Risk Grustlers

This episode gets into the reality behind one of the most visible roles in cybersecurity.Larry Whiteside Jr. shares how the CISO role has evolved into something far broader and harder than many people outside the job realize. What began as a deeply technical function now often comes with executive expectations, growing operational ownership, constant outside pressure, and very little formal preparation for the business side of the role.The conversation also explores how security leaders are expected to make sound decisions in a market flooded with vendors, why smaller and mid-sized companies can no longer treat security as someone else’s problem, and how peer communities have become a practical source of advice, perspective, and relief for people carrying this kind of responsibility.FeaturingLarry Whiteside Jr., Co-Founder & President, Confide Group Nicholas Muy, CISO, Scrut AutomationAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

AI is not just another tool rollout. It is forcing companies to revisit assumptions they have lived with for years.In this Risk Grustlers episode, Sandip Wadje joins Nicholas Muy to discuss what happens when leadership wants the upside of AI immediately, while security, risk, IT, legal, and business teams are left dealing with everything underneath it.The conversation explores what tools like Microsoft Copilot can expose inside organizations, from oversharing in SharePoint to the gap between role-based access on paper and the permissions people actually end up with in practice.Sandip also lays out a more grounded approach for smaller teams: be honest about what is truly confidential, avoid writing controls you cannot consistently follow, give employees a safer way to work with AI, and start preparing for scrutiny around how AI is being used across the business.FeaturingSandip Wadje, Managing Director, BNP Paribas Nicholas Muy, CISO, ScrutAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

In this episode of Risk Grustlers, Wendy Nather joins Nicholas Muy to challenge how we think about compliance, affordability, and security maturity.Wendy introduces the idea of the “security poverty line,” the invisible boundary keeping small organizations from achieving the same security outcomes as large enterprises. She breaks down why frameworks like PCI DSS work only when risks are narrowly defined, and how unclear scoping, hidden vendor pricing, and talent scarcity widen the gap.Tune in as Wendy and Nick dismantle the “back to basics” advice, and explain why fundamentals like asset inventory, change control, and threat prioritization are anything but simple in a cloud-first world. Wendy also shares her practical prioritization pyramid, i.e., where to start when you can’t do everything, and it starts with a step most teams skip.FeaturingWendy Nather, Senior Research Initiatives Director, 1Password Nicholas Muy, CISO, Scrut About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

In this episode of Risk Grustlers, Aayush Ghosh Choudhury, CEO and Co-Founder of Scrut, sits down with Sounil Yu, Chief AI Officer at Knostic and author of the ‘Cyber Defense Matrix,’ to talk about what it really means to run agentic AI safely, starting from “basic” security hygiene and identity hardening, all the way to drawing hard boundaries around what agents can decide, see, and share.FeaturingSounil Yu, Chief AI Officer, Knostic Aayush Ghosh Choudhury, Co-Founder and CEO, Scrut About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

In this episode of Risk Grustlers, Nicholas Muy, CISO at Scrut Automation, sits down with Siyavash G. Nia, CISO at ShyftLabs, to talk about what actually works for smaller teams that care about security but do not have an army of specialists: making vulnerabilities real for developers, using QA as a bridge instead of a shield, using GRC tools for shared visibility, and ignoring the AI noise until the fundamentals of secure code, infra, and data are in place.FeaturingSiyavash G. Nia, CISO, ShyftLabs Nicholas Muy, CISO, Scrut About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

In this Black Hat special episode of Risk Grustlers, Edward Wu, Founder and CEO of Dropzone AI, joins our CEO and co-founder, Aayush Ghosh Choudhury, to discuss the future of security operations.From automating tier-one SOC tasks to cutting response times from hours to minutes, Edward shares how AI agents are force-multiplying security teams and reshaping the economics of cybersecurity.The discussion dives deep into trust, dependability, and the real limits of AI in high-stakes environments — a must-watch for CISOs, security engineers, and AI enthusiasts alike.About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Featuring Nicholas Muy, CISO, Scrut AutomationIn this episode, our CEO Aayush Ghosh Choudhury sits down with our CISO Nicholas Muy for a candid conversation on some of the most debated trends in GRC today.With nearly two decades in security—including roles at the Department of Homeland Security, Expedia, and high-growth startups—Nicholas