In this episode of Comply or Die, Robyn Ferreira and Ronan Grobler, Senior GRC Managers at Scytale, dive into the critical link between PCI DSS and DMARC and why it matters now more than ever.With PCI DSS v4.0 now requiring DMARC, protecting your customers’ payment data and your email domains is no longer optional, especially if you're in financial services or handling cardholder data.Falling behind could mean increased fraud risks, failed audits, and serious fines. But implementing these controls doesn’t have to be painful.Join Robyn and Ronan as they break down:
💌Get in Touch:Robyn Ferreira – / robyn-ferreira-29855b233 Ronan Grobler – / ronan-grobler-0b6391203 Podcast Manager: / shari-mayers-961860b2 Website: https://scytale.ai/scytale-podcasts/📱Join us on Social Media:⭐ LinkedIn: / scytale-ai ⭐ Twitter: https://x.com/scytale_ai⭐ Facebook: / scytalecomplianceautomation
In Part 2 of Kyle’s chat with Nick and Steve, they dive into how compliance has shifted over the years with cloud technologies and AI coming into play.
Similar to the early days of the internet - exciting, new, and unregulated - until things started to go wrong, and suddenly there was a need for rules to catch up with the fast pace of change.
From the challenges of businesses migrating data to the cloud, to the growing importance of AI frameworks like ISO 42001 and the EU AI Act, they cover it all. Make sure you’re keeping up!
🔍 Here’s What You’ll Learn:
✅The real challenges behind cloud data migration and how to keep costs in check.
✅How AI frameworks like ISO 42001 and the EU AI Act are shaking up compliance and vendor relationships.
✅ Why Zero Trust architecture and human factors are now at the heart of strong security compliance.
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guests: Nick (https://www.linkedin.com/in/nickbgibson/) & Steve (https://www.linkedin.com/in/steve-huffman-43a053193/)
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
We know the story all too well - sales tells you that your next customer won’t sign unless you have compliance in place, like yesterday. Your team’s under pressure to meet urgent customer requirements, but you have no clue where to start.
In this episode, Kyle, Steve, and Nick break down what to expect when your compliance journey is driven by sales pressure. They’ll walk you through how to set yourself up for success without overpromising, under-delivering, or compromising your sanity.
Whether it’s SOC 2, ISO, or some other framework you’ve never heard of before, tune in for some honest, practical advice on making compliance work for your business (without losing your mind in the process).
🔍 Here’s What You’ll Learn:
✅ How to balance sales urgency with proper compliance
✅ Why “compliance just for the audit” is a risky strategy
✅ How to avoid over-documentation and make smart, sustainable decisions upfront
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guests: Nick (https://www.linkedin.com/in/nickbgibson/) & Steve (https://www.linkedin.com/in/steve-huffman-43a053193/)
Podcast Manager:https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn:https://www.linkedin.com/company/scytale-ai/
⭐ Twitter:https://x.com/scytale_ai
⭐ Facebook:https://www.facebook.com/Scytalecomplianceautomation
SOC 2 compliance doesn’t exactly scream “fun,” but Charissa Kim, a Security Technical Program Manager at Semgrep and founder of Cyber Youth Tech, brings a refreshing perspective on making it engaging, relatable, and dare we say… fun? From giving out SOC 2 socks to creating TikTok-style security training videos, she’s redefining how startups approach security.
Shaped by interviews with over 50 engineers and her hands-on experience at a fast-growing startup, Charissa shares her thoughts on:
✅ Where SOC 2 feels outdated (and what today’s startups really need)
✅ Creative hacks to make compliance a little less boring
✅ Communicating security in a way that resonates with your Gen Z talent
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/charissakim/
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
In this episode of Comply or Die, Kyle sits down with Tracy Boyes, Scytale’s DPO and Data Protection & Privacy Attorney, to break down what DORA is and why it’s such a big deal right now.
If you’re in the financial sector, or a critical ICT service provider and a bank relies on your tool as a SaaS company, this episode is packed with insights for you. Tracy’s advice is practical, clear, and perfect for anyone trying to get their head around DORA.
🔍 Here’s What You’ll Learn:
✅ Why everyone in the financial sector is buzzing about DORA.
✅ A super simple breakdown of the regulation (no legal jargon, we promise!)
