Look for any podcast host, guest or anyone
Showing episodes and shows of

YouAttest

Shows

#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday - AI Governance in 2026 w Reliath AIAI adoption is accelerating — but governance, risk, and regulatory readiness are still lagging behind.As organizations move toward 2026, leaders must cut through the hype and understand what AI governance actually means, what regulations truly require, and how to operationalize governance across the enterprise.Join us live as we discuss: ✅ What AI governance really means in 2026 ✅ What regulations require vs. what frameworks recommend ✅ How organizations can prepare for AI risk, audits, and oversight ✅ How Reliath AI and YouAttest help address AI governance in practice🎙 Featuring:Herb Roitblat — Chief AI Officer & CTO, R...
2026-02-251h 01Ivory GC
Ivory GCE035: How Access Governance Impacts Revenue, Solvency, and Enterprise TrustAccess controls used to be treated as a technical checklist item. Today, they can determine whether a company closes an enterprise deal, secures cyber insurance, passes an audit—or survives a breach.In this episode of Ivory GC, host Brian Becker sits down with Garrett Grajek, CEO of YouAttest and a longtime leader in identity governance and access control. With nearly three decades in information security, Garrett explains why identity and access management are no longer just IT concerns—they are core business, legal, and financial risks.The conversation explores how the shift to cloud-based syst...
2026-02-2230 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastFinding (and Auditing) Those Microsoft Share Files w/ Alan SuganoShared Microsoft files are everywhere — but do you actually know who has access, what’s still exposed, and which links never expire?Join us for a live discussion where we break down:✅ What Microsoft files are being shared across your enterprise✅ How to actually discover shared access in OneDrive, Teams, and SharePoint✅ Why expired (or never-expiring) links are a hidden risk✅ What identity + GRC teams should be doing right now to reduce exposure🎙 Featuring:Alan Sugano – Cyber Expert, ADS Consulting GroupIf you care about identity governance, audit readiness, and Mi...
2026-02-1734 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday - Executing SCuBA Compliance, featuring Jason Dunn-Potter (CW5-R) and AllgressJoin us for this #AuditTuesday LinkedIn Live as we break down CISA’s Secure Cloud Business Applications (SCuBA) framework and what it really takes to execute on SCuBA compliance in real-world environments.As organizations increasingly rely on Microsoft 365 and Google Workspace, securing identities and cloud configurations has become a top audit and risk priority. In this live session, we’ll cut through the noise and focus on what auditors, GRC professionals, security leaders, and MSPs need to know now.YouAttest’s Garret Grajek will be joined by Jason  Dunn-Potter(CW5-R), ex-Whitehouse Chief Warrant Officer...
2026-01-2757 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAuditing Microsoft Active Directory for Compliance & Zero Trust SecurityActive Directory remains the backbone of enterprise identity — and one of the largest sources of audit findings, security gaps, and insider risk. Yet many organizations still rely on manual reviews, spreadsheets, and outdated processes to prove compliance.In this #AuditTuesday LinkedIn Live, we’ll break down why Active Directory auditing is more critical than ever — especially for SOX compliance, access governance, and Zero Trust identity security.You’ll learn:Why AD continues to be a top risk area for SOX, auditors, and security teamsHow manual access reviews fail — and where auditors focus firstHow YouAttest a...
2026-01-1527 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAfter the BRICKSTORM Hack: An Identity-First Security Strategy for 2026A critical discussion on cybersecurity in the wake of the BRICKSTORM attack—a sophisticated Chinese APT campaign targeting critical infrastructure. This live session will explore how organizations can pivot to identity-first security strategies to defend against nation-state threats.What is Covered:- Understanding the Threat- What was the BRICKSTORM hack?- Who was targeted and how did the attack unfold?- The broader implications for critical infrastructure security- Building Defense Through IdentityHow to construct an identity-first architectureTWho Should Watch:- CISOs and se...
2025-12-1729 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastZero Day + Sloppy IAM = Catastrophe: Lessons from 2025’s Biggest Breaches w/ Darrick RichardsonDiscussion on how sloppy identity practices made 2025 breaches worse2025 delivered zero-day nightmares: SharePoint RCE, Oracle EBS privilege escalation, VMware vCenter remote code execution — all exploited in the wild.But the real catastrophe? Sloppy IAM. Overprivileged accounts, ghost users, and orphan access turned surgical strikes into enterprise-wide meltdowns. One compromised admin in VMware? Full domain takeover. One stale Oracle account? Financial data exfiltrated.Join Garret Grajek (CEO, YouAttest) and Darrick Richardson (IAM & Cloud Security Architect) for a no-BS breakdown of 2025’s worst breaches — and how automated user access reviews stop the bleeding.🔍 We’ll cov...
2025-12-0355 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday - SOX IT Audit Prep w/ Paul Feather and Craig GuinassoAre you an IT leader, auditor, or professional navigating the complexities of Sarbanes-Oxley (SOX) compliance? Join our upcoming webinar, "SOX Preparation: Mastering IT Controls for Seamless Compliance," where we'll dive deep into the IT-specific aspects of SOX to help you build robust systems and avoid costly pitfalls.What You'll Learn:Key IT General Controls (ITGC): From access management and change controls to data integrity and cybersecurity measures essential for SOX Section 404 compliance.Audit-Ready Strategies: Practical tips on documenting processes, implementing automated controls, and preparing for IT audits without disrupting operations.Common IT Challenges & Solutions: Real-world examples...
2025-11-1655 minGood Neighbor Podcast: Orange County
Good Neighbor Podcast: Orange CountyIdentity Governance, Made Simple For Real TeamsBreaches aren’t magic tricks. They’re usually stale access, orphaned accounts, and privileges that quietly multiply until someone exploits them. We sit down with Garret Grajek—identity veteran and founder of UITES—to unpack how simple, automated access attestations can flip the script and give security leaders proof, speed, and control.Garret’s journey runs from IBM and Cisco to building two‑factor at SecureAuth and AI at Cylance, giving him a rare view across authentication, detection, and governance. He explains why the industry’s center of gravity shifted from networks to identities as companies moved to cloud-first...
2025-10-2108 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday GRC Podcast - America's First AI Transparency Law, CA SB 53 w/ Karina KleverJoin us for an engaging #AuditTuesday session on California’s CA SB 53 - America’s First AI Transparency Law.CS SB 53 was signed into law on September 29, 2025. Hosted by Karlina Klever, GRC Expert from Klever Compliance, and featuring Garrett Grajek, CEO of YouAttest and Multi-Patented AI & Identity Innovator, this event promises valuable insights.This is a pioneering law targeting frontier AI models with over 10^26 FLOPs. It mandates that large developers (over $500 million revenue) disclose safety protocols to mitigate catastrophic risks like bioweapons or cyberattacks, and it sets up public incident reporting channels. Effective January 1, 2026 - it’s...