knows what it takes to build programs that go beyond the basics.From AI agents to audit-ready automation, this episode is a playbook for where GRC is headed. A special episode packed with actionable ideas to take back to your team.DescriptionNick doesn't sugarcoat it: compliance is changing—and the shift is bigger than commoditization. It’s convergence.In this episode, he explores how security and compliance are merging into unified, intelligent workflows—with AI agents playing a key role. Drawing on his vast experience in cybersecurity, he breaks down what agentic GRC actually looks like and how early-stage companies can embrace frameworks without being boxed in by them.Whether you're rethinking audits, scaling trust, or experimenting with AI teammates, this episode offers a glimpse into what’s next for GRC.Highlights from the episodeIs compliance becoming a commodity—or something more valuable?How security and compliance are converging faster than you thinkThe rise of agentic AI and what it means for GRC teamsBuilding adaptable, audit-ready programs that don’t drain your teamQuotes“Personally, I see it less as commoditization and more as democratization.”“Compliance gave us the time and structure to gradually build and refine our security posture.”“Cost and effort alone aren’t reliable indicators of audit quality—especially for small to midsize companies.”“Agentic teammates help us scale by reviewing vendors upfront, surfacing risk, and retaining context between assessments.”About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

About the speaker: Srikanth Chavali, Co-Founder and CPO at Kitecyber, dives deep into the growing threat of insider risks and shares approaches to help businesses can stay ahead of the curve. With years of experience tackling complex cybersecurity challenges, Srikanth offers valuable insights and practical advice for organizations of all sizes. Tune in for an insightful conversation packed with actionable strategies you won’t want to miss!Description:In this episode, Srikanth Chavali unpacks the complex terrain of insider threats, highlighting why these risks are growing and how organizations can proactively protect themselves. He emphasizes that even small and mid-sized companies, often without dedicated security teams, can mitigate these threats by setting clear accountabilities and adopting the right technologies.Srikanth discusses how a virtual CISO (vCISO) can help companies build a strong security posture, even with limited resources, and stresses the importance of a dedicated leader driving security efforts. He also delves into the evolving role of AI and automation in cybersecurity, showing how these technologies are transforming threat detection and data classification. With a focus on actionable insights, Srikanth explains how companies can leverage AI to improve security measures while reducing false positives and increasing efficiency.Highlights from the episode:Managing insider threats without a dedicated security teamThe importance of accountability in cybersecurityLeveraging AI for improved data classification and threat detectionPractical steps small and mid-sized companies can take to improve securityQuotes:“Cybersecurity is not just a technical challenge; it's a responsibility that needs to be owned across the organization.”“Insider threats are not always easy to detect, but with the right tools and mindset, organizations can proactively manage risks.”“AI and automation are changing the game for threat detection, offering more precision with fewer false positives.”“You don’t need to start from scratch—leveraging existing models and tools can be a great way for smaller companies to begin their cybersecurity journey.”About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

About the speaker: Drew Danner, Managing Director at BD Emerson, offers a new take on the old security vs. compliance debate—you cannot have one without the other. With ten years in the US Army and a no-nonsense approach to cybersecurity, he’s been in the trenches (literally and figuratively) and is a go-to professional for all things security. So grab a coffee and a notepad, because this conversation is packed with insights you won’t want to miss. Tune in now!Description:In this episode, Drew uncomplicates GRC and stresses the importance of “keeping it stupid and simple.” Drawing from his experiences in both the army and cybersecurity, he shares easy and practical tips for building a sustainable security program.Drew emphasizes the importance of doing the “little things” in GRC. He highlights how small, consistent actions—like reviewing contracts and integrating compliance into daily operations—can drive meaningful change and prevent last-minute crises.Tune in to hear his insights on bridging the gap between compliance and security, navigating intimidating frameworks, and how early attention to security can help companies win customer trust and build stronger businesses.Highlights from the episode:Pro tips for companies that are getting started with complianceOvercoming intimidation with new frameworks like ISO 27001The simplicity of building effective security controlsThe evolving nature of security audits in the age of AIQuotes:“Security is the operation of achieving compliance.”“Consistency, that’s what it’s all about. Doing the little things right, every single time.”“The easiest security controls can have the biggest impact if you just do them right.”“You don’t need a certificate to do the right thing. Start with the basics.”About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

