Matt Hillary

Join Matt Hillary, CISO at Drata and GRC expert, as he unpacks the disturbing rise of sextortion scams and the alarming hijacking of Ledger's Discord by phishers seeking cryptocurrency access. He shares insights on emotional vulnerabilities in such scams and provides practical advice for victims. The discussion also emphasizes the significance of governance, risk management, and compliance in building trust and navigating the complexities of modern security threats. Discover how proactive strategies in GRC can safeguard against evolving cyber risks!

Matt Hillary, CISO at Drata who runs IT, security, GRC and acts as “customer zero,” discusses AI and automation transforming compliance workflows. He describes AI-powered questionnaires that cut hours to minutes. Automation shifts audits from sampling to continuous, API-driven checks. He also explores how the CISO role is evolving into a chief trust officer focused on credibility and intentionality.

Matt Hillary, Chief Information Security Officer at Drata, explains how AI is speeding up compliance, automating GRC workflows, and changing trust management in enterprises. He discusses auto-filled questionnaires, the need for human verification, data isolation for safe AI, ongoing compliance instead of checkbox audits, and risks like shadow AI and bias.

Matt Hillary, Chief Information Security Officer at Drata, shares his expertise in governance, risk, and compliance. He discusses the evolution of GRC from spreadsheets to automated platforms, emphasizing compliance as code. Matt highlights leveraging AI for faster responses in compliance processes and the importance of effective risk management. He also touches on common pitfalls in GRC programs and the significance of mental health for cybersecurity leaders, underscoring the challenges and opportunities in today’s compliance landscape.

Cybersecurity leaders from Lacework and Drata discuss challenges of rapid incident reporting, collaboration in the industry, and emerging AI-related laws. They explore SEC breach notification regulations, cultural shifts towards automation, integration of AI in cybersecurity, managing intersecting regulations, and the partnership between security and privacy teams.