2025-10-1551 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday GRC Podcast - After the Hack - Keep SharePoint Secure w/ Greg KutzbachIn this dynamic #AuditTuesday webinar, cybersecurity expert Greg Kutzbach, Cybersecurity Expert, will dive into the critical topic of keeping SharePoint secure after recent hacks. He will be joined by Garret Grajek, CEO of YouAttest, to discuss robust identity security strategies. The session will explore real-world threats and actionable solutions to protect your SharePoint environment. Key Discussion Points:-  Why SharePoint Matters: Understand the importance of SharePoint in your organization and the risks it faces.-  Identity Security in SharePoint: Learn why identity security is crucial to safeguarding SharePoint data.- Knowing Your Perm...
2025-10-0841 minPitch, Build, Scale - Startup Founder Stories in the Age of AI
Pitch, Build, Scale - Startup Founder Stories in the Age of AI043 - Scaling Cybersecurity with AI, Automation, and MSP Partnerships with Garret Grajek, CEO of YouAttestIn this episode of Pitch, Build, Scale, we sit down with Garret Grajek, CEO of YouAttest, to explore the future of identity governance, automation, and cybersecurity in an AI-driven world.Garret has spent over 30 years shaping enterprise security, holding 13 patents and building solutions at RSA, SecureAuth, and now YouAttest. His perspective is clear: data is the crown jewel, and automation is the key to protecting it.We discuss how enterprises can move beyond spreadsheets and manual audits to achieve rapid, scalable user access reviews, why non-human identities (NHIs) are...
2025-09-2633 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday GRC PodCast - AI Hacking featuring Alan Sugano and Shannon NoonanIn this dynamic #AuditTuesday webinar, cyber security expert Alan Sugano, President of ADS Consulting Group, we’ll dive into the escalating threat of AI-powered cyberattacks. He will be joined w/ Garret Grajek, CEO of YouAttest on how robust access governance can protect your business and Shannon Noonan, GRC and Cyber Expert.The session explores real-world tactics like AI-driven credential cracking, deepfake scams, and invisible malware, offering actionable strategies to counter them.Key Discussion Points:AI Threats Unveiled: Learn how hackers use AI to exploit weak credentials, craft convincing deepfakes, and hide malware, as outlined in...
2025-09-2345 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMaster PCI DSS 4.0 Compliance w/ Truvantis and YouAttestTune in for an engaging #AuditTuesday GRC podcast focused on mastering the complexities of PCI DSS 4.0. This live session, hosted by YouAttest, a premier identity governance solution, will feature Truvantis, a leading GRC consulting firm, sharing expert insights to guide you toward confident compliance.In this session, we’ll cover:Key PCI DSS 4.0 Updates: Understand critical changes and how they impact your organization.Streamlined Compliance Strategies: Learn how Truvantis’ expert GRC services simplify risk management and compliance processes.Identity Governance Simplified: See how YouAttest’s automated user access reviews strengthen security and ensure PCI DSS compliance.Who...
2025-09-1131 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAI Governance - Ignorance is Not Bliss w/ Ashley Robinson and AllgressJoin us for an engaging #AuditTuesday webinar featuring renowned AI governance expert Ashley Robinson, hosted by YouAttest. This session will explore the critical elements of AI governance, addressing the risks, standards/frameworks/guidances, and actionable steps needed for responsible AI adoption.Many organizations overlook the importance of education and governance awareness in AI use—leaving leaders and staff unprepared! This session will highlight the need for practical policies and training to build public trust.Ashley will share insights on translating frameworks like NIST AI RMF and ISO/IEC 42001 into actionable classroom and workforce policies, while Yo...
2025-09-1142 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday - Who’s Really Inside Your System? w/ #ThatAuditGuy RobertBerryJoin us for an engaging #AuditTuesday webinar featuring renowned auditor Robert Berry, #ThatAuditGuy, hosted by YouAttest.  This session will explore the critical elements of conducting effective t user access reviews for identity security vulnerabilities and meeting compliance regulations SOX, GLBA, HIPAA, PCI-DSS, NYRR 500, CCPR/CCPA.Many organizations fall short by relying on the identity managers to conduct the reviews - without consulting the business and application owners!   This  practice violates audit guidelines!Robert will inform you how audits are done the right way!   And YouAttest will discuss/demo how to ensure access to  sensitive data and a...
2025-08-2746 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCISO’s: Strengthening Supply Chain Security with Identity Governance and InvisiRisk#AuditTuesday Presents: The CISO’s Playbook: Strengthening Security with Identity and Supply Chain GovernanceCISOs need robust strategies to secure their ecosystems and the supply chain and identities that make these supply chains secure - are core to a secure enterprise. Join our #AuditTuesday GRC Podcast, where YouAttest’s Garret Grajek and InvisiRisk experts explore how user access reviews and GRC platforms fortify security across identity and software development lifecycles.What’s on the Agenda?Real-World Security Lessons: Learn from the experts on real world use cases where faulty supply chain security and identity securi...
2025-08-0458 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastStarting An AI Project? Where Does GRC Fit In? With MyTech.Network's Robert HillikerAs AI transforms industries, ensuring robust governance, risk, and compliance (GRC) is critical to building secure and ethical AI systems. In this dynamic #AuditTuesday GRC Podcast,welcomes Robert Hilliker, an AI project leader, to explore how GRC integrates into AI development.What’s on the Agenda?Real-World AI Insights: Robert Hilliker shares experiences from his diverse AI projects, highlighting challenges and successes.AI Governance Frameworks: Introduction to NIST AI Risk Management Framework (AI RMF) and ISO 42001, and the OWASP Guide on LLAM and Generative AI  for responsible AI development.GRC Across the AI Lifecycle: Practical strategies for...
2025-08-0448 minScale Like a CEO
Scale Like a CEOScaling Your Startup: Insights with Garrett Grajeck, The Identity GuyWelcome to 'Scale Like a CEO'! In this episode, industry veteran Garrett Grajeck, known as 'The Identity Guy,' shares his extensive experience in cybersecurity, identity governance, and startup innovation. Garrett discusses the importance of hiring from failed startups, the biggest challenges in GRC, and how his company, YouAttest, is making rapid implementation possible. Learn about Garrett's unique hiring strategies, his approach to delegating tasks, and his vision for the future of YouAttest as he prepares to tap into the MSP market. Don't miss out on this conversation full of invaluable insights for any aspiring entrepreneur. Connect with Garrett...