IntroductionKevin Qiu, a seasoned Information Security Professional, joins us on the latest episode of Risk Grustlers to share his journey from Big Four consulting to tech startups, offering invaluable insights on building effective security programs on a limited budget.Don't miss Kevin's practical tips for adapting security infrastructure, managing compliance, and tackling challenges unique to small and medium-sized businesses. Tune in for a masterclass on must do’s when building a security strategy!DescriptionIn this episode, Kevin offers a unique perspective on the differences in security infrastructure between large enterprises and startups, highlighting the need for adaptability in smaller companies.Kevin delves into the key areas mid-sized companies should focus on when building an effective security program, emphasizing practical steps and strategic planning. He also addresses the common perception that compliance is merely box-ticking, discussing its true value and importance in maintaining robust security.Tune in to uncover practical tips for building a robust security program in small to medium-sized companies. Highlights from the episodeKevin’s career transitionChallenges in startups vs. large enterprisesBuilding a security program in mid-sized companiesCompliance vs. real securityQuotes“Don’t just buy any tool off the shelf because you need one specific feature. That is how your budget becomes bloated. If you can develop it in-house, if it makes sense to do so, then do that before you go and spend money on it.”“One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits.”“Startups often rely heavily on third-party tools. Knowing your vendors is crucial. If a vendor is breached and you didn't even know your team used them, you're in big trouble.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies worldwide establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

About the Speaker With a dynamic personality and over 25 years of IT management and security expertise, Todd Dekkinga steps into the spotlight as the new host of Risk Grustlers. As the CISO at Scrut Automation and Zluri and advisor to startups like Box and Zoom, Todd is the perfect guide to help you navigate the complexities of risk and compliance.Todd and our CEO and Co-Founder, Aayush Ghosh Choudhury, share an undeniable passion for security and startups, which shines through in this lively episode. They share actionable advice and deep insights, including trade secrets you wouldn’t hear elsewhere. You don’t wanna miss this!IntroductionIn this episode, we explore Todd’s unorthodox path to compliance, GRC, and risk management – a testament to the diverse paths that can lead to a career in risk management. He highlights the pivotal moments that shaped his expertise, including the dot-com crash of 2001 and his work in highly controlled environments like biotech.Todd discusses the common mistakes startups make during the SOC 2 compliance process and offers practical advice on maintaining compliance post-certification. He also elaborates on the role of automation in GRC, particularly in optimizing compliance efforts for companies of different sizes.Todd's insights will provide valuable perspectives on navigating the complexities of compliance and risk management. Tune in to uncover the true upshot of continuous and non-continuous compliance.Highlights:Todd’s journey into compliance and risk managementNavigating compliance in startups vs. large companiesThe role of automation in GRCPractical tips for continuous compliance Quotes"The dot-com crash of 2001 was a turning point for me, leading me to focus on IT efforts in regulated industries like biotech. Working in highly controlled environments laid the foundation for my understanding of compliance and risk.""One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits.""Automation plays a crucial role in simplifying compliance tasks, particularly for smaller companies with limited resources. Automated tools like Scrut streamline processes, reduce manual effort, and ensure consistency in meeting regulatory requirements."About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at About Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

