Innovation in Compliance with Tom Fox

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 2, we consider the importance of targeted training Kevin McCoy.In this episode, Tom sits down with Kevin McCoy, a customer success manager at Diligent, to talk about the importance of targeted training in compliance. They dive into the importance of engaging employees through microlearning and Diligent’s unique use of cartoon-animated videos to make the content accessible to different audiences. They also discuss the significance of translating the training into different languages and tailoring it to specific risk areas for different teams. The podcast emphasizes that training leadership and the board in compliance is crucial, and they touch on risk-based training for individuals with a significant impact on the company’s financials. This episode is a must-listen if you want to discover the best strategies for planning and analyzing training to achieve desired outcomes and where to find more information about Diligent training solutions. Join them for the next episode on training effectiveness and improving compliance today.Key Highlights: Targeted Training in Compliance & Ethics Effective and Targeted Training Translation Training and Leadership in High-Risk Industries Effective Training Planning and Execution Notable Quotes“It’s very important then to have your content translated into different languages.”“There’s a lot of progress has been made over the years with machine translation and also AI is getting very popular, but we still use human-based translators.”“But within the board or within leadership within the company, he was almost untouchable. It was like he built up fear in the organization, and people were actually afraid to ask questions.”“The really important thing is to have versatile different types of training.”For more information, go to Diligent.com.Join us in our next episode, where we define the effectiveness of compliance training.

In this rapidly evolving digital world, identity is at the heart of our personal and professional lives. On this week's episode of Innovation In Compliance, Tom Fox and guest Paul Trulove, CEO of SecureAuth, explores the world of digital commerce, specifically delving into the realms of authentication and access management. Paul shares his insights on the evolution of the identity and access management space, the role of authentication in our daily lives, and the Zero Trust Initiative.Paul Trulove is an expert in the identity and access management space, with an illustrious career spanning over 15 years. In his early career, he joined the startup SailPoint Technologies, where he helped the company evolve into a leading figure in identity governance and administration. Paul has seen and contributed to the changes within the industry up to this point where identity risk management has become a core element of our digital lives. Currently, as the CEO of SecureAuth, he oversees the company's focus on authentication and access management.You’ll hear Tom and Paul discuss: Paul describes what authentication and access management entails and how it impacts our daily digital interactions. SecureAuth is revolutionizing the authentication landscape, focusing on passwordless authentication and multi factor authentication to enhance security and reduce friction for end-users. Continuous authentication is a new approach that significantly reduces the friction that a user experiences during authentication and offers varied authentication methods based on the level of risk. Tom and Paul discuss the Zero Trust Initiative. This paradigm shift in security is based on the principle of trusting no one and verifying everyone, which has led to identity and access management becoming central to a zero-trust mindset. Next generation authentication will lean heavily towards the principles of zero trust, passwordless authentication, and continuous authentication, Paul says. He predicts that the use of artificial intelligence and machine learning will greatly advance authentication processes, helping process more data in real time and make better decisions regarding access. Paul suggests that authentication and access management has a large role in helping organizations comply with GDPR and other privacy requirements. He views GDPR as a necessary step rather than a barrier to doing business in the EU, emphasizing that protecting consumer data is an essential cost of doing business. Companies need to carefully consider their data collection, protection, and usage practices to maintain consumer trust and comply with regulations. KEY QUOTES:“Authentication and access management is a core discipline on how we let people get access to the things that they need access to in applications, data, repositories, platforms, infrastructure. Really you use authentication probably 10, 15, 20 times a day as you log into various systems... Everything that we do in our digital lives today is kind of bound by authentication. It is just a validation of who I am as a person and what I'm supposed to have access to on the back end." - Paul Trulove"Next generation authentication is going to continue to bind to that zero trust mindset of no longer implicitly trusting someone who says they are who they say they are. We're going back to a model that says every single time you interact with a digital asset, I want to have a high level of assurance you are who you say you are." - Paul Trulove"But between now and 2030, people are going to have to plan ahead for what kinds of data they are collecting, how they're collecting it, and ultimately how they're protecting it and utilizing that. Otherwise they are going to run afoul of not just regulations, but maybe consumer trust. " - Paul TruloveResources:Paul Trulove on LinkedInSecureAuth