2025-07-0714 mintHe CybeR VauLt - Top Voices in Cyber
tHe CybeR VauLt - Top Voices in CyberIAM Trends 2024: What’s Changing in Identity Security - The CyberVault with Garret GrajekIn this episode, I’m joined by Garret Grajek, Founder & CEO of YouAttest, identity expert, and inventor with 10+ patents in the space.Garret shares his journey from leading at IBM, Cisco, SecureAuth and Cylance - to building YouAttest with a mission to solve what legacy identity systems still haven’t.We dive into:🧩 Why identity is still one of the most complex and underserved areas in cyber📉 Where legacy IAM solutions are falling short - and how vendors can close the gap🚀 What MSSPs need to...
2025-06-2532 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday: v-CISOs: Scaling Identity GRC for Security and Compliance w/ YouAttest and AllgressWith cyber threats escalating and compliance requirements tightening, organizations need flexible, expert-driven solutions to stay secure. Virtual CISOs (v-CISOs) are redefining governance, risk, and compliance (GRC) by delivering strategic expertise without the cost of a full-time CISO.In this exciting edition of the #AuditTuesday GRC Podcast, Jerry Sisson, Founder/CEO of MyTechNetwork, moderates a compelling discussion with Jeff Kushner, a cybersecurity marketing and GRC expert, and Garret Grajek, CEO of YouAttest, a certified cybersecurity innovator (CEH, CISM, CGEIT, CISSP) with 10+ patents in identity security.What’s on the agenda?The rise of v-CISOs: Ho...
2025-06-1356 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday: Hey MSPs! Time to Get on Board w/ YouAttest Managed UARs!MSPs – it's time to expand your security service offerings with a critical, high-demand compliance function: User Access Reviews (UARs).In this special edition of the #AuditTuesday GRC Podcast, Garret Grajek, CEO of YouAttest, sits down with Joe Rojas, Co-Founder of Start Grow Manage, to discuss how MSPs can unlock new revenue and compliance value by partnering with YouAttest as their backend Managed Security Service Provider (MSSP) for UARs.What’s on the agenda? - What exactly is a User Access Review (UAR) and why is it foundational to any cybersecurity compliance framework?-  The in...
2025-05-3045 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday: CISO Reality Check — Identity Risk w/ Larry WhitesideAs identity risk rises across enterprises, CISOs are being called to lead the charge in governance and access oversight. But are they equipped for the challenge?In this edition of the #AuditTuesday GRC podcast, we sit down with Larry Whiteside Jr., veteran CISO and Co-Founder of Confide—a peer-based leadership network for cybersecurity executives—for a frank discussion on how identity fits into modern risk strategy. Larry also brings his perspective as Co-Founder of the ICMCP, focused on advancing diversity in the cybersecurity space.Key Topics:Why identity governance is a CISO’s responsibility nowCom...
2025-05-2744 min#AuditTuesday GRC Podcast
#AuditTuesday GRC Podcast#AuditTuesday - AI Governance and Model Risk Management w/ James SaylesAs artificial intelligence reshapes business, compliance, and security landscapes, organizations are under pressure to implement clear governance strategies. Yet, many lack a roadmap for ethical, secure, and compliant AI deployment.In this special edition of the #AuditTuesday GRC podcast series, we welcome James Sayles, author of Principles of the Governance Model for Risk Management, to explore the critical issues surrounding AI governance. Sayles will share his expert perspective on where current governance frameworks fall short—and what enterprises, auditors, and boards must do to close the gap.Key Points:The current state of AI go...
2025-04-3044 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMSPs and GRC (Governance Risk and Compliance) w/ Shannon Noonan and Daniel MorrisonGovernance Risk and Compliance is a $45.6B market - a market the Managed Service Providers (MPSs) need to be in they want to grow.But GRC, the concept of helping enterprises obtain not only compliance but be able to show proper governance is out of the comfort zone of many MSPs.   How to start?  How do MSPs get into this much needed space that benefits both the MSP and their clients.      That’s what we cover in this webinar. Key Points:How to get started w/ GRC?What needs to be offere...
2025-03-2650 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastShared Signals - What They Mean for AuthorizationShared Signals - for those in the identity know - it’s a subject that time has come.Shared Signals refers to a standardized system where organizations can exchange real-time security information about users across different platforms.What we cover, here:Why do we need shared signals?How can we use shared signals?Where will WE get these signals?And what will consume them?To delve into this key security topic we have invited the security and identity experts.  We will be joined by Craig Guiansso, cyber security expert at Alector and David Wor...
2025-03-1241 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastReviewing Privileged Accounts - with Synoptek MSPPrivileged users are the source of most enterprise problems:  from outsider attacks, insider threads and compliance - the focus usually involves admin accounts.These accounts have to be reviewed - and on a regular basis.   How?This webinar addresses:Why privileged accounts need to be reviewed?When do these accounts become stale and dangerous?How to build best practices around these accounts?And...How do we even get started?To delve into this key security topic we had invited the security and managed service experts at Synoptek.   They bring rea...
2025-03-1245 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAutomating AWS Entitlement Reviews - with CloudArmeeAWS is the premier cloud vendor - AWS is the basis of most enterprises cloud strategy.   To help us understand the importance of AWS and AWS entitlements, YouAttest has partnered with CloudArmee, prominent AWS experts.CloudArmee and YouAttest have partnered together to help enterprises determine what their access entitlements are for their AWS deployments.E.G. for your AWS deployment: What roles have been created?  Who has access? What is the identity security posture of the enterprise AWS server and services? This is not a question easily answered.But it needs to...
2025-03-1231 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastEU's DORA and Identity Governance - with Ralph Menegatti from concedroHuge regulatory changes face the EU nations and the companies that work w/ the EU: Digital Operational Resilience ACT (DORA).  The Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identity governance efforts?To answer these questions - YouAttest invites a foremost authority in EU regulations:  Concedro, featuring CEO, Armin Binsteiner and compliance exp...
2025-03-1251 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCMMC 2.0 Ruling - What Does this Mean? With ShortArm SolutionsThe U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (32 CFR) for the Cybersecurity Maturity Model Certification (CMMC) program. The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this mean? For Contractors?  How do enterprise adhere to the new standards - and document their pr...
2025-03-1237 minMSP Cyber Roundtable
MSP Cyber RoundtableE80. What Are Security KPIs and What Should They Look Like?Join Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek, Bill Lauterbach, and Kashif Mahmood from YouAttest as they explore how KPIs, such as Identity Reviews Conducted in a Defined Period of Time, help enterprises measure and improve identity governance. Additionally, FortMesa shares insights on integrating security KPIs into your strategy.
2025-02-1254 minThe Cybersecurity Defenders Podcast
The Cybersecurity Defenders Podcast#190 - How MSSPs can help clients meet regulatory requirements with Garret Grajek, CEO at YouAttestOn this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP.Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and...