About Aaron WorthmanIn this episode of Risk Grustlers, Aaron Worthman, a seasoned leader in the cybersecurity realm, joins us. With over 25 years of experience and currently serving as a Board Member, as well as holding positions as (acting) CIO & CSO at Spire One, Aaron's career trajectory embodies adaptability and forward-thinking. Aaron’s journey from hands-on operational roles to strategic leadership positions offers invaluable insights into navigating the complexities of risk management in today's digital landscape.DescriptionThe winding path of growth in risk management involves navigating uncertainties and establishing a baseline for security.Prepare with us as we delve deep into finding the right balance between allocating resources for immediate needs and investing in long-term resilience for your security program with Aaron Wurthman. Through this episode, we’ll also uncover how underspending on security can be a major concern leading to significant cybersecurity catastrophes. Along with this, we decipher how to begin the security journey within a company with a top-five checklist of key considerations.Tune in now and seize this opportunity to elevate your understanding of risk management in today's digital age.HighlightDive into the nuanced discussion surrounding security spending and the philosophy that IT and security functions should operate as businesses within a business. Gain valuable insights into the process of setting a spending baseline for security programs, emphasizing the importance of collaboration and transparency.Uncover the critical balance between allocating resources for immediate security needs and investing in long-term resilience. Delve into the repercussions of underspending on security and the potentially catastrophic consequences, such as ransomware attacks and breaches.Quotes from the episode"Budgeting with all aspects of security in mind is truly a key requirement.""By prioritizing collaboration, transparency, and long-term resilience, organizations can effectively safeguard their assets while driving sustainable growth.""Having precise numbers is always great, but you need to first have established that rapport with the stakeholders in order for that number to be believed."About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Stepping into the spotlight in the tenth episode of our Risk Grustlers podcast is Shashank Karincheti, the Senior Manager of Compliance Engineering at Razorpay and the mastermind behind Razorpay’s cutting-edge IT GRC. His unquenchable thirst for knowledge shines through his impressive collection of certifications, showcasing his unwavering commitment to staying on top of the ever-evolving world of cybersecurity. With boundless curiosity and unwavering passion for infosec, Shashank is the ideal guide for anyone looking to explore this fascinating field.About Shashank KarinchetiIn this captivating episode, Shashank Karincheti unravels the secrets to streamlining compliance processes, optimizing efficiency, and achieving unparalleled accuracy in audits. He offers an exclusive look into the decision-making process between in-house development and partnering with third-party vendors for automation. He also draws attention to the significant role of culture and strategy, showing how aligning business goals, industry regulations, and company values can lead to triumphant automation strategies.Whether your organization is just starting or already mature, Shashank will share invaluable perspectives on audit automation that will undoubtedly broaden your infosec knowledge. Join him as he delves into the strategic considerations behind prioritizing audit processes, establishing metrics and KPIs, and measuring the true effectiveness of automation programs. His insights will leave you empowered and inspired to optimize your organization’s compliance efforts. Tune in to gain invaluable knowledge from a true industry expert!Highlights from the episodeUnveiling the benefits of audit automation for organizations Discussing how to measure the effectiveness of automation programsEmphasizing the importance of building a culture of complianceQuotes“Audits used to be seen as a mere checklist exercise, completing tasks and calling it a day. But today, they're all about compliance by design. Take certifications like SOC 2, where specific criteria must be met, showing the presence of controls for added reassurance. In our world, audit automation means crafting a platform with built-in compliance and framework requirements, ensuring a broader focus on security and control.”“Focus on building a culture of compliance and make it a part of your organization’s DNA. Understand the relevant frameworks and prioritize your actions accordingly. Once you have this foundation in place, you can evaluate automation tools and decide which processes to automate and which ones require manual handling.