Drafting Compliance

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts126/v4/39/90/8b/39908ba2-dbb8-d94b-3cd8-b188504ad57c/mza_10565033197648417065.png/600x600bb.jpg

Drafting Compliance

Hyperproof

44 episodes

6 days ago

To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

Show more...

All content for Drafting Compliance is the property of Hyperproof and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

Show more...

Episodes (20/44)

Drafting Compliance

FedRAMP Readiness: Lessons for SaaS & Growing Enterprises

FedRAMP compliance is one of the toughest challenges facing SaaS companies working with the federal government, and in this episode we explore the most common readiness gaps, misconceptions, and cultural shifts organizations must overcome to succeed. Drawing from extensive experience advising technology companies, we discuss why small SaaS firms often struggle with operational maturity, why FedRAMP compliance timelines frequently extend far beyond initial expectations, and how federal updates such as FedRAMP 20x and NIST 800-171 adoption are reshaping requirements across the supply chain. We cover strategies for managing executive accountability, building sustainable compliance programs, preventing compliance drift, and avoiding costly project delays. Whether you are a startup or a large enterprise seeking FedRAMP authorization, this conversation offers practical insights into achieving and maintaining compliance while adapting to evolving federal requirements.▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Introduction0:18 - Beer3:20 - Pre-C3PAO Readiness Challenges for Small SaaS Companies21:45 - FedRAMP Timeline and Project Management Failures25:10 - Management Accountability and Program Ownership29:40 - Maintaining Long-term Compliance and FCA Risk Management36:00 - Beer Reviews

2 months ago

40 minutes 39 seconds

Drafting Compliance

CCPA live from HyperConnect 2025

Join Kayne and Tom live from San Diego, CA, home of the CCPA, as they sit down with Rob Carson, Founder and CEO of Semper Sec, to unpack what the California Consumer Privacy Act (CCPA) really means for businesses, even outside the Golden State. From Article 9's evolving cybersecurity audit requirements to the tension between ISO standards and California’s growing preference for NIST CSF 2.0, this episode dives deep into what compliance professionals need to know now, and how to prepare before deadlines hit in 2028. Plus, we're cracking open some beers and talking shop: privacy audits, regulatory agility, framework conflicts, and how companies can avoid audit fatigue while still staying secure. Whether you're a CISO, risk pro, or compliance nerd, this is the practical, unfiltered discussion you've been waiting for.

3 months ago

47 minutes 5 seconds

Drafting Compliance

Auditing: AI and the Future

Kayne and Tom talk about an article on the future of auditing with consideration for AI and it’s uses. Along the way, they uncover where organizations should be considering strategic shifts around AI and where they need to exercise caution. Of course we all get to enjoy another face of disgust from an otherwise truly enjoyable beer.

Reference documents: https://hyperproof.io/resource/the-future-of-auditing-2025/

Beer: Cadence (Belgian-Style Ale) by Reformation Brewery

▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro

0:16 - Beer background

4:05 - We’re facing new regulatory requirements like NIS2 and DORA in the EU, along with potential state-by-state regulations in the US, and the challenges of FedRAMP. How should companies be adjusting audit readiness strategies to handle this increasing complexity?

10:45 - Something that I mentioned in the article was that in our IT benchmark survey, we found that 59% of organizations now test all controls rather than just the most important ones. What's your perspective on this shift, and have we made similar changes?

14:45 - How has the integration of AI and cloud technology changed your thinking about auditing and compliance in the past year?

20:30 - What role do you see for external consultants in the audit preparation process?

26:15 - How are we handling the challenge of managing multiple audits simultaneously while avoiding duplication of work across departments?

28:55 - What specific inefficiencies have we identified in our current audit processes, and which technologies have been most helpful in addressing them?

33:40 - The article emphasizes the value of continuous controls monitoring. What measurable benefits have you seen from implementing real-time monitoring of your controls?

39:18 - Beer reviews

6 months ago

43 minutes 2 seconds

Drafting Compliance

How to handle Data Privacy for AI with Dustin Wilcox

Kayne and Tom talk about AI and regulatory consequences with a Special guest, and Tom’s brother, Dustin Wilcox, a Fortune 20 CISO with a Global Healthcare company. They knock back a delicious Porter beer and uncover the secrets of AI and regulatory management. A blockbuster of a good time.▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:28 - Beer background 4:40 - The balance between AI usage and privacy laws9:10 - Deepseek and data breaches15:30 - How do the “right to be forgotten” provisions under GDPR and CCPA impact the development and deployment of AI systems?22:00 - What are the potential risks and implications for organizations if they fail to identify users interacting with their AI systems in the context of GDPR and CCPA compliance?25:18 - What are the potential security and privacy risks associated with deploying a GPT LLM using proprietary data without a centralized IT team managing access controls?35:30 - Can you share best practices for ensuring AI systems are designed to respect user privacy rights?46:05 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