2025-02-0338 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastThe Trump Administration and Cyber Regulations - Karen Klever, Mike Andrewes and Stacey Cameron New administration - new attitude, regulations, priorities on cyber governance? No question.But what will it be?  What about CISA?What about NIST?What about the SEC?What about CMMC?All of these and more will be discussed.To answer these questions - YouAttest invites authorities in compliance and security matters, Stacey Cameron, CEO of Cycam Strategies, Karina Klever of Klever Compliance, and Mike Andrewes of YastisTo learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com                       
2025-01-1756 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastOkta “No Password Flaw” - What Is It? How to Secure? - Featuring Greg KutzbachOkta announced that they had a flaw in their authentication - where under “specific circumstances” a user could gain access w/o inputting the password associated with the account.How is this possible?What does this mean?And most importantly…How to secureThat’s what will be discussed this very important #AuditTuesday w/ Greg Kutzbach,  Cyber Security and Digital Forensic Expert of Exhib A Cyber.To learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com
2025-01-1730 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGRC Fatigue and What Can Be Done - Featuring Stacey CameronPractically all enterprises are under some sort of IT compliance and regulations.   Holding any data that is classified as sensitive - puts the enterprise under the watchful eye of of the regulators.But with all this compliance and regulatory guidances - comes the fatigue.   What is the genesis of this fatigue - and what can be done to alleviate the grind of regulatory compliance.To answer these questions - YouAttest invites an authority in compliance and security matter, Stacey Cameron,  CEO of Cycam Strategies.To learn more about YouAttest and how we can hel...
2025-01-1613 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMentoring the Next-Generation of Cyber Professionals - Featuring Ted AlbenYou can’t talk about cyber security with a professional today without the conversation turning to the topic of the next generation.Namely our youth - with questions coming up,Are they ready for jobs in cyber security?Are they capable of taking the reins of responsibility for cyber security?At what level?And what needs to be done to get them more ready. But how AI is created is not longer a science project - it’s a regulated business.   Key aspects of the creation of the AI components must be govern, especi...
2025-01-1614 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCMMC 2.0 Final Ruling - What Does This Mean? Featuring Michael Andrewes, YastisThe U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (the Final Rule) for the Cybersecurity Maturity Model Ceritficat (CMMC) program.The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this?  For Contractors?  How should this change this practices and documentation procedures?To...
2025-01-1612 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGerman Cyber Hacks and EU DORA - Featuring Ralf MennegattiCyber Attacks are worldwide. Germany is not immune to these attacks.  In fact Deutsche Bank in September 2024, stated that “Cyber-attacks alone cost the German economy an enormous 148 billion euros every year.”At the same time Germany and the rest of EU is struggling to enact the Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identi...
2025-01-1610 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMSPs: Automate Your Identity AuditsThis YouAttest podcast highlights the YouAttest offering for Identity security and compliance for managed service providers (MSPs.)Automating and simplifying user access reviews.
2025-01-1612 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCMMC 2.0 Final Ruling Update - Yastis, Micahel AndrewesThe U.S. Department of Defense (DoD) on October 15th, 2024 published its long-anticipating first part of the final rule (the Final Rule) for the Cybersecurity Maturity Model Ceritficat (CMMC) program.The program will require third-party verification for contractors working with controlled unclassified information (CUI) confirming that contractors are meeting existing DoD cybersecurity standards and a self-assessment by contractors that have Federal Contract Information (FCI) showing that they are in compliance with the 15 controls in Federal Acquisition Regulation (FAR) 52.204-21.What does this?  For Contractors?  How should this change this practices and documentation procedures?To...
2024-12-1112 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastHR-IAM Variance - Detecting Orphan Users and Privileges w/ YouAttestHR systems for many enterprises is the identity store of record (ISoR). This is where identities are created, roles are assigned, and privileges are entitled.  But these HR systems (HRS) are NOT enforcement points – they are the container of entitlements. The enforcement of these entitlements usually falls to identity and access management (IAM) systems.   Hence comes the identity variance between:What roles/entitlements are created/documented in the HR system?What roles/entitlements are ENFORCED by the IAM?Contact us at YouAttest - https://youattest.com/ - we will identify the anomalies between your...
2024-12-1113 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastThe Change Healthcare Hack - A Game Changer in Health Risk Management w/ Greg KutzbachChange Healthcare announced Thursday, Feb 29th  that a ransomware group that had claimed responsibility for the attack was at faultHealth care providers across the country are reeling from a cyberattack on a massive U.S. health care technology company that has threatened the security of patients’ information and is delaying some prescriptions and paychecks for medical worker.What was the hack? How will it affect Health Care Providers?What should be done for prevention?That’s what will be discussed this very important #AuditTuesday w/ Greg Kutzbach,  Cyber Security and Digital Forensic Expert of Exhib A...
2024-12-1055 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGRC Fatigue and What Can Be Done w/ Stacey Cameron (CyCam Strategies)Practically all enterprises are under some sort of IT compliance and regulations.   Holding any data that is classified as sensitive - puts the enterprise under the watchful eye of of the regulators.But with all this compliance and regulatory guidance - comes the fatigue.   What is the genesis of this fatigue - and what can be done to alleviate the grind of regulatory compliance.To answer these questions - YouAttest invites an authority in compliance and security matters, Stacey Cameron, CEO of CyCam Strategies.To learn more about YouAttest and how we can he...
2024-12-1013 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAWS - In-Depth Entitlement Audit by YouAttest w/ Raj Sawhney (CDW)AWS is the premier IAAS vendor - AWS is the basis of most enterprise cloud strategy.   To help us understand the important of AWS and AWS entitlements the video has Raj Sawhney, Managing Director, IT and Internal Audit, Cybersecurity and Business Process at CDW. But what roles have been created?  Who has access?   What is the identity security posture of the enterprise AWS server and services?   This is not a question easily answered.But it needs to be.   According to  Palo Alto’s Unit 42 - their threat research group, say 99% of accounts in the cloud...
2024-12-1017 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGerman Cyber Hack and EU DORA w/ Ralf MennegattiCyber Attacks are world-wide.   Germany is not immune to these attacks.  In fact Deutsche Bank in Sept 2024, stated that “Cyber-attacks alone cost the German economy an enormous 148 billion euros every year.”At the same time Germany and the rest of EU is struggling to enact the Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identit...
