Shows
tHe CybeR VauLt - Top Voices in CyberIAM Trends 2024: What’s Changing in Identity Security - The CyberVault with Garret GrajekIn this episode, I’m joined by Garret Grajek, Founder & CEO of YouAttest, identity expert, and inventor with 10+ patents in the space.Garret shares his journey from leading at IBM, Cisco, SecureAuth and Cylance - to building YouAttest with a mission to solve what legacy identity systems still haven’t.We dive into:🧩 Why identity is still one of the most complex and underserved areas in cyber📉 Where legacy IAM solutions are falling short - and how vendors can close the gap🚀 What MSSPs need to...2025-06-2532 min
#AuditTuesday GRC Podcast#AuditTuesday: v-CISOs: Scaling Identity GRC for Security and Compliance w/ YouAttest and AllgressWith cyber threats escalating and compliance requirements tightening, organizations need flexible, expert-driven solutions to stay secure. Virtual CISOs (v-CISOs) are redefining governance, risk, and compliance (GRC) by delivering strategic expertise without the cost of a full-time CISO.In this exciting edition of the #AuditTuesday GRC Podcast, Jerry Sisson, Founder/CEO of MyTechNetwork, moderates a compelling discussion with Jeff Kushner, a cybersecurity marketing and GRC expert, and Garret Grajek, CEO of YouAttest, a certified cybersecurity innovator (CEH, CISM, CGEIT, CISSP) with 10+ patents in identity security.What’s on the agenda?The rise of v-CISOs: Ho...2025-06-1356 min#AuditTuesday GRC Podcast#AuditTuesday: Hey MSPs! Time to Get on Board w/ YouAttest Managed UARs!MSPs – it's time to expand your security service offerings with a critical, high-demand compliance function: User Access Reviews (UARs).In this special edition of the #AuditTuesday GRC Podcast, Garret Grajek, CEO of YouAttest, sits down with Joe Rojas, Co-Founder of Start Grow Manage, to discuss how MSPs can unlock new revenue and compliance value by partnering with YouAttest as their backend Managed Security Service Provider (MSSP) for UARs.What’s on the agenda? - What exactly is a User Access Review (UAR) and why is it foundational to any cybersecurity compliance framework?- The in...2025-05-3045 min
MSP Cyber RoundtableE80. What Are Security KPIs and What Should They Look Like?Join Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek, Bill Lauterbach, and Kashif Mahmood from YouAttest as they explore how KPIs, such as Identity Reviews Conducted in a Defined Period of Time, help enterprises measure and improve identity governance. Additionally, FortMesa shares insights on integrating security KPIs into your strategy.2025-02-1254 min
The Cybersecurity Defenders Podcast#190 - How MSSPs can help clients meet regulatory requirements with Garret Grajek, CEO at YouAttestOn this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and...2025-02-0338 minMSP Cyber RoundtableE71. Securing Identity in a Zero-Trust WorldJoin Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek and Bill Lauterbach from YouAttest as they discuss how to protect user identities and enforce strict access controls in a zero-trust environment, minimizing risks. Additionally, we will provide a high-level overview of DMARC as part of our Security Essentials series.2024-11-2057 min
Default Global Podcast: Navigating Global Expansion, Remote Teams, and International TalentHow to Raise Seed Funding for Cybersecurity Startups🔊 In this episode of Default Global, I talk with Garret Grajek, CEO of YouAttest and a veteran in identity governance within the cybersecurity space.With over 30 years of experience and 13 patents, Garret shares actionable tips on securing seed funding, navigating today’s valuations, and finding the right investors.He also discusses the challenges of scaling a global team and emphasizes that business savvy is just as essential as technical expertise.Key takeaways:Raising startup capital in a competitive cybersecurity market.How a business-savvy spouse can strengthen your investor pitch...2024-11-1317 min#AuditTuesday GRC PodcastCISA and The Principle of Least Privilege - Identity Governance w/ David WorthingtonThe world is finally becoming aware of the danger of excess privileges and unmanaged users. These are the accounts that the attackers love to take over and then stay resident in our enterprises and exfiltrate data while going undetected.NIST, the National Institute of Standards and Technology, has created a concept to remedy this situation. They label it the Principle of Least Privilege (NIST CSF 1.1. PR.AC-04, NIST CSF 2.0 PR.AA-05), which guides companies to limiting logical, physical and system access to specific job functions. To get the word out – #AuditTuesday has invited David Worthington wit...2024-11-1351 min
Next Gen Case StudiesSimplifying Identity Management and Security with Garret Grajek
In this episode of the NextGen Case Study series, we welcome Garret Grajek, CEO and co-founder of YouAttest, a company specializing in cloud-based identity, auditing, and management solutions. With nearly 30 years of experience in information security, Garret is recognized as a security visionary, holding 13 patents in technologies like X.509, mobile, SSO, federation, and multi-factor authentication. His extensive work includes significant security projects for both commercial clients and public sector organizations, such as the US Navy and the EPA.