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-gradeAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Joining us on the ninth episode of our podcast Risk Grustlers is none other than sec-savvy Akshay Ahuja, the Principal of Information Security at M2P Fintech. He’s not just your average security guru; he's the kind of cybersecurity wizard who makes firewalls feel inadequate!Akshay started his journey as an electronics and communication engineer, but he threw caution to the wind and embarked on a quest to chase his cybersecurity dreams. Fast  forward over a decade, and he's become a bona fide legend in the cybersecurity realm.About Akshay AhujaAkshay Ahuja vividly recounts his unique career journey in this exciting episode. From graduating as an electronics and communications engineer to becoming the Principal of Information Security at M2P Fintech, Akshay discusses how he followed his passion to get to where he is today. He dives deep into the need for staying up to date with regulatory changes and leveraging technology, particularly automation and common control frameworks, to enhance compliance efforts.A strong advocate for automation, he believes AI-driven technology like OpenAI and ChatGPT, will become increasingly essential in the compliance market and recommends embracing automation to keep pace with the evolving cybersecurity landscape.So, whether you’re a seasoned professional looking to up your game or you’re just embarking on your infosec journey, you will not want to miss this one! Tune in to gain important insights into the world of cybersecurity.Highlights from the episodeUncovering common myths around standards applicable to fintech companiesBest practices every company needs to follow for effective cybersecurityDiscussing how a current day in the life of an infosec leader/expert looks likeProviding career guidance for aspiring cybersecurity professionalsQuotes“When it comes to automation, it’s all about showcasing what it can do for you. It’s about creating evidence automatically and reducing manual effort. And let me tell you, this new age of AI, with powerhouses like OpenAI and ChatGPT, is already disrupting the market. So I would say that it will soon disrupt the market of compliance. It is the future, and there is no way around it.”“Regulations and compliance requirements in the realm of Infosec share a significant overlap. Many regulators emphasize similar aspects such as information security, major industry practices, and more. Around 65 to 75% of these requirements align across various frameworks. The goal now is to devise an objective approach for companies to develop their own common control framework.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an eaAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Risk management isn't all crunchy and rigid - GRC teams and individuals deal with several professional difficulties, fears, and uncertainties that impact their risk decisions. But what is being done about it? Oftentimes, GRC professionals on the crunchy side have to carry out softer tasks that require things like behavior changes across teams, which in turn require steps to be taken. What does the bridge between this gap look like? Join us as we learn about what the soft and squishy side of GRC entails with Jason and also understand the impact his organization - kinkou.org has been having on bringing this soft side to a new light.In this episode, Jason offers practical insights highlighting the importance of skills like communication and relationship-building in strengthening risk management. Tune in now!About JasonJoining us on the eighth episode of Risk Grustlers is Jason Leuenberger, a Leadership and Team Coach whose journey in GRC speaks for itself. Jason has been immersed in the crunchy approach towards GRC for the past 20 years, deep into technical domains, and now he’s sharing why the softer side of GRC may be the hidden gold mine no one’s paying attention to.With over twenty years of experience in the industry, Jason is the perfect guide to help you master the often-overlooked softer side of GRC.You can reach out to Jason directly at [email protected] to learn more about his services. Highlights from the episodeDemystifying what the soft and squishy side of GRC entailsUnderstanding the difference between buy-in and weigh-in for expandingBridging the gap between crunchy GRC side and softer GRC sideQuotes “The human side of risk is what I like to call the softer side. We often assume that people are either naturally born with talents like communication and relationship-building or they’re not. But the truth is, these are skills that we can learn, understand, and actually develop over time.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Renae Martin, whose love for information security developed in a rather unorthodox way, is joining us for our seventh episode of Risk Grustlers! Her journey as a journalist turned senior technical program manager is one full of interesting pathways, anecdotes, and challenges. Tune in as Renae shares the inside stories from her years of experience tackling several security projects! About RenaeDrawn by the excitement of the early 2000s tech landscape, Renae chose to transition from an entirely different field - journalism to the cybersecurity industry. In this episode, we are uncovering her experience of starting in this industry as a very beginner to what she feels now as an experienced professional.GRC often faces perceptions of being unexciting and undervalued compared to development