✅What the January 2025 compliance deadline means for your company - and what’s at stake if you miss it.
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/tracy-b-743009100
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
In this episode of Comply or Die, DevOps and compliance expert Yosef ‘Joe’ Harrow dives into where DevOps meets compliance. From his journey as a Linux enthusiast to becoming a DevSecOps engineer overseeing SOC 2 and PCI-DSS certifications, Joe brings a unique perspective on how DevOps practices intersect with and even enhance compliance efforts.
Joe shares how DevOps practices naturally reinforce compliance goals, with insights on making security a seamless part of development processes. Tune in to hear how DevOps can make compliance part of every team’s DNA!
🔍 Key Takeaways:
✅The challenges DevOps teams face when compliance requirements are suddenly dropped on them
✅How core principles like the CIA Triad - Confidentiality, Integrity, and Availability - are essential to both fields
✅How tools like CI/CD and GitOps support compliance
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/yosefrow/
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
"Don’t use a chainsaw if you can’t swing an ax." That’s how Michael Greenberg, CEO & Founder of Third Brain Automation, sums up the challenges businesses face when trying to scale with AI. From paperwork-heavy processes to fully automated processes, Michael breaks down the five stages that set the foundation for successful AI deployment. Most businesses struggle to reach the level where AI can truly thrive due to outdated tools or compliance issues with vendors. Michael reminds us that fully AI-operated processes only work if your current processes are solid to begin with. Tune in!
🔍 Key Takeaways:
✅Solid Processes First: AI only works if your current processes are strong.
✅Five Stages to AI: Michael shares the steps to go from totally manual to totally automated.
✅Vendor Compliance Matters: scaling with AI fails without compliant vendors.
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/gentoftech/
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
In this episode, Kyle Morris sits down with Greg, a biochemist-academic turned Account Executive at Scytale, to dive into his unique path into sales and all things data security compliance.
They explore the nuances of the compliance sales process, the common challenges Greg’s prospects face in compliance, and the regional differences in compliance frameworks. Greg shares his insights into educating prospects about the true value of compliance and also shares a glimpse into his daily routine and what it takes to succeed in this unique sales environment.
🔍 What You'll Learn:
✅The role of education in the compliance sales process
✅Misconceptions and timing challenges in compliance certifications
✅Navigating different compliance frameworks across regions
✅The daily grind of a Scytale Account Executive
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/gregorykotze/
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
In this episode of Comply or Die, Kyle Morris, Senior Compliance Success Manager at Scytale, sits down with Kabir Mathur, CEO and Founder of Leen, to discuss the topic of API security.
Kabir shares startup Leen’s journey and the importance of APIs in the cybersecurity space. Kabir talks about the need for security-first practices when building and using APIs, and highlights the value of a unified API for security data.
🔍 What You'll Learn:
✅Leen’s pivotal moments that shaped them into the business they are today
✅The role APIs play in enabling automation and data correlation in the security industry
✅Security-first practices essential for building APIs to ensure data security and privacy
✅The benefits of a unified API for security data
💌Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Guest: https://www.linkedin.com/in/mathurkabir/
Podcast Manager: https://www.linkedin.com/in/lauren-blanc/
Website: https://scytale.ai/scytale-podcasts/
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
Join Kyle Morris, Senior Compliance Success Manager at Scytale, as he gives a breakdown of the dramatic events surrounding CrowdStrike's recent security crisis.
In this episode, Kyle breaks down the intricate details of what went wrong, why it happened, and what it means for the broader world of data security.
Takeaways:
✅The key factors that led to the CrowdStrike incident
✅Insights into how similar incidents can be prevented
✅Lessons learned for businesses and compliance professionals
📱Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai/
⭐ Twitter: https://x.com/i/flow/login?redirect_after_login=%2Fscytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
Alon Zlatkin, CEO and co-founder of DOTS, discusses the journey of building a startup and the importance of trust and credibility in the industry.
DOTS aims to revolutionize remote work expertise in asset management, logistics, and procurement. Alon shares his experience as a serial entrepreneur and the challenges of running a company while being a CEO and co-founder.
He also highlights the significance of SOC 2 compliance and the role it plays in building trust with clients. The conversation concludes with a discussion on the upcoming features of DOTS and Alon's passion for working with talented individuals and creating a product that clients love to use.