Garret begins by sharing his journey from a programmer to a leading figure in identity and security...2024-08-2229 minMSP Cyber RoundtableE58. 3 Reasons 2-Factor Isn't EnoughJoin Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek and Bill Lauterbach from YouAttest as they talk about the pitfalls and problems with two-factor authentication. In addition, we go over ISC2 Certification at a high level.2024-08-0749 min#AuditTuesday GRC PodcastYouAttest CGEIT Study Session: Domain 3 - Featuring Karina Klever and Shannon BrewsterLed by Karina Klever and Shannon Brewster, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just like the exam. Great topic, great hosts, great value - let’s learn together!To learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com2024-06-201h 03#AuditTuesday GRC PodcastCGEIT Training Session - Domain #2 w/ Karina Klever and Kelly GilmoreA 5-part series is helping managers become better managers - starting with learning the basis of the CGEIT certification. (Certified in the Governance of Enterprise IT®)Whether you’re looking for a new career opportunity or want to advance within your existing company, becoming Certified in the Governance of Enterprise IT® proves your expertise in enterprise IT governance, resources, benefits and risk optimization.Led by Karina Klever and Kelly Gilmore, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just...2024-06-181h 01#AuditTuesday GRC PodcastCybersecurity 80-20 Rule - Start with Identity w/ Michael Andrewes of YastisThe 80/20 rule is crucial to many enterprise and life activities - but what about cybersecurity?Most definitely it is. The 80-20 rule guides us to take our limited resources and focus them on activities that would make the most difference.The same goes for cybersecurity. Michael Andrewes is a cyber and GRC specialist who will dialogue why and how we should focus our limited cyber budgets and efforts on securing our identities. The webinar will include the following information: - What are the identity risks in the enterprise? - What hap...2024-06-1846 min#AuditTuesday GRC PodcastLimiting the Identity Attack Surface - Red Cup IT Starring Dan LeAttack surface is the rage of cyber security today - we hear we have to reduce our attack surface. But how about the biggest vulnerability - our identities - and thus shouldn’t we be reducing our IDENTITY attack surface.Absolutely we should.Red Cup IT, a premier managed service provider focusing on security and YouAttest, a Next-Gen IGA solution - have teamed up together to reduce the identity attack surface.The webinar will include information:- What is the identity attack surface problem?- What are the consequences of a un...2024-05-2952 min#AuditTuesday GRC PodcastCGEIT Training Session - Domain 1 w/ Karina Klever and Kelly GilmoreA 5-part series is helping managers become better managers - starting with learning the basis of the CGEIT certification. (Certified in the Governance of Enterprise IT®) Whether you’re looking for a new career opportunity or want to advance within your existing company, becoming Certified in the Governance of Enterprise IT® proves your expertise in enterprise IT governance, resources, benefits and risk optimization.Led by Karina Klever and Kelly Gilmore, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just...2024-05-251h 01#AuditTuesday GRC PodcastConsequences of a MSP Breach - Financial, Legal and Cyber Implications - Featuring Cynthia Stamer, Peter Gailey and John AllenBreaches are not new - they affect every industry from A to Z - Advertising to Zoos. What’s new? Now the hacks of the services that manage the IT infrastructure and services are being compromised. These organizations are called MSP (Managed Service Providers) and MSSP (Managed Security Service Providers). Consider these firms as part of the Supply Chain for Technology Services. What are some of the implications when these enterprises get hacked? This is not theoretical - recently a MSP was slapped w/a Lawsuit from...2024-04-041h 05#AuditTuesday GRC PodcastThe Microsoft Email Hack - Service/User Accounts Used for OAUTH SSO w/ Greg KutzbachWho: Greg Kutzbach, Digital Forensic Expert, Exhibit A Cyber Garret Grajek, CEH, CISSP, CEO of YouAttestMicrosoft just suffered a major attack on their internal email systems. The culprits were deemed to be Russian state actors.It appears the attackers overtook “legacy” accounts and created malicious OAUTH access. Cyber forensic expert Greg Kutzbach, an expert on digital discovery, will spell out the hack, and more importantly, how organizations can defend themselves.The start of the solution to this problem is review of the permissi...2024-03-0127 min#AuditTuesday GRC PodcastEgo and the Start-up Entrepreneur with Professor David CarlsonEveryone loves the start-up - but no one loves the ego of the start-up entrepreneurs. It’s not a myth, it’s real and it hurts the endeavor.To explore this real world problem - is start-up expert and author: David Carleson. A seasoned veteran in the problem and author of, “Death By Ego: Lessons From Entrepreneurs Who Successfully Killed