teams - and Renae is no stranger to this conception. However, as a project manager who’s lead several security projects - she has seen the role evolve and is sharing how the real value lies in understanding optimal solutions and collaborating closely with teams to innovate.That’s not it though, we are going deep and hitting Renae with just the right questions - who wins in GRC - a pushover or a hard ass? What are the implications of assertiveness and empathy in long-term GRC success? If you’re interested in learning her thoughts on these topics, then don’t forget to tune in to our seventh episode of Risk Grustlers! Highlights from the episodeTransitioning to the information security industry and navigating the GRC spaceBalancing collaboration and assertiveness while executing risk management activities Understanding the security budget for establishing a minimum viable risk program in growth-stage companies Quotes“I've learned from past experiences that when flashy tools were brought in without the necessary structure and support, it often led to issues. There's no magic solution in a tool alone; it requires knowledge and effort to work effectively. Establishing a strong foundational risk program comes first.” "While checklist-based approaches can be dull, the real value lies in understanding optimal solutions and collaborating closely with teams to innovate."About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Building a security team, let alone scaling it, is no small feat; there are several layers and factors to consider. In this episode, Satya shares with us his experience of building teams across different environments and some core concerns he makes sure to address. Moving along, the conversation also tackles the question of how much growth-stage companies should invest in security, with special attention on the kind of messaging that they should be focusing on first. There is a sharp distinction between feeling secure and being secure - an approach that Satya uses to determine which side of the coin a company wishes to fall into. If you’re interested in learning the key strategies from an esteemed security professional on how to get your security budget approved, how to keep up with the attackers in the present threat landscape, as well as the know-how on staying up-to-date with the new frameworks, then tune in right now! About SatyaSatya Nayak, Head of Security Engineering & Operations at Outreach, is joining us for the sixth episode of Risk Grustlers to share what sparked his passion for cybersecurity and give solid advice on leading security teams with finesse. Being one of the fastest-growing professionals in the industry, Satya has some incredible tips up his sleeve that will have you see GRC in an entirely new light.Highlights from the episodeBuilding security teams without killing the passion of your team membersFeeling secure vs. being secure - two sides of a coin Using hard numbers to back up larger scale and advancements Navigating the framework soup and scaling your GRC team with it Quotes“Operating from the sidelines won’t cut it. You’ve got to be in the know about what’s happening out there. That’s how you back up your team, manage projects, and make those smart moves.” "It is important to not smother your team's passion for security under a pile of processes and organizational rules."About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Join us as Ross Haleliuk, Head of Product at LimaCharlie breaks down the notion of complexity that surrounds cybersecurity. Ross's journey into cybersecurity began with a unique path. He had been involved in various tech fields for over a decade, including e-commerce, retail, and financial technology. He joined a cybersecurity startup as a product leader despite his initial hesitation due to the complexity and jargon associated with the field.And this episode uncovers exactly that. With a rather refreshing take on the cybersecurity landscape today, Ross is de-romanticizing the complexity, one day at a time. We also touch upon Ross's perspective as an angel investor and industry insider, emphasizing the importance of balance in cybersecurity startup founders. (along with some incredible advice for teams who are trying to sell to CISOs) So grab a snack, get cozy, and dive straight in! About Ross HaleliukWith a personality that rivals Taylor Swift, Ross Haleliuk is the Head of Product at LimaCharlie and the esteemed author of the famous cybersecurity blog, Venture in Security. He is joining us for the fifth episode of Risk Grustlers, to break down the notion of complexity that surrounds cybersecurity. Tune in to listen to Ross share his anecdotes as a non-tech background professional who’s had to unlearn and see beyond the acronyms and jargon. Highlights from the episodeTransitioning into the Cybersecurity Industry as a non-tech professionalBalancing Experience and Innovation in StartupsConvergence of Cybersecurity Services and ProductsQuotes“It's all about finding that balance between what products can do and where human expertise shines.”“Upon examining the market from a foundational perspective, it becomes evident that numerous trends involve the convergence of products and services. This convergence blurs the lines between product and service providers, leading to a unified entity.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