Takeaways
Chapters
00:00 Introduction to Alon Zlatkin and DOTS
06:29 The Evolution of DOTS' Business Model
10:36 Building a Strong Team in a Startup Space
23:22 Passion for Working with Talented Individuals
Links & Additional Resources:
SOC 2 Crash Course: https://scytale.ai/free-soc2-training/
Need to get compliant, but don't know where to start? https://scytale.ai/resources/startups-need-to-get-compliant-but-dont-know-where-to-start/
Join us on Social Media:
⭐ LinkedIn: https://www.linkedin.com/company/comply-or-die-podcast/
In this episode, Kyle interviews Nik and Beni, penetration testers, about the world of penetration testing. They discuss their backgrounds, the role of psychology in pen testing, and the use of AI in the field. They also explain the typical day of a pen tester and the methodology they follow during a pen test. Managing a pen testing team requires attention to detail and understanding the unique personalities and skills of each team member.
Takeaways
Join us on Social Media:
Join Kyle and Tracy as they dive deep into GPDR head first. This episode explores Tracy's journey into data privacy, the challenges of GDPR compliance, technological advances and their impact on data privacy, and intriguing insights into jurisdictions facing emerging privacy laws.
Tracy provides insights into GDPR being principle-based legislation, its flexibility, and addresses the extraterritorial reach of GDPR for companies that collected data pre-GDPR era.
Key Takeaways:
GDPR compliance depends on the type of data processed and the intrusiveness of the application, stressing the principle-based nature of GDPR that allows room for interpretation & flexibility.
Privacy by design: This concept is an effective approach to integrating privacy considerations from the start of projects, albeit requiring a tricky balance between speed & GDPR compliance.
The emerging EU AI Privacy Act and its challenge with AI models requiring large volumes of personal data were explored.
The power of anonymizing data
Links & Additional Resources:
Tracy’s Webinar on GDPR: https://youtu.be/cU91L7HZC9Y
Blog: How to create a GDPR Data Protection Policy https://scytale.ai/resources/gdpr-data-protection-policy/
Resource on EU AI Privacy Act: https://scytale.ai/resources/breaking-down-the-eus-ai-act-the-first-regulation-on-ai/
Remember, GDPR compliance may seem daunting at first but like Tracy says, it's more like physical exercise. Once you are on board, it's more of a routine than a chore!
Join us on Social Media
⭐ LinkedIn: https://www.linkedin.com/company/scytale-ai
⭐ Twitter: https://twitter.com/scytale_ai
⭐ Facebook: https://www.facebook.com/Scytalecomplianceautomation
In this episode of Comply or Die, host Kyle Morris interviews guest Raymond Cheng, a seasoned professional with over 10 years of experience in cybersecurity and compliance.
Raymond shares insights from his extensive career, working with Big Four accounting firms, global tech giants like Google and Salesforce, and his current venture, Decrypt Compliance.
The conversation covers the evolution of security compliance, the importance of balancing business goals with compliance, the role of auditors, and valuable tips for navigating audits successfully.
Topics discussed:
- Raymond Cheng's diverse career journey in cybersecurity and compliance, from Big Four firms to global tech companies like Google and Salesforce.
- The importance of balancing business objectives with security compliance and the significance of strong communication and understanding in compliance management.
- The founding of Decrypt Compliance by Raymond Cheng to address the evolving needs of companies in the security compliance landscape.
- Insights into the changing IT landscape over the years, particularly the impact of cloud computing on security compliance frameworks.
- Dos and don'ts for organizations preparing for audits, including the significance of seeking expertise, understanding compliance as a programmatic process and maintaining open communication with auditors.
- Raymond Cheng's advice on what organizations should ensure and avoid when entering a compliance framework or preparing for an audit, emphasizes the importance of integrating security considerations, risk assessments, training, and feedback loops.
Key takeaways and lessons:
- Security compliance should not be seen as a one-time project but as an ongoing program that requires continuous assessment and improvement.
- Organizations should prioritize top-down commitment to security, integrate security considerations across policies and procedures, conduct regular risk assessments, and invest in training and competency checks for employees.
- Incorporating feedback loops through internal and external audits, penetration testing, and comparison with industry frameworks can help organizations identify gaps and enhance their security measures.