Their Companies”. David has researched and is an expert on areas of ego and the start-up, including:Dysfunctional ego traits that investors can recognize in the entrepreneurTrue stories how ego killed good start-upsReminders how entrepren...2024-03-0129 min#AuditTuesday GRC PodcastCyber Security and Cyber Law - Identity Governance w/ Stacey Cameron, Shawn Tuma and Justin CorkerCases like the SEC claims against SolarWinds and Tim Brown have made the general public aware that IT has governance and a legal responsibility to identify data. But SolarWinds isn’t the only case in the news - there were 246 class action lawsuits on data breaches in 2023 - and the SEC ruling on 4 day notification is predicted to make this number skyrocket.What are the lawsuits about? What are “due care” and “negligence” legally and how does this relate to the cyber world? To help answer this question - we have corporate cyber defense lawyer, Shawn Tuma. And to help...2024-03-011h 00#AuditTuesday GRC PodcastWhy IGA is Failing Our Enterprises - Stacey Cameron, Mel Reyes, Tom SabbeIGA has been seen as a failure in many enterprises. Why is this? Why are companies getting hacked for faulty governance? Why are companies being sued for faulting governance?Why are governance improvements in the future?And why do GRC projects never seem to meet expectations?We discuss this w/ Mel Reyes, Stacey Cameron and Tom Sabbe. Mel has execution expertise in delivering Business & Product Development, eCommerce, Agile, DevOps, interactive, and mobile solutions deployed across varying markets for companies like PayPal, eBay, T-Mobile, Mercedes-Benz, Sharp, Lowe’s, Pepsi, Priceline, Bank of America, Kraft, AT&T, e...2024-02-0754 min#AuditTuesday GRC PodcastCybersecurity and Change Control, focus Identity - with John Young and Kelly GilmoreCybersecurity is on everyone’s mind - but did you know cybersecurity starts w/ change control?Hackers love sloppy IT and sloppy identity practices? IT cowboys like to slap in changes w/ the rapid process and procedures - this makes the IT practices inviting to hackers who only need a single vulnerability to import their malware and exploit any weakness we give them.To discuss change control and the importance is cyber security expert John Young, IT professional, hacker, author and writer of “Why Cybersecurity and Change Control Go Together Like Peanut Butter and Jelly” Br...2024-01-3153 min#AuditTuesday GRC PodcastHalloween Scary Stories on Identity Hacking w/ Craig Guinasso and Paul FeatherThe past months have brought us more than just the infamous MGM identity hack - unfortunately much more. Identities themselves are no longer the target now it’s the entire identity infrastructure.To discuss these hacks we have security expert Paul Feather from Compu-netics and security expert Craig Guinasso. YouAttest’s own CEO, Garret Grajek will join in the discussion.These are indeed scary stories - but the guest will also discuss counter measures!And to keep your permissions in check - ensure your identity entitlements w/ YouAttest.To learn more abou...2024-01-2729 min#AuditTuesday GRC PodcastAI and Search - What’s Next w/ David NovickSearch has been big business for 30 years - and no one is bigger in the search industry than Google. But with new advances in AI, especially around LLM (Large Language Models), with working examples like Open AIs ChatGPT - is the dominance of Google over? Is there room for new search engines - and could the current Google-type search industry days be numbered?And where do the LLMs fit in search?To shed light on this topic, YouAttest interviewed David Novick, search, cyber and marketing expert and author of “The Future of Search: Explo...2024-01-2614 min#AuditTuesday GRC PodcastCISA and The Principle of Least Privilege w/ CISA Security Advisor: Donald E. HesterThe world is finally becoming aware of the danger of excess privileges and unmanaged users. These are the accounts that the attackers love to take over and then stay resident in our enterprises and exfiltrate data while going undetected.NIST, the National Institute of Standards and Technology, has created a concept to remedy this situation. They label it the Principle of Least Privilege (NIST CSF 1.1. PR.AC-04, NIST CSF 2.0 PR.AA-05), which guides companies to limiting logical, physical & system access to specific job functions. To get the word out - t...2024-01-1659 min#AuditTuesday GRC PodcastThe SEC 10-K and Mandated Cybersecurity Messaging w/ DV SubramanyamThe “SEC Final Ruling” on cybersecurity and cybersecurity messages in law. The changes include mandatory documentation of cybersecurity practices in their annual 10-K filings. These include details on an adoption of the Risk Management Framework the enterprise utilizes. What does this mean? What is required?To help answer these questions we have DV Subramanyam, CEO of Essert.io. He has a world-unique product and angle on what can and should be disclosed after a data breach or cyber incident, based on the latest SEC cyber rulings. In addition, we are fortunate...2024-01-1157 min