8 months ago

49 minutes 14 seconds

Drafting Compliance

Risk Assessment with Adam Brennick

Kayne and Tom talk with Adam Brennick, Director of Security, Risk, and Compliance at Cockroach Labs. Adam dives into the risk assessment process and some of the best practices for building and maturing the risk management lifecycle. Kayne has a surprising score for the beer today and it is marked for future celebrations.

Beer: No-Li Squatch Pirate Juicy Haze IPA Reference Documents: https://hyperproof.io/resource/iso-27001-statement-of-applicability/ https://hyperproof.io/iso-27001/ https://youtu.be/PdYu6_m42Ek ▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:23 - Beer background 4:40 - Intro Questions 9:40 - Risk Assessment Supporting Compliance Audits 17:00 - Engaging Business Owners in Risk Management 23:45 - Risk Treatment and Risk Acceptance Education 31:55 - Strengthening Trust in Compliance Reports 37:40 - Compliance Reports and Go-to-Market Strategy 42:30 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

9 months ago

46 minutes 5 seconds

Drafting Compliance

Kayne and Tom talk about DORA and its applicability. Learn where DORA applies, how you may need to be concerned about DORA even if you think you don’t and why DORA is causing confusion in US companies. Kayne and Tom try an unusual option to drink and we come close on the scoring. Reference Documents: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R2554 https://hyperproof.io/resource/comprehensive-guide-dora/

Beer: Excelsior Imperial Apple by Schilling Cider House ▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:17 - Beer background 3:39 - What is DORA? 4:10 - Does DORA affect US-based businesses? 6:53 - Why are US-based businesses confused about DORA? 9:43 - What are the key compliance requirements under DORA? 17:40 - How should US companies prepare for DORA's resilience testing requirements? 21:00 - Does DORA pose unique challenges compared to existing US cybersecurity regulations? 25:50 - Does DORA affect third-party risk management? 34:44 - What steps should US companies take to ensure compliance by the 2025 deadline? 38:03 - How does DORA interact with other EU regulations like NIS2, and what does this mean for US companies? 40:18 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

11 months ago

43 minutes 18 seconds

Drafting Compliance

Controls, Questionnaires, and Risks with Eric Hammersley

On this episode, we're expanding the show to talk about more than FedRAMP. But before we get to that, I want to mention: we're sitting in the same room in San Diego, in front of a live audience at HyperConnect 2024 , with our special guest Eric Hammersley of Nutanix, and we have some beers.

▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:35 - Beer background 3:57 - Frameworks / controls 14:25 - Contractual obligations 23:25 - Security questionnaires 31:45 - Risks 33:00 - Beer reviews

The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

11 months ago

40 minutes 39 seconds

Drafting Compliance

Frameworks and Auditors with Lisa Hall

Kayne and Tom talk with Lisa Hall, CISO at Safebase. Recorded from Austin, Texas, they try a flight of local beer! They also take time to discuss Lisa's FedRAMP journey, talking with auditors, and the implications of the CrowdStrike disaster. ▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:55 - Beer background 7:00 - Implementing FedRAMP at a Company with an Agency Sponsor 13:07 - Comparing FedRAMP with Other Cybersecurity Frameworks 18:50 - How Frameworks Should Demonstrate Existing Practices 23:51 - Being Comfortable with Controls When Talking to Auditors 29:11 - July 2024 CrowdStrike IT Disaster and Its Implications 33:00 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

1 year ago

38 minutes 55 seconds

Drafting Compliance

FedRAMP Moderate with Alexander Neff

Kayne and Tom talk with Alexander Neff, Lecturer at ASU and Senior Director of InfoSec at Faro Health. Great conversation was had on both Alexander’s FedRAMP experience and his beer choice. Come see Kayne’s highest rated beer!

Beer: Lindemans Framboise Reference documents: https://www.fedramp.gov/documents-templates/ The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

1 year ago

37 minutes 3 seconds

Drafting Compliance

Victoria Southall on FedRAMP Compliance and ATO

Kayne and Tom talk with Victoria Southall, the Director of Cybersecurity, Governance, Risk, and Compliance (GRC) at Everfox. Kayne learns the art of double fisting… or should I say triple fisting, as we try 3 beers in this episode. Results vary, but as always, the tasting brings out the best in Kayne’s facial expressions.