2024-12-1010 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMSPs: Automate Your Identity Audits w/ YouAttest "User Access Reviews" (UARs)Welcome to today’s AuditTuesday - this YouAttest podcast highlights the YouAttest offering for Identity security and compliance for managed service providersTo help with the discussion we have Bill Lauterbach, YouAttest Channel Director Kashif Mehmood, YouAttest Field Services DirectorTo learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com                       
2024-12-1012 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest Next-Gen IGA on AWS Marketplace w/ Cloud Armee (Chris Kesik)AWS is the predominant cloud service for most enterprises w/ over $90B a year and growing.Which warrant security products that are not only designed to work in the AWS marketplace, but could be sold on the AWS marketplace.That’s why YouAttest, the fastest time-to-value next-gen identity governance tool, with dedicated functionality to AWS - is now offered on the AWS marketplace.So let’s learn:What is the AWS marketplace?Why is it important?What are the challenges of securing identities on AWS?How does YouAttest meet thes...
2024-12-1026 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCPF Coaching: YouAttest Product of the Week for MSPs - Christophe FoulonLots of products out there for MSPs to review and deploy - that’s why the market appreciates those that review the products for the consultants and managed service providers.This is exactly what Christophe Foulon and CPF Coaching did.They reviewed the products in the identity attestation and identity governance category  - specifically w/ an eye to how MSPs would utilize the offering.   The offering needed to be:Multi-tenantedEasily deployedIntuitiveAnd no-codeThe solution that met these criteria was YouAttest.    #AuditTuesday will talk to Christophe Foulon and ask him abo...
2024-12-1031 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastHR-IAM Variance - Cleaning out Orphaned and Mis-Aligned Privileges, w/ Karina KleverHR systems for many enterprises is the identity store of record (ISoR). This is where identities are created, roles are assigned, and privileges are entitled.  But these HR systems (HRS) are NOT enforcement points – they are the container of entitlements. The enforcement of these entitlements usually falls to identity and access management (IAM) systems.   Hence comes the identity variance between:What roles/entitlements are created/documented in the HR system?What roles/entitlements are ENFORCED by the IAM?Contact us at YouAttest - https://youattest.com/ - we will identify the anomalies betwe...
2024-12-1013 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastNIST Frameworks and CMMC for Federal Contractors - Short Arm Solutions, Jeff Chao and Rick MischkaIn fiscal year 2023, the federal government spent around $759 billion on contracts with outside companies and organizations. In 2024 there are over 200,000 government contractor firms that generate $1.1 trillion in annual revenue.But the U.S. government wants the supply chain secured - and to this end has asked these suppliers especially those in the defense industrial base (DIB) to know and follow the guidelines and frameworks that come from the National Institutes of Standards and Technologies (NIST).This webinar will address:What are key frameworks that the suppliers should know & follow?What are the...
2024-12-1041 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGetting Started w/ Your Compliance Project - Karina Klever and Cloud PSOMost enterprises are under compliance, be it in healthcare, finance, insurance, government, education or defense.And most of the enterprises have compliance projects that need to be started or re-started. And thus the quandary... how to get these projects under way!YouAttest is fortunate to have Karina Klever, GRC expert and the team at CloudPSO to help out on how to get your GRC project started.Topics will include:What are the key compliance projects?How to get started?Where enterprise go wrong w/ starting their GRC projects?What if/any tools...
2024-12-1047 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest ITS (Identity Trust Score) - For Managed Service Providers (MSPs) w/ Eldon SprickerhoffThe Managed Service Provider (MSP) space is experiencing significant growth, with the global market currently valued at around $299 billion and projected to expand at a compound annual growth rate (CAGR) of 13.6% through 2030, indicating a substantial increase in demand for MSP services across various industries.But with this growth - comes responsibility. MSPs are expected to be able to manage the risk in the enterprise - and the biggest risk to the enterprise is identity.   Identity the MSP holds for the enterprisePermissions and entitlements for the enterpriseAccess the MSP grants to resource fo...
2024-12-1050 minMSP Cyber Roundtable
MSP Cyber RoundtableE71. Securing Identity in a Zero-Trust WorldJoin Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek and Bill Lauterbach from YouAttest as they discuss how to protect user identities and enforce strict access controls in a zero-trust environment, minimizing risks. Additionally, we will provide a high-level overview of DMARC as part of our Security Essentials series.
2024-11-2057 minDefault Global Podcast: Navigating Global Expansion, Remote Teams, and International Talent
Default Global Podcast: Navigating Global Expansion, Remote Teams, and International TalentHow to Raise Seed Funding for Cybersecurity Startups🔊 In this episode of Default Global, I talk with Garret Grajek, CEO of YouAttest and a veteran in identity governance within the cybersecurity space.With over 30 years of experience and 13 patents, Garret shares actionable tips on securing seed funding, navigating today’s valuations, and finding the right investors.He also discusses the challenges of scaling a global team and emphasizes that business savvy is just as essential as technical expertise.Key takeaways:Raising startup capital in a competitive cybersecurity market.How a business-savvy spouse can strengthen your investor pitch...
2024-11-1317 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastBlack Hat 2024 - Mel Reyes and Shaun WalshMore than 20,000 professionals will go to Black Hat 2024 this year. The who’s who of cyber security, hacking and prevention.    Let’s get two professionals’ thoughts on this:Mel Reyes - everyone’s favorite cyber spokespersonShaun Walsh,  Chief Marketing Officer at Peak NanoNeed to automate your identity audits?  Contact us at YouAttest - we will show you how -  https://youattest.com/contact/
2024-11-1351 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCISA and The Principle of Least Privilege - Identity Governance w/ David WorthingtonThe world is finally becoming aware of the danger of excess privileges and unmanaged users. These are the accounts that the attackers love to take over and then stay resident in our enterprises and exfiltrate data while going undetected.NIST, the National Institute of Standards and Technology, has created a concept to remedy this situation. They label it the Principle of Least Privilege (NIST CSF 1.1. PR.AC-04, NIST CSF 2.0 PR.AA-05), which guides companies to limiting logical, physical and system access to specific job functions. To get the word out – #AuditTuesday has invited David Worthington wit...
2024-11-1351 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastErrors in Cyber Vendor Selection and Vendor Mgmt - w/ David GiliesSelecting a new vendor is wrought w/ problems and failed attempts.   The decision is crucial - but the input is flawed.  Relying on vendor-lead references leads to a lot of poor buying decisions.#AuditTuesday talks to David Gillies to improve the process.  Need to automate your identity audits?  Contact us at YouAttest - we will show you how -  https://youattest.com/contact/
2024-11-1312 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastThe CDK Global (Car Dealership) Hack and the IAM/SSO ConnectionOne of the largest hacks of 2024 is shaping up as the CDK software hack that has affected over 15,000 US and beyond car dealerships. The impact of the attack is affecting the entire U.S. economy -with over  the loss could be between $4 billion and $16 billion in sales and depress total retail sales in the U.S. by 2.3 percent.So what was the cause of this attack?How was it related to identities?Why was IAM/SSO relevant to this attack?And…What mechanism should be in place to avoid this type of attack?The items wil...
