Seiso Side-Up

The conversation explores the concept of 'hack lore' and its impact on cybersecurity, focusing on the disconnect between perceived security and actual security. It delves into the myths and misconceptions surrounding security, the role of AI in creating new hack lore, and the need to address the mundane aspects of security. The discussion also highlights the importance of holding companies accountable for customer security outcomes and the challenges of AI in cybersecurity. The conversation delves into the challenges of implementing AI and security in modern workflows, highlighting the need for a secure-by-design approach and the importance of understanding customer security outcomes. It also emphasizes the role of leadership in taking ownership of security and risk.TakeawaysHack lore: The conversation sheds light on the concept of 'hack lore' and its impact on cybersecurity, emphasizing the need to retire bad advice and focus on the basics.AI and Hack Lore: The emergence of AI in cybersecurity introduces new challenges and misconceptions, leading to the creation of new hack lore around AI security advice and frameworks. Secure-by-design approach is crucial for AI and cloud systemsLeadership must take ownership of security and riskChapters00:00 AI and Hack Lore: The New Frontier25:26 Security as an Afterthought in AI Implementation31:11 Cultural Perspective on Applying Security Basics to AI39:31 Secure by Design in Real-world AI Environments45:25 Ownership of Risk and Accountability50:53 Implementing Secure by Design Principles

The conversation delves into the evolving role of GRC professionals, emphasizing the non-negotiable skills, challenges, and the shift from compliance operators to strategic partners. It also explores the influence of GRC on business decisions, burnout prevention, and the importance of continuous learning and risk-based decision-making.TakeawaysTechnical understanding and fluency are non-negotiable skills for modern GRC professionals.Risk management, continuous learning, and business context understanding are crucial for GRC professionals.Data analytics and risk visualization play a significant role in GRC responsibilities.GRC professionals are evolving from compliance operators to strategic partners, influencing business decisions earlier in the planning stage.Challenges for GRC teams include continuous learning, resistance from within GRC and the business, and burnout prevention.Leadership can better support evolving GRC roles by involving GRC professionals in strategic conversations early and building trust.Prioritizing cloud hosting, security, and AI technology skills is essential for GRC professionals.A risk-based approach and proactive decision-making are crucial mindset shifts for modern GRC teams.Chapters00:00 Skills for Modern GRC Professionals11:08 GRC as a Strategic Partner17:20 Challenges and Growing Pains22:37 Preventing Burnout

The podcast episode explores the evolution of GRC roles, the impact of automation on GRC tasks, and the strategic shift in GRC expectations. It also delves into the measurement of the value of GRC beyond passing audits. The conversation highlights the expanding nature of GRC roles and the significant impact of automation on GRC tasks.TakeawaysGRC roles are expandingAutomation has significantly impacted GRC tasksChapters00:00 Evolution of GRC Roles05:31 Impact of Automation on GRC Tasks21:31 Measuring the Value of GRC

AI is no longer experimental—it’s embedded in enterprise systems, security operations, and everyday business tools. In this episode of The Seiso Side-Up Podcast, host Lauren Shaffer joins Seiso COO Eric Lansbery and co-host Heidi Patrick to discuss why AI security, AI governance, and risk management are now critical priorities. The conversation covers the evolution of AI adoption and the real risks organizations face, including model poisoning, data leakage, hallucinations, and unmanaged GenAI use. Eric shares practical guidance on applying NIST AI Risk Management Framework, ISO/IEC standards, ethical AI, and GRC best practices to build secure, compliant, and resilient AI programs. This episode delivers key 2026 AI governance takeaways for security leaders, GRC professionals, and executives looking to manage AI risk, meet regulatory expectations, and strengthen enterprise trust.      

In this episode, Joe Wynn and Taylor Lee join Lauren to discuss How to Win Friends and Influence People and Crucial Conversations books. They discuss how to correctly communication phishing attacks, how to listen with empathy and how to lead by example.  Listen to this episode to learn how to become a human firewall. 

In this episode, we take you behind the scenes of how our team helped a client successfully achieve CMMC Level 2 certification. From assessing gaps and aligning controls to overcoming legacy system challenges and navigating the audit process, we break down each step of the journey. You’ll hear how collaboration, governance, and a clear security roadmap turned a complex compliance goal into a milestone achievement. Whether you’re preparing for your own certification or just curious about how CMMC impacts business resilience, this episode offers practical insights and lessons learned straight from the field.

On this episode, we have a special guest, Sourabh Moharil, Managing Director and Co-Founder of the Global Capability Center (GCC) company Agilite. Seiso CEO Joe Wynn joins our co-hosts, Lauren Shaffer and Eric Lansbery, to navigate the value behind establishing a GCC while integrating with a vGRC model to develop, maintain, and continuously improve compliance at that scale of business growth operations. Listen in on this very special episode and learn more about how GCC and vGRC can help to simplify security while upscaling your company strategically - for start-ups and well-established businesses alike.