Beer: Shock Top Brewing Co. Shock Top, Samuel Adams Summer Ale, Blue Moon Brewing, Blue Moon Belgian White Reference documents: https://www.fedramp.gov/documents-templates/

The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

1 year ago

37 minutes 51 seconds

Drafting Compliance

FedRAMP with Eric Holtzclaw

Kayne and Tom talk with Eric Holtzclaw, Field CISO, with Blackcat Security. Eric shepherded the first company through FedRAMP Tailored Li-SaaS. We learn how the very first effort went, and what Eric learned along the way. Dare we say, Eric was a Guinea Pig for the FedRAMP. Of course, we subject Kayne to new beer, and fun was had!

Reference documents:

https://www.fedramp.gov/documents-templates/

Beer: Stella Artois, Liberte

The Drafting Compliance series:

To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

1 year ago

32 minutes 40 seconds

Drafting Compliance

3PAOs and FedRAMP with James Leach

Kayne and Tom talk with James Leach, A Principal with Fortreum, a 3PAO. James pulls the covers back on the role 3PAOs plays in the FedRAMP journey. From advice, then assessment and working with the larger FedRAMP ecosystem, James helps us understand where 3PAOs provide value. We try New Belgium, Fat Tire and stand back and watch Kayne react. Good Times!

1 year ago

40 minutes 6 seconds

Drafting Compliance

FedRAMP with Matthew Feldman

Special Guest Matthew Feldman joins Kayne and Tom to pull the curtain back on his FedRAMP experiences. Matthew has a wealth of experience and understands the nuances of FedRAMP. Mathew helps understand the importance of best practice when looking through the lens of compliance. Of course, as always, we have beer to review and Kayne has a reaction. Come see the fun!

1 year ago

47 minutes 1 second

Drafting Compliance

FedRAMP Project Update

Tom provides an update on the status of the Hyperproof FedRAMP project. Along the way, Kayne uncovers some of the challenges associated with the project and suggests solutions for others going through the same process. And straight out of left field, Kayne actually likes a beer more than Tom. Come find out what caused this seismic disturbance in the force.

1 year ago

25 minutes 22 seconds

Drafting Compliance

Tom and Kayne uncover the intricacies of the Planning family of requirements in FedRAMP Moderate. Learn about the SSP, Rules of Behavior and Architecture in the planning process. Also, of course, learn about Cigar City Brewing’s Jai Alai IPA, one of Tom’s favorites and Kayne’s… well Kayne is Kayne.

1 year ago

20 minutes 51 seconds

Drafting Compliance

Audit and Accountability

Come and see how Boulevard Brewing rebounds after a poor showing and shines with its Tank 7 American Saison beer. Kayne and Tom talk about the Audit and Accountability family of controls in FedRAMP Moderate. Learn the challenges and technologies leveraged to cope with the many requirements. Maybe you will also learn a little about Saison beer!

1 year ago

28 minutes 43 seconds

Drafting Compliance

Risk Assessment

Kayne and Tom choke down the very sweet and sticky Boulevard Brewing Co.’s Cinnamon Bun Ale. Along the way they discuss the intricacies of the Risk Assessment family of FedRAMP controls and what challenges it might present. The episode ends with a surprising agreement on the beer and equally surprising desire to cleanse the palate.

1 year ago

31 minutes 14 seconds

Drafting Compliance

System and Services Acquisition

Kayne and Tom uncover the nuance of the System and Services Acquisition family of FedRAMP controls. Tune in to hear how FedRAMP has matured how organizations should think about supply chain providers. Tom has a definitive belief on how this family of controls will evolve over time. Of course, a tasty beer is enjoyed by Tom, but you will need to watch to the end to see Kayne’s take on Fresh Squeezed IPA.

1 year ago

26 minutes 59 seconds

Drafting Compliance

System and Information Integrity

Kayne and Tom dive into the System and Information Integrity family of FedRAMP Moderate controls. Find out what challenges Hyperproof has faced with this family of controls and learn some tips to help you in your own FedRAMP journey. A clear outlier shows up in this show’s beer reviews, tune in and hear for yourself.

1 year ago

30 minutes 12 seconds

Drafting Compliance

ATO Process with Michael Chaoui

Kayne and Tom are joined by special guest Michael Chaoui, the Founder of Atlas One Security. Michael pulls the covers back on some of the challenges of companies going through the ATO process. We also discuss recent legislation and draft memos intended to modernize the FedRAMP process, all while enjoying one of Michael’s favorite stout beers.

1 year ago

37 minutes 52 seconds