 There are a bowlful of acronyms that have entered the cybersecurity industry in the last few years, and in this episode, Gary expands on why exactly it is important to identify the most critical things first: the BASICS. Are you doing the basics correctly? Or are you simply on a barrage of vendors to help you identify the risk areas? Do you have data lying around in a sweet nest bucket for attackers?Join us as we interview Gary Hunter, the Executive Director and Deputy Information Security Officer of Cybersecurity at The Walt Disney Company where he discusses how to strike a balance between deploying the latest AI systems while maintaining the proper processes in-house. Tune in right now! About Gary HunterSwitching fields into cybersecurity can be a whole lot of scary, especially in the current landscape but there’s no better example than Gary Hunter, who joins us in our fourth episode of Risk Grustlers to teach us how to break the imposter syndrome and find your feet in this wild jungle of data security! Coming from a non-tech background and building his portfolio as a ‘security guy’ from scratch, Gary has accumulated the perfect balance to act as the bridge between complex technical problems and non-technical audiences.Highlights from the episodeTranslating concepts of business in building applicationsGoing back to the basics before implementing the latest AI systemsIntegrating security controls into the tools/applications developers and engineers are usingQuotes“Start with strong security basics. Prioritize clean security hygiene before advanced measures. Use technology to spot issues, but prioritize, understand, and remediate findings through proper processes.”“Instead of costly site visits, focus on training. Vendor breaches often stem from email compromise, phishing, ransomware. Training on spotting fake emails matters more than fortress-like data centers.”About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Taking a slight departure from our regular themes of exploring the journeys of Risk Grustlers, we’re here with an on-demand podcast with the one and only, Walter Haydock, Founder and CEO of StackAware, to demystify and dig into the role of responsibility in today’s AI threat landscape. In this episode, Walter gives us a crash course on all things LLM – from listing the  differences between using a self-hosted LLM and a third-party LLM to explaining the top five risks to watch out for while using them. Application developers are often overwhelmed with the bundle of resources out there, especially when working with LLM-based applications. The OWASP Top 10 and the NIST AI RMF framework, to name just a few - so what should be the key concerns? That’s exactly what we’re solving here. Tune in to listen to the top 5 concerns that, according to Walter, should be on the top of your list when creating a tool on top of a LLM!Last but not least, as promised, we are linking the FREE resources down below, so don’t forget to take a look and sharpen your AI security knowledge. 5-day email course on AI securityFree Security policy templateAbout WalterWalter Haydock is the Founder and Chief Executive Officer of StackAware, which helps organizations manage the cybersecurity, compliance, and privacy risks from artificial intelligence systems while harnessing their benefits.Walter is a true trailblazer when it comes to solving for AI security. With a profound understanding of AI’s inner workings, he’s the ultimate demystifier of Language Models’ core applications. He was previously a Director of Product Management at Privacera - a data governance startup backed by Accel and Insight Partners - as well as PTC - where he helped to secure the company’s industrial IoT product lines.Before entering the private sector, he served as a professional staff member for the Homeland Security Committee of the U.S. House of Representatives, as an analyst at the National Counterterrorism Center, and as a reconnaissance and intelligence officer in the Marine Corps.Walter is a graduate of the United States Naval Academy, Georgetown University’s School of Foreign Service, and Harvard Business School.LinkedIn | Twitter | BlogHighlights from the episodeDiscussing the pros and cons of using an open-source LLM Vs. third-party LLMDecoding the key concerns to look out for when leveraging a third-party LLM to create a toolUnderstanding key differences between direct prompt injection and indirect prompt injectionNavigating the uncertainty of privacy regulations for LLMs in different regionsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