2024-11-1352 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest Next-Gen IGA on AWS Marketplace w/ CloudArmee - #AuditTuesdayAWS is the predominant cloud service for most enterprises w/ over $90B a year and growing.Which warrant security products that are not only designed to work in the AWS marketplace, but could be sold on the AWS marketplace.That’s why YouAttest, the fastest time-to-value next-gen identity governance tool, with dedicated functionality to AWS - is now offered on the AWS marketplace.So let’s learn: - What is the AWS marketplace? - Why is it important? - What are the challenges of securing identities on AWS? - How does...
2024-11-1326 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest CGEIT Study Session Domain 4 - Featuring Karina Klever and Kelly GilmoreRisk Optimization - This session will help you understand the frameworks that assist in governance, and that help an enterprise identify, analyze, monitor, manage, communicate and mitigate IT-relevant business risk.
2024-11-131h 02#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest CGEIT Study Session - Summary, Episode 5 - Karina Klever and Kelly GilmoreSummaryThis will be the last session in our 5 part CGEIT prep series. We will summarize all that we have discussed in the past 4 sessions and will answer any questions that you might have regarding the certification exam.
2024-11-131h 04#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastDeveloping AI? Access Controls Matter - w/ GetSmart Cyber DefenseArtificial Intelligence (AI) has revolutionized various industries, and its application in online security is proving to be a game-changer. But how AI is created is not longer a science project - it’s a regulated business.   Key aspects of the creation of the AI components must be govern, especially for AI created from data that stems from regulated business.That is:How was the data collected?Who collected the data?Who handled the data?How was the data stored/disposed after the AI algorithm was created?Today’s webinar covers the vital topic of Use...
2024-11-1343 minNext Gen Case Studies
Next Gen Case StudiesSimplifying Identity Management and Security with Garret Grajek In this episode of the NextGen Case Study series, we welcome Garret Grajek, CEO and co-founder of YouAttest, a company specializing in cloud-based identity, auditing, and management solutions. With nearly 30 years of experience in information security, Garret is recognized as a security visionary, holding 13 patents in technologies like X.509, mobile, SSO, federation, and multi-factor authentication. His extensive work includes significant security projects for both commercial clients and public sector organizations, such as the US Navy and the EPA. Garret begins by sharing his journey from a programmer to a leading figure in identity and security...
2024-08-2229 minMSP Cyber Roundtable
MSP Cyber RoundtableE58. 3 Reasons 2-Factor Isn't EnoughJoin Matthew Fisch of FortMesa on the MSP Cyber Roundtable, along with special guests, Garret Grajek and Bill Lauterbach from YouAttest as they talk about the pitfalls and problems with two-factor authentication. In addition, we go over ISC2 Certification at a high level.
2024-08-0749 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastEU'S DORA and Identity Governance - Special Guest: Ralf MenegattiThe Digital Operational Resilience Act (Regulation (EU) 2022/2554) solves an important problem in the EU financial regulation. DORA mandates that enterprises augment their protection, detection, containment, recovery and repair capabilities against ICT-related incidents. But what does this mean for your enterprise - and what does this mean for your identity and identity governance efforts?To answer these questions - YouAttest invites a foremost authority in EU regulations: Ralf Menegatti, CEO of the Luxembourg-based DAQS. The webinar will include the following information:What is DORA?When does it go into effect?What does it me...
2024-06-2651 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest CGEIT Study Session: Domain 3 - Featuring Karina Klever and Shannon BrewsterLed by Karina Klever and Shannon Brewster, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just like the exam. Great topic, great hosts, great value - let’s learn together!To learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com
2024-06-201h 03#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCGEIT Training Session - Domain #2 w/ Karina Klever and Kelly GilmoreA 5-part series is helping managers become better managers - starting with learning the basis of the CGEIT certification. (Certified in the Governance of Enterprise IT®)Whether you’re looking for a new career opportunity or want to advance within your existing company, becoming Certified in the Governance of Enterprise IT® proves your expertise in enterprise IT governance, resources, benefits and risk optimization.Led by Karina Klever and Kelly Gilmore, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just...
2024-06-181h 01#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCybersecurity 80-20 Rule - Start with Identity w/ Michael Andrewes of YastisThe 80/20 rule is crucial to many enterprise and life activities - but what about cybersecurity?Most definitely it is. The 80-20 rule guides us to take our limited resources and focus them on activities that would make the most difference.The same goes for cybersecurity.    Michael Andrewes is a cyber and GRC specialist who will dialogue why and how we should focus our limited cyber budgets and efforts on securing our identities.  The webinar will include the following information:  -  What are the identity risks in the enterprise?  -  What hap...
2024-06-1846 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastLimiting the Identity Attack Surface - Red Cup IT Starring Dan LeAttack surface is the rage of cyber security today - we hear we have to reduce our attack surface. But how about the biggest vulnerability - our identities - and thus shouldn’t we be reducing our IDENTITY attack surface.Absolutely we should.Red Cup IT, a premier managed service provider focusing on security and YouAttest, a Next-Gen IGA solution - have teamed up together to reduce the identity attack surface.The webinar will include information:- What is the identity attack surface problem?- What are the consequences of a un...
2024-05-2952 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastBefore the Breach - Strategy on Identity SecurityBreaches happen - especially for enterprises who hold sensitive data: PHI for healthcare, PII for financial institutions and CUI for defense contractors.But what should be our strategy BEFORE the breach?   Especially around the reason and most often, the source of the attack -  enterprise identitiesThis YouAttest  #AuditTuesday podcast will focus on breach prevention with a  focus on policy, practices and procedures.  To help explain proper cyber and governance strategy, YouAttest is featuring Rob Yates and Ted Alben , Partners at “Get Smart Cyber Defense” to talk about strategy “before the breach”.YouAttest w...
2024-05-2548 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCGEIT Training Session - Domain 1 w/ Karina Klever and Kelly GilmoreA 5-part series is helping managers become better managers - starting with learning the basis of the CGEIT certification. (Certified in the Governance of Enterprise IT®)  Whether you’re looking for a new career opportunity or want to advance within your existing company, becoming Certified in the Governance of Enterprise IT® proves your expertise in enterprise IT governance, resources, benefits and risk optimization.Led by Karina Klever and Kelly Gilmore, with assistance from YouAttest CEO Garret Grajek, CEH, CISSP, the sessions will cover Governance of Enterprise, Strategic Management, IT Resources, Benefits Realization and Risk Optimization, just...
