their automation roll out and advise on how to avoid or manage these pitfalls with host, Robin Lyons. Check out Frans and Gustav’s full ISACA Industry News article, “Seven Things to Know Before Automating IT General Control Audits,” http://www.isaca.org/automating-it-general-control-audits For more ISACA Podcasts, https://www.isaca.org/podcasts