- When preparing for audits, organizations should avoid attempting to navigate compliance alone, understand the dynamic nature of compliance frameworks, and engage in open dialogue with auditors to maximize the value of the audit process.
- Compliance is not just about meeting requirements but aligning security practices with business objectives and customer expectations to build trust and enhance brand reputation.
Connect with Raymond Cheng: LinkedIn: https://www.linkedin.com/in/raymondvcheng/Decrypt Compliance: https://decrypt.cpa/
Get in Touch:
Host - Kyle Morris: https://www.linkedin.com/in/morribiscuit/
Podcast Manager: https://www.linkedin.com/in/ilona-van-der-berg-b9055189/Website: https://scytale.ai/scytale-podcasts/
⭐️⭐️⭐️⭐️⭐️
Rate & follow this show, it helps others find the podcast!
Host Kyle Morris and guest Tali Simhayev discuss the compliance and audit world, debunking misconceptions, the impact of technology, and the importance of personal relationships in the auditing process.
Tali shares her insights as an IT consultant and auditor, emphasizing the collaborative nature of the audit process and the positive impact of technology on efficiency. Key takeaways: ✅ The audit process is often perceived as terrifying, but Tali emphasizes the importance of collaboration and cooperation between auditors and clients. ✅ Tali shares her career insights, emphasizing the importance of building connections with clients and continuously learning in the compliance and audit field. ✅ Technology has significantly transformed the audit process, making it more efficient and streamlined. Platforms and tools have centralized the process, making evidence-gathering and audits quicker and more effective. ✅ Automation and integration of machine learning and AI tools have further enhanced the audit process, reducing manual efforts and streamlining data gathering.
Connect with Tali Simhayev
LinkedIn: https://www.linkedin.com/in/tali-simhayev-942a93208/
Get in Touch:
Host: https://www.linkedin.com/in/morribiscuit/
Podcast Manager: https://www.linkedin.com/in/ilona-van-der-berg-b9055189/
Website: https://scytale.ai/scytale-podcasts/
⭐️⭐️⭐️⭐️⭐️
Rate & follow the show on Spotify or Apple Podcasts, it helps others find the podcast!
In this episode, we have a special guest, Baruch Oxman, the CTO and co-founder of Honeydew. Baruch has over 20 years of experience in engineering and architecture leadership, particularly with startup companies, and has played a key role in the success of ventures like Beehive Networks and Implicit.
Honeydew, Baruch's current passion project in 2022, addresses the challenge of maintaining consistency in data analysis across organizations, especially with the rise of platforms like Snowflake. The goal is to create a single source of truth for business logic, ensuring consistent calculations and interpretations of data.
Baruch shares his insights on the intersection of AI and compliance, emphasizing the potential for automation in tasks like document preparation and policy generation. However, he highlights the importance of human verification, noting that experts should review AI-generated results before deployment.
Reflecting on Honeydew's compliance journey, Baruch mentions engaging with Scytale for SOC 2 compliance. He outlines the two-phase approach, starting with SOC 2 Type 1 and then progressing to Type 2. Baruch expresses his satisfaction with the process and credits Scytale’s platform and dedicated advisor, Ronan Grobler, for streamlining the compliance journey.
In terms of business enablement, Baruch notes that SOC 2 compliance has been a significant advantage, facilitating conversations with prospects and eliminating the need for extensive security questionnaires.
Baruch shares advice for startups embarking on the compliance journey, emphasizing the importance of starting early and leveraging a platform like Scytale for a smoother process.
Overall, this podcast episode provides valuable insights into the world of compliance, AI, and the journey of a tech startup in the modern landscape.
The spotlight is on Moshe Ferber, a compliance and security expert, as he shares his wealth of knowledge with host Kyle Morris. The conversation takes a deep dive into the intricacies of cloud security, with Moshe offering practical guidance on implementing cloud strategies tailored to specific service models—be it Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS).
Moshe shares his insights into how companies can navigate the complexities of the cloud, drawing attention to the distinctions between these service models and the associated security considerations.
He highlights the importance of understanding the shared responsibility model, a key aspect of cloud security, where both the cloud provider and the customer have defined security roles.
Furthermore, the conversation touches on the role of major cloud vendors in the landscape, emphasizing the significance of choosing the right partners, especially in the case of Software as a Service.