2024-05-251h 01#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastIdentity Governance in Healthcare - featuring Steve TaccognaThis YouAttest Educational  #AuditTuesday podcast highlights YouAttest in healthcare. Healthcare is under attack by ransomware groups  and other hackers. In response, healthcare enterprises are under new regulations for the holding of identities and other personal healthcare information (PHI).To help explain the value and the functionality of identity Governance, we are lucky to have Steve Taccogna - Cyber expert and founder and principal of Syntacc.  To learn more about YouAttest and how we can help secure your identities, contact us at info@youattest.com
2024-05-2439 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastChange Healthcare Hack: Update - PoLP Matters featuring Carrie JabsThis YouAttest Educational  #AuditTuesday podcast discussed the updates known about the biggest hack in the history of U.S. healthcare-  the Change Healthcare ransomware attack.It appears the hackers were in the environment for over a week.What does this mean, how does the effect security - and how can this type of attack be mitigated. To help explain the update, we have Carrie Jabs, - Cyber/GRC expert.To learn more about YouAttest and how we can help secure your identities, con...
2024-05-2412 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastConsequences of a MSP Breach - Financial, Legal and Cyber Implications - Featuring Cynthia Stamer, Peter Gailey and John AllenBreaches are not new - they affect every industry from A to Z - Advertising to Zoos. What’s new? Now the hacks of the services that manage the IT infrastructure and services are being compromised. These organizations are called MSP (Managed Service Providers) and MSSP (Managed Security Service Providers). Consider these firms as part of the Supply Chain for Technology Services.  What are some of the implications when these enterprises get hacked? This is not theoretical - recently a MSP was slapped w/a Lawsuit from...
2024-04-041h 05#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastThe Microsoft Email Hack - Service/User Accounts Used for OAUTH SSO w/ Greg KutzbachWho: Greg Kutzbach, Digital Forensic Expert, Exhibit A Cyber            Garret Grajek, CEH, CISSP, CEO of YouAttestMicrosoft just suffered a major attack on their internal email systems.  The culprits were deemed to be Russian state actors.It appears the attackers overtook “legacy”  accounts and created malicious OAUTH access. Cyber forensic expert Greg Kutzbach, an expert on digital discovery, will spell out the hack, and more importantly, how organizations can defend themselves.The start of the solution to this problem is review of the permissi...
2024-03-0127 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastEgo and the Start-up Entrepreneur with Professor David CarlsonEveryone loves the start-up - but no one loves the ego of the start-up entrepreneurs. It’s not a myth, it’s real and it hurts the endeavor.To explore this real world problem - is start-up expert and author: David Carleson. A seasoned veteran in the problem and author of, “Death By Ego: Lessons From Entrepreneurs Who Successfully Killed Their Companies”.  David has researched and is an expert on areas of ego and the start-up, including:Dysfunctional ego traits that investors can recognize in the entrepreneurTrue stories how ego killed good start-upsReminders how entrepren...
2024-03-0129 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCyber Security and Cyber Law - Identity Governance w/ Stacey Cameron, Shawn Tuma and Justin CorkerCases like the SEC claims against SolarWinds and Tim Brown have made the general public aware that IT has governance and a legal responsibility to identify data. But SolarWinds isn’t the only case in the news - there were 246 class action lawsuits on data breaches in 2023 - and the SEC ruling on 4 day notification is predicted to make this number skyrocket.What are the lawsuits about? What are “due care” and “negligence” legally and how does this relate to the cyber world?   To help answer this question - we have corporate cyber defense lawyer, Shawn Tuma. And to help...
2024-03-011h 00#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastWhy IGA is Failing Our Enterprises - Stacey Cameron, Mel Reyes, Tom SabbeIGA has been seen as a failure in many enterprises.  Why is this? Why are companies getting hacked for faulty governance?   Why are companies being sued for faulting governance?Why are governance improvements in the future?And why do GRC projects never seem to meet expectations?We discuss this w/ Mel Reyes, Stacey Cameron and Tom Sabbe. Mel has execution expertise in delivering Business & Product Development, eCommerce, Agile, DevOps, interactive, and mobile solutions deployed across varying markets for companies like PayPal, eBay, T-Mobile, Mercedes-Benz, Sharp, Lowe’s, Pepsi, Priceline, Bank of America, Kraft, AT&T, e...
2024-02-0754 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCybersecurity and Change Control, focus Identity - with John Young and Kelly GilmoreCybersecurity is on everyone’s mind - but did you know cybersecurity starts w/ change control?Hackers love sloppy IT and sloppy identity practices? IT cowboys like to slap in changes w/ the rapid process and procedures - this makes the IT practices inviting to hackers who only need a single vulnerability to import their malware and exploit any weakness we give them.To discuss change control and the importance is cyber security expert John Young, IT professional, hacker, author and writer of “Why Cybersecurity and Change Control Go Together Like Peanut Butter and Jelly”  Br...
2024-01-3153 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastSecurity Audits - What’s Missing? w/ Dmitriy SokolovskiyGiven the amazing rash of hacks and ransomware attacks over the years - many enterprises are now either considering or beefing up their security audits.   But are we getting full value out of these audits - what are we missing?  Lending his expertise is Dmitriy Sokolovskiy,  Cyber and Start-up AdvisorSo contact us at YouAttest - we will address your identity audit concerns -  https://youattest.com/contact/
2024-01-2717 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastYouAttest “Segregation of Duties” for Identity Security and Compliance w/ Shannon NoonanSegregation of Duties (S.o.D) is a KEY requirement for identity security and compliance. It is a principal requirement for a secure enterprise to fight against insider theft and to combat fraud.But how to automate, repeatedly, across all of your identity resources in a simple, deployable manner? And to execute without a seven figure budget? YouAttest has the answer. With its simple identity plug-in into ALL leading IAM solutions - YouAttest allows your risk managers (internal and external) to run S.O.D reports on all your enterprise resources.To kick...
2024-01-2715 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastWhat is Insider Threat and How Does GRC Address w/ Carrie Jabs“Insider Threat” is always a topic - and it became even more of a topic with the recent hacks. Why is it such a problem? What tools can be used to mitigate - and what practices should be implemented? This is reviewed in this short video on the topic.   Lending his expertise is Carrie Jabs,  Cyber and Compliance Specialist.  She can be reached at:    / carrie-braun-jabs-9790521  So contact us at YouAttest - we will address your identity audit concerns -  https://youattest.com/contact/
2024-01-2706 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastEntitlement Audit of AWS for Security and Compliance - Featuring Raj SawhneyAWS is the premier IAAS vendor - AWS is the basis of most enterprise cloud strategy.   To help us understand the important of AWS and AWS entitlements the video has Raj Sawhney, Managing Director, IT and Internal Audit, Cybersecurity and Business Process at CDW. But what roles have been created?  Who has access?   What is the identity security posture of the enterprise AWS server and services?   This is not a question easily answered.But it needs to be.   According to  Palo Alto’s Unit 42 - their threat research group, say 99% of accounts in the cloud...