Welcome to Episode 2 of Risk Grustlers! In this episode, we walk through the journey of Vignesh Kumar, who leads the internal audit teams at Microsoft. He talks about his unorthodox journey to the GRC world, what makes GRC sexy, and why relationships are pivotal in the GRC world.He offers a peek into the world of audits, explaining how internal and external audits vary and emphasizes the need for regular internal audits.There are also some sneaky tips on how GRC teams can establish a rapport with other teams to make the whole process, much easier. Whether you’re a GRC professional or an employee who is vary of it, Vignesh will make you gain a new respect for it. Get ready to see GRC in a new light! Tune in as he recounts amusing anecdotes of his experiences as an internal auditor and learn whether auditors do have horns or are just an angel in disguise.About VigneshVignesh Kumar is the Senior Manager of Security and Privacy at Microsoft and an undeniable GRC genius.Having started out as a project manager at one of the largest equipment manufacturers in the world, Vignesh developed an unexpected passion for GRC. Today, this passion still burns bright, as he sets about making it more palatable and appealing to the uninitiated or to those who dread it. He is the perfect advocate for all things GRC.Highlights from the episodeDiscussing the importance of GRC for an organization’s securityDifferentiating between internal audits and external auditsEmphasizing the importance of regular internal auditsQuotes“So, the key difference is the sense of ownership. Internal auditors have that, while external auditors usually stick to compliance. It's about being risk-based versus compliance-focused.“What I came to really appreciate about GRC was how it could positively impact my applications. Its ripple effects spread across the organization and ensure that hundreds of applications are compliant.” About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform.To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts

There’s no straight-line path to growing in Risk Management. There are uncertainties and the burden of constantly avoiding obsolescence. But it’s also rewarding. How? With effective cyber risk management. Welcome to the first episode of Risk Grustlers Podcast! Prepare to be enlightened and awakened as Davis Hake, co-founder of Resilience, unravels the dynamic evolution of the insurance domain and how its behaviour-changing nature can influence risk management. Learn the importance of early buyer engagement, how you can strike a balance between listening to ‘users’ as well as understanding the requirements of ‘buyers’ and acknowledging why it is necessary to make a connection with clients.Still thinking of how to navigate the intense acronym soup, mate? This goldmine of insightful industry information is yours for the taking! Tune in now. About DavisDavis Hake is the co-founder of Resilience - a pioneering cyber risk solution company based in New York City, which is redefining how companies think of the ‘economics’ of risk management.Davis has earned his stripes as a true innovator in the realm of cyber risk combat, seamlessly merging cutting-edge analytics with actionable wisdom. With his unparalleled grasp on risk management, he is the perfect sensei for cyber risk warfare.Highlights from the episodeDecoding how to manage cyber risks through the use of analyticsDiscussing the importance of evangelizing buyers early onEffective advice for CISOs and aspiring founders of infosec companiesQuotes"Today, we tend to take a compliance-driven risk approach. But what we really need is risk-driven compliance. So, for companies to think about what’s core, what’s most impactful to their ability to deliver value to their clients and then working from that set of security measures, investments and understanding how well you’re implementing that sort of blocking and tackling can then layer up to these different compliance frameworks"About Scrut AutomationScrut Automation is a risk observability and compliance automation platform built to simplify information security monitoring for cloud-native companies. We help early-stage and growth-stage companies across the globe, establish enterprise-grade information security processes through an easy-to-use GRC platform. To watch more of our episodes and learn more about us, visit us at https://www.scrut.io/podcastsAbout Scrut Automation:Scrut Automation empowers scaling companies to move Beyond Compliance, focusing on managing digital risk while reducing the friction of audit preparation, evidence collection, and risk monitoring. Purpose-built for high-growth startups and mid-market businesses, Scrut simplifies the most tedious parts of compliance and risk management, keeping you audit-ready and risk-aware at all times. With seamless integration into your processes, Scrut delivers real-time insights and continuous monitoring, enabling proactive risk management to support sustainable growth. Focus on scaling your business confidently as Scrut automates compliance and strengthens your digital resilience—no more manual work or compliance chaos.To watch more of our episodes and learn more about us, visit us at :https://www.scrut.io/podcasts