Mastering Risk Management PodcastMRM - Episode 67: Garret GrajekThis episode is another must listen for those wanting to ensure they are putting in place the right controls to secure both business and personal data. My guest is Garret Grajek, President and CEO of YouAttest, a cloud-based access review engine that provides identity and security compliance for all resources. We discuss how failing to manage systems access is one of the fundamental mistakes organisations can make yet is one of the easiest to fix.Garret challenges us to reflect on our organisations Identity Governance by asking ourselves the following questions:Who has access t...2023-06-2933 min
SecurityMetrics PodcastIdentity Management: Why It Matters | SecurityMetrics Podcast 65Identity management is a critical aspect of any cybersecurity program. Creating the right roles and implementing a mature identity management lifecycle requires thoughtful collaboration between information technology and business operations. Tune in this week as Jen Stone (MCIS, CISSP, CISA, QSA) and Garret Grajek (CEH, CISSP, certified security engineer, product builder and CEO of YouAttest) sit to discuss:What identity management is and why it is importantFirst steps to take to implement identity managementMulti-factor authentication, governance, and other critical aspects of identity securityHosted by Jen...2023-03-2932 min
Hybrid Identity Protection PodcastCloud Services Access Challenges with Garret GrajekThe rapid proliferation of cloud services has opened doors to many advancements in the ways we work. Unfortunately, governance of access to those services has not kept pace. As a result, cyberattackers often have a field day once they gain entry to your hybrid identity environment. In this episode, Sean talks with Garret Grajek, CEO of YouAttest and founder and former CTO and COO of SecureAuth about the challenges—and importance—of implementing effective access governance.2022-12-0122 min
Hybrid Identity Protection PodcastCloud Services Access Challenges with Garret GrajekThe rapid proliferation of cloud services has opened doors to many advancements in the ways we work. Unfortunately, governance of access to those services has not kept pace. As a result, cyberattackers often have a field day once they gain entry to your hybrid identity environment. In this episode, Sean talks with Garret Grajek, CEO of YouAttest and founder and former CTO and COO of SecureAuth about the challenges—and importance—of implementing effective access governance.2022-12-0122 min
The Capital TeaKarla Reffold interview Garret GrajekKarla and Garret talk about compliance, how this is built into new projects, blockchain, regulation and more in this episode full of Garret's wisdom and experience. Garret Grajek is a certified security engineer with almost 30 years of experience in information security Garret is recognized in the industry as a security visionary in identity, access and authentication matters. He holds 8 patents involving x.509, mobile, SSO, federation and multi-factor technologies. He has worked on security projects for major commercial accounts including Dish Networks, Office Depot, TicketMaster, Oppenheimer, E*Trade, HP.com and public sector accounts as GSA, U.S. N...2022-08-1129 min
The Cyber Go-To-Market podcast for cybersecurity sales and marketing teams. Save Cybr Donut!141: Garret Grajek, CEO and Co-Founder at YouAttest on how he is making the lives of risk managers exponentially easierGarret Grajeck hated access reviews when he was running technology teams at companies like Cyland and SecureAuth. They were a pain in the ass, took up valuable resources and seemed to take months to complete. But they needed to be done. Garret founded YouAttest to make access reviews exponentially easier for risk managers.In this episode, Garret Grajek, the CEO and founder of YouAttest talks about the need for access reviews, the penalties of not doing them and his go-to-market learnings while building the company.If you are a sales leader at a startup, or yo...2022-06-2821 min
Inventive Journey"Subject Matter Expert" The Inventive Journey Podcast for Entrepreneurs w/Garret GrajekSME. Are you an SME in the field? Are you a Subject Matter Expert. If you're not, partner with someone, or get a bunch of advisors who are.
You have to answer, as an innovator, you have to answer, every call has to be, "Why the heck do you exist?" And if you can't answer that, please don't start a company.2020-09-0830 min
DirtySecurityGarret Grajek: Who Does Your Computer Think You Are?DirtySecurity: Garret Grajek: Who Does Your Computer Think You Are? Let’s ask our hacker friends… the white hats and the grey and black hats… Do identity validation tools keeping them from achieving their results? Hardly. Where to Authentication Processes come up short? Why not get the lowdown from a man who has made a career creating and improving access and authentication… On this week’s episode of Dirty Security, Edward Preston gets the skinny on BlackBerry|Cylance VP of Identity, Garret Grajek on their latest innovation: Persona. They talk about...2019-04-1700 min