2024-01-2717 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastMSPs - It’s Time to Get Outside of the Box w/ Eldon SprickerhoffEnterprises of all sectors are at the end of their ropes dealing with cyber attacks, ransomware and data breaches. Their only recourse is to hand off more of the cyber duties to outside services.The managed services, e.g. the MSPs and MSSPs, need to step up. But are they?   We have one of the leading thought leaders in the managed service space, Eldon Sprickerhoff, sharing his insights. Eldon founded and led one of the first MDR (Managed Detection and Response) services.To learn more about YouAttest and how we can help with yo...
2024-01-2708 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastHalloween Scary Stories on Identity Hacking w/ Craig Guinasso and Paul FeatherThe past months have brought us more than just the infamous MGM identity hack - unfortunately much more. Identities themselves are no longer the target now it’s the entire identity infrastructure.To discuss these hacks we have security expert Paul Feather from Compu-netics and security expert Craig Guinasso. YouAttest’s own CEO, Garret Grajek will join in the discussion.These are indeed scary stories - but the guest will also discuss counter measures!And to keep your permissions in check - ensure your identity entitlements w/ YouAttest.To learn more abou...
2024-01-2729 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAI and Search - What’s Next w/ David NovickSearch has been big business for 30 years - and no one is bigger in the search industry than Google.    But with new advances in AI, especially around LLM (Large Language Models), with working examples like Open AIs ChatGPT - is the dominance of Google over? Is there room for new search engines - and could the current Google-type search industry days be numbered?And where do the LLMs fit in search?To shed light on this topic, YouAttest interviewed David Novick, search, cyber and marketing expert and author of “The Future of Search: Explo...
2024-01-2614 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastData Security and Identity Governance w/ Michael AndrewesData security is foremost on everyone minds w/ ransomware and data attacks occurring daily. But what can be done to secure data? And what role does IGA, identity governance, play in the fight against attacks on data?To shed light on this topic, YouAttest interviewed MIchael Andrewes, a cybersecurity, governance and risk expert, on identity governance relates to data security - on an on-going basis.  https://www.yastis.com/ Need to automate your identity audits?  Contact us at YouAttest - we will show you how -  https://youattest.com/contact/
2024-01-2309 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastCISA and The Principle of Least Privilege w/ CISA Security Advisor: Donald E. HesterThe world is finally becoming aware of the danger of excess privileges and unmanaged users. These are the accounts that the attackers love to take over and then stay resident in our enterprises and exfiltrate data while going undetected.NIST, the National Institute of Standards and Technology, has created a concept to remedy this situation. They label it the Principle of Least Privilege (NIST CSF 1.1. PR.AC-04, NIST CSF 2.0 PR.AA-05), which guides companies to limiting logical, physical & system access to specific job functions. To get the word out - t...
2024-01-1659 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAnother Okta Attack, Another IAM Attack - What to Do? (With SHI Security SE Josh Gold)First there was the MGM/Caesar’s hacks involving Okta. Then it broke that Okta support session tokens were hacked to break into Cloudflare, BeyondTrust and 1Password.   There is no question that Okta installations are under attack - but so are other IAMs.Why are enterprises attacking Okta and the other IAMs? And what can be done?To discuss this and other topics - YouAttest invited noted cyber expert Josh Gold, ASG Presales Solutions Specialist ‑ Security at SHI, to discuss.To learn more about YouAttest and how we can help with your i...
2024-01-1108 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastAI Data and Sloppy Handling Will Get You Sued w/ Malcolm HarkinsEveryone is racing to AI.  And in the race a lot of data is being collected and not all of it w/ the proper security, controls and governance on these models.And it’s a problem.  The 32 TB hack of Microsoft’s data for AI is the latest example.So what are the concerns on AI data and sloppy collection, storage, overall security and of governance.   To answer these questions - #AuditTuesday is grateful to have a world-wide recognize voice in the governance of AI models and the data collecting and stored for the creation of the...
2024-01-1118 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastHow Sloppy Identity Practices are Killing Us with Kevin MossIdentities are the #1 cause and mechanisms for hacks - malware insertion, ransomware and data exfiltration.We discuss this w/ Kevin Moss, a Financial Services expert - specializing in risk management for Fintechs and banking institutions.Kevin Moss is an industry practitioner, board member and advisor. He was Chief Risk Officer at SoFI.. He was previously Executive Vice President and Chief Risk Officer responsible for managing Credit, Compliance, and Operating Risk for the Wells Fargo Consumer Lending Group.   Moss joined Wells Fargo in 1998 and brings 38 years of banking and financial services experience to his current role a...
2024-01-1109 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastThe SEC 10-K and Mandated Cybersecurity Messaging w/ DV SubramanyamThe “SEC Final Ruling” on cybersecurity and cybersecurity messages in law.   The changes include mandatory documentation of cybersecurity practices in their annual 10-K filings.  These include details on an adoption of the Risk Management Framework the enterprise utilizes.   What does this mean?  What is required?To help answer these questions we have DV Subramanyam, CEO of Essert.io. He has a world-unique product and angle on what can and should be disclosed after a data breach or cyber incident, based on the latest SEC cyber rulings.   In addition, we are fortunate...
2024-01-1157 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastSEC Charges Against SolarWinds and Tim Brown w/ Peter SchawackerA milestone action occurred on October 30th, in the history of cyber and legislation. The U.S. Security Exchange Commission (SEC), moved to prosecute SolarWinds, the software company that was the root cause of major breaches including the  infamous 2021 Colonial Pipeline shutdown.The breakthrough action in this case is that the SEC filed charges, not only against SolarWinds, but also against Timothy Brown, SolarWinds’ top security executive.The Director of the SEC’s enforcement division said in a statement, “…underscores our message to issuers: implement strong controls calibrated to your risk environments and level with investors...
2024-01-1108 min#AuditTuesday GRC Podcast
#AuditTuesday GRC PodcastGRC 2024 - What to Hope For - What to Expect w/ Carrie Jabs2024 looks to  be the year of GRC - w/ multiple forces merging.    Companies like SolarWinds being criminally charged for falsifying their identity and security filings - including their CISO.   And Zero Trust looming on the horizon and CMMC finally rearing its hedging to formality. To help us on this discussion is Carrie Jabs,  Cyber and Compliance SpecialistSo contact us at YouAttest - we will address your identity audit concerns -  https://youattest.com/contact/
2024-01-0311 min