In this episode, we'll review the proposed updates to the HIPAA Security Rule and discuss the challenges that organizations encounter when becoming HIPAA compliant or maintaining HIPAA compliance through these changes. We also dive into the complexities and differences between HIPAA compliance in the cloud, versus on-prem, and how compliance automation can be a game changer in keeping up with these changes. #vGRC #HIPAA #cybersecurity #riskmanagement

Listen in as we discuss the Seiso vGRC model with CEO Joe Wynn and COO Eric Lansbery. We'll cover topics from various angles of the Governance, Risk, and Compliance needs of Seiso customers, tell some real-life stories about how the vGRC model can benefit your organization, and even have a friendly debate about the efficacy of what we all come to know as vCISO, in the modern information security services industry.

Listen in as our podcast host, Lauren Shaffer, our special guest Travis Buckinham, along with Seiso Co-Founder Jon Zeolla discuss the advancements in AI and the security concerns related to AI in healthcare, finance, and other industries.  What is the industry doing to address these concerns? What can the world expect from AI in healthcare now, and in the near future? How helpful is AI when introduced into the supply-chain? Referenced article: https://www.techspot.com/news/106289-medical-misinformation-ai-training-data-poses-significant-risks.html  

During this episode, we're joined by Seiso engineers and consultants to discuss their individual paths to breaking into the cybersecurity industry and how they lay out their ongoing knowledge growth. We also discuss our recommendations for new and upcoming cybersecurity engineers in developing their skills. Finally, we round out the episode with a conversation on the ins and outs of being master of one or jack of all trades (or somewhere in between). 

In this episode, we kick off season 2 of the podcast with a recap of a few episodes from 2024. 

In this episode, we invited special guest Ken Presutti, an Agile coach and sports endurance coach, to discuss the value behind intrinsic motivation and how it can tie both personal and professional goals together. It's that time of year where organizations and individuals seek to establish their annual objectives and goals to meet the needs of the business, and in our industry, look to the year ahead to improve their cybersecurity strategy. We'll also discuss ways that Seiso enables a better work-life harmony for our workforce, and ways you can align your personal values with your professional milestones and initiatives.

In this episode, GRC Engineer Justin Fearon and CEO Joe Wynn discuss the importance of ethics and integrity in cybersecurity.  Join us on the Seiso Side Up Podcast as Justin and Joe deep-dive into the intent behind the book The Code of Honor - Embracing Ethics in Cybersecurity, written by Paul J Maurer and Ed Skoudis. You can purchase your copy of the book here: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862 Look for more information on this topic, as presented by Simon Simek, in this video: https://youtu.be/zP9jpxitfb4?si=9Cvr0ZYTlFepaln3

On this episode of the Seiso Side Up podcast, we welcome two guests - Jake Mayhew and Justin Leapline. Jake has decades of experience performing and teaching the ins and outs of penetration testing, at times performing tests for companies that handle cardholder data, and Justin is a subject matter expert in the world of PCI (Payment Card Industry) security & compliance. Join us as we dive into the gotchas of becoming PCI compliant and how to best approach penetration testing as part of the PCI compliance journey.

On this episode, CTO Jon Zeolla and Sr. Security Engineer Keith Holland discuss the inner-workings of the Seiso open source project, easy_infra. easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments by running security scans prior to running IaC tools. It supports three main use cases: Experimentation by supporting interactive use and secure troubleshooting. Continuous Integration as a part of Pull/Merge Request validation. Continuous Deployment as an automated deployment tool. https://github.com/SeisoLLC/easy_infra

Listen in as Seiso GRC Engineers discuss the evolution of the practice through a commonly known set of informations security and risk scenarios that focus on security best practices, resiliency, and the overarching guardrails to keep everything operating in harmony. 

Joe Wynn (CEO) and Jon Zeolla (CTO) tell us about how and why they started https://seisollc.com and even more about where Seiso is headed through continuous innovation, constant learning, and bringing creative, frictionless information security / risk management practices to the Seiso customers.  Tune in to hear all about Seiso origin stories and some special segments that give you the insight into what makes Seiso a great business partner.

Senior Security Engineer Keith Holland and Lead Security Engineer Sean Cavanaugh talk about the intricacies and challenges facing application security practitioners in today's modern cloud-based software development world. The Original Rebel Scrum team was formed as Seiso adopted the Agile methodology to project management, lead by co-host Lauren Shaffer. Throughout their time at Seiso, both Sean and Keith have helped grow the DevSecOps, Web Application Pentesting, and Product Security practices.

Senior GRC Engineer Heidi Patrick and Security Consultant Justin Fearon talk all things CMMC. In this episode, we discuss the gotcha's when approaching CMMC compliance and how Seiso facilitates a process to reach CMMC readiness with creativity, allowing our customers to achieve their cybersecurity goals and eventually move towards the assessment process against CMMC requirements.

In this episode, our Seiso Side-Up co-hosts talk about what this podcast is all about, segments that we'll showcase, and a little background on our co-hosts themselves.