Moshe underscores the relevance of compliance in evaluating potential SaaS providers, as it can serve as an indicator of their understanding of the business and industry-specific requirements.
The episode also delves into the evolving landscape of cybersecurity threats and cybercrimes in the context of cloud adoption.
While acknowledging the myriad of potential threats, Moshe emphasizes that real-world attacks often align with a relatively narrow set of attack vectors.
In essence, this podcast provides valuable insights into crafting a tailored security strategy for cloud adoption, with a strong focus on IaaS, PaaS, and SaaS, and the imperative role of cloud vendors in this journey.
An industry leader with over 25 years of experience in the technology industry, starting his career in Bangalore, India, soon moving to the UK for a couple of years, before moving on to California, US, where we have resided for the past 20 years, he’s worked in 3 continents helping full-proof Fortune 100 companies and get them safe and secure. From legacy systems to full-fledged automation systems, he’s seen it all. Our guest today is Vasanth Madhure.
From starting out in the 90s, security didn't seem like a big thing to him, with the development across business and digitization, technology being everywhere, and with that came the risk of security.
He didn’t look to go into security compliance, but he got drawn in by being an honest and straight up guy who likes to conform with all the laws and regulations.
He speaks of compliance and not being an option but being a mandatory requirement, if you're not complying, your business more than likely will not survive as a company.
Not only just being compliant, but constantly adapting to ever-evolving changes in the world and regulatory landscape, Vasanth details that we need to stay abreast of changes that happen and respond with policies, controls, and certifications that keep us safe and secure. Security compliance is a business enabler and has to be at the forefront of any organization's journey.
Here’s Vasanth view on challenges and solutions that can help organizations get and stay compliant.
Without executives supporting the security compliance effort, security teams can make much headway into their initiatives – it has to be all hands on deck.
Availability of security professionals available in the company, for example, if the product team is doing the compliance efforts, it becomes difficult as that is not their part of their core skills.
How do companies purse which compliance framework is relevant and who can help guide them through their roadmap.
So much work has to be done manually, unless you have an unlimited amount of resources, automation has to be a key part of your approach.
This episode is all about technology and understanding what controls are best to implement to combat risk and ensure security compliance – bottom line, stay relevant and up to date on security.
He’s a real life superhero that connects to a machine on the other side of the world to do the right thing and help businesses fight off threats, exploits, and hackers trying to do the wrong thing and cause disruptions in all types of businesses.
With a background in hacking, he initially started out being a real life superhero after he got hacked playing an Xbox game by Lizard Squad, after joining a company to be an ethical hacker for multiple Fortune 500 companies, this led him to being frustrated with the reactive nature of cybersecurity and penetration testing.
With many companies spending millions on threats long after they already existed. You need to be able to create an approach where you can action before an attack.
Alex takes us on a journey to understand where compliance and hacking sync, and how vulnerability management and penetration tests already are part of requirements for certain compliance frameworks.
We take a look at AI and its use both offensively and defensively and how companies need to ensure they have policies and procedures in place to mitigate these ever-evolving threats.
This new age of pentesting has allowed Alex and Red Sentry to establish themselves as a new leader in the market, providing traditional tests at speeds and costs never seen before.
This new take on the pentesting process has allowed Red Sentry to establish itself as a new leader in the pentesting market, providing traditional pentests at a speed and cost never before seen in this space.
From reading a book about cloud security after his deployment at a naval base in Naples to becoming the Senior Vice President and CISO for Oracle SaaS Cloud Security, our guest today, David Cross, unpacks traveling technology and how to best tackle compliance in 2023.
He’s traveled 69 countries and intends to travel to many more; he relates it to compliance, understanding the world, and it’s different cultures, just like you need to understand what your organization needs, and how you need to adapt and navigate your business forward.
When it comes to security compliance, he believes communication is critical, it’s the only way to create successful teams, and ensure your organization can stay compliant and secure.
“The thing with security compliance and single source of truth is that music beat that people can align to, when there’s ambiguity, uncertainty and confusion, you always want to have a pillar in a source of truth” - David Cross
From running races to ensuring audit requirements are met, David Cross believes in ensuring you’re always ready to fight, you have your framework principles in place, and it’s not a last minute rush on the eve of the audit, because you’re preparing year round so when you actually have the audit, all things are covered.
