Kayne and Tom talk about an article on the future of auditing with consideration for AI and it’s uses. Along the way, they uncover where organizations should be considering strategic shifts around AI and where they need to exercise caution. Of course we all get to enjoy another face of disgust from an otherwise truly enjoyable beer.Reference documents: https://hyperproof.io/resource/the-future-of-auditing-2025/Beer: Cadence (Belgian-Style Ale) by Reformation Brewery▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:16 - Beer background 4:05 - We’re facing new regulatory requirements like NIS2 and DORA in the EU, along with potential state-by-state regulations in the US, and the challenges of FedRAMP. How should companies be adjusting audit readiness strategies to handle this increasing complexity?10:45 - Something that I mentioned in the article was that in our IT benchmark survey, we found that 59% of organizations now test all controls rather than just the most important ones. What's your perspective on this shift, and have we made similar changes?14:45 - How has the integration of AI and cloud technology changed your thinking about auditing and compliance in the past year?20:30 - What role do you see for external consultants in the audit preparation process?26:15 - How are we handling the challenge of managing multiple audits simultaneously while avoiding duplication of work across departments?28:55 - What specific inefficiencies have we identified in our current audit processes, and which technologies have been most helpful in addressing them?33:40 - The article emphasizes the value of continuous controls monitoring. What measurable benefits have you seen from implementing real-time monitoring of your controls?39:18 - Beer reviews
--------
43:02
How to handle Data Privacy for AI with Dustin Wilcox
Kayne and Tom talk about AI and regulatory consequences with a Special guest, and Tom’s brother, Dustin Wilcox, a Fortune 20 CISO with a Global Healthcare company. They knock back a delicious Porter beer and uncover the secrets of AI and regulatory management. A blockbuster of a good time.▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:28 - Beer background 4:40 - The balance between AI usage and privacy laws9:10 - Deepseek and data breaches15:30 - How do the “right to be forgotten” provisions under GDPR and CCPA impact the development and deployment of AI systems?22:00 - What are the potential risks and implications for organizations if they fail to identify users interacting with their AI systems in the context of GDPR and CCPA compliance?25:18 - What are the potential security and privacy risks associated with deploying a GPT LLM using proprietary data without a centralized IT team managing access controls?35:30 - Can you share best practices for ensuring AI systems are designed to respect user privacy rights?46:05 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.
--------
49:14
Risk Assessment with Adam Brennick
Kayne and Tom talk with Adam Brennick, Director of Security, Risk, and Compliance at Cockroach Labs. Adam dives into the risk assessment process and some of the best practices for building and maturing the risk management lifecycle. Kayne has a surprising score for the beer today and it is marked for future celebrations. Beer: No-Li Squatch Pirate Juicy Haze IPAReference Documents:https://hyperproof.io/resource/iso-27001-statement-of-applicability/https://hyperproof.io/iso-27001/https://youtu.be/PdYu6_m42Ek▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:23 - Beer background 4:40 - Intro Questions9:40 - Risk Assessment Supporting Compliance Audits17:00 - Engaging Business Owners in Risk Management23:45 - Risk Treatment and Risk Acceptance Education31:55 - Strengthening Trust in Compliance Reports37:40 - Compliance Reports and Go-to-Market Strategy42:30 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.
--------
46:05
All About DORA
Kayne and Tom talk about DORA and its applicability. Learn where DORA applies, how you may need to be concerned about DORA even if you think you don’t and why DORA is causing confusion in US companies. Kayne and Tom try an unusual option to drink and we come close on the scoring.Reference Documents:https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R2554 https://hyperproof.io/resource/comprehensive-guide-dora/Beer: Excelsior Imperial Apple by Schilling Cider House▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:17 - Beer background 3:39 - What is DORA?4:10 - Does DORA affect US-based businesses?6:53 - Why are US-based businesses confused about DORA?9:43 - What are the key compliance requirements under DORA?17:40 - How should US companies prepare for DORA's resilience testing requirements? 21:00 - Does DORA pose unique challenges compared to existing US cybersecurity regulations? 25:50 - Does DORA affect third-party risk management?34:44 - What steps should US companies take to ensure compliance by the 2025 deadline? 38:03 - How does DORA interact with other EU regulations like NIS2, and what does this mean for US companies?40:18 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.
--------
43:18
Controls, Questionnaires, and Risks with Eric Hammersley
On this episode, we're expanding the show to talk about more than FedRAMP. But before we get to that, I want to mention: we're sitting in the same room in San Diego, in front of a live audience at HyperConnect 2024 , with our special guest Eric Hammersley of Nutanix, and we have some beers.
▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬
0:00 - Intro
0:35 - Beer background
3:57 - Frameworks / controls
14:25 - Contractual obligations
23:25 - Security questionnaires
31:45 - Risks
33:00 - Beer reviews
The Drafting Compliance series:
To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.
To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.
Canada - english