Get ready to learn about Building a Stronger Culture of Compliance Through Targeted and Effective in a 5 part podcast post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 1, we consider the importance of ongoing communications with Kunal Agrawal.In this episode, Tom Fox visits Kunal Agrawal, the Director of Customer Success at Diligent, about the importance of ongoing communications. Kunal shares his extensive background in technology and customer success and explains how his team helps customers with their day-to-day challenges. The podcast focuses on the significance of ongoing communication in compliance, and Kunal stresses the importance of maintaining a consistent cadence in communication to keep the momentum going. The podcast speakers discuss the use of humor in communication and how it differs based on cultural differences. They also emphasize the importance of understanding guidelines to prevent the compromise of sensitive information. This podcast is packed with valuable insights that will help you improve compliance in your organization. To listen to the full episode, head over to diligent.com!Key Highlights: The importance of communication cadence in compliance Importance of Communication Cadence Effective Communications for Compliance Professionals Compliance with Sensitive Information Notable Quotes:“But you take a little bit different approach, and you help clients think about the ongoing part of ongoing communications. And frankly, I’ve never met anyone who talked about that approach.”“I think having a certain workflow and, as you said, a cadence is equally important. The number one priority is your annual training, which is extremely important, and you need to do it.”“If there is a pattern to a cadence, then people know what to expect and when.”“If something goes wrong and if any single person in the organization doesn’t understand the guidelines, and in the processes around this, it can reveal compensation data or even health care data and compromise so much information in the world, which can land into hands of the people you don’t want them to get access to.”For more information go to Diligent.com.Join us in our next episode where we consider the value of targeted training. 

Leadership is not about position, but perspective. On this episode of Innovation In Compliance with Tom Fox, guest Zoe Routh shares how her deep connection with the wilderness informs her leadership principles and the importance of shared experiences and real interactions. She and Tom delve into her central belief that perspective is power, how to cultivate an explorer mindset, and the importance of adaptability in a rapidly changing world.Zoe Routh is a leadership development expert based in Australia. Her career began in the great outdoors, leading canoe trips at a summer camp in Canada, where she discovered her passion for understanding human dynamics in a wilderness setting. This led her to Outward Bound Australia, where she spent nine years honing her leadership and personal development skills. For more than 35 years, Zoe has been working in this field, folding her love for wilderness adventure into her leadership programs. She is the author of multiple books and is dedicated to examining the future of leadership and how we can best prepare for what's next.You’ll hear Tom and Zoe talk about: The powerful impact of an “explorer mindset" on individuals, teams, and organizations. Zoe encourages actively seeking new inputs and different perspectives. The significance of mapping in leadership: you can use personal maps to understand individual behavior preferences, team maps to appreciate collective dynamics, and idea maps to chart out problems and possibilities. Experiences in the outdoors can foster authentic communication, real connections, and contribute to a heightened leadership consciousness. Adapting involves adopting new behaviors, ideas, and beliefs to meet future challenges. Zoe remarks that it’s important to shift from constantly being in disaster recovery mode to being proactive and adapting to potential changes. This includes anticipatory thinking and developing the skills to better prepare for the future. By seeing challenges and opportunities from multiple perspectives, we can avoid a tunnel vision approach to problem-solving and goal pursuit. Using a root cause analysis as part of leadership training can teach leaders to dig into the causes of a problem and find opportunities for change within an organization, by tracing effects, identifying causes, and suggesting interventions. Zoe explains the use of tools such as Values Mapping to understand the diversity, complexity, and maturity of values within a team, and the Culture Compass to determine the behaviors that are acceptable and those that aren't in a team dynamic.  Zoe discussed her new book, The Olympus Project, which is a near-future science fiction book set in a climate ravaged environment. The central concept of the book revolves around a new industry of "world designers" who create human environments to contend with the changing climate. It explores larger themes of leadership and community building in a challenging environment and looks at how we can create environments and systems to facilitate leadership development and community harmony. KEY QUOTES:“One of the things that I believe very strongly that we need to embrace is that perspective is power in leadership. What I mean by that is when we see more, we can lead better." - Zoe Routh"Adapting is about adopting new behaviors, new ideas, new values and beliefs so that we can better meet what's coming for us on the horizon." - Zoe Routh"So between those two things, the Values Mapping and the Culture Compass, we have a way of doing things that will help advance our goals and our mission while keeping the people safe, intact and productive and healthy and happy at work. And that's really what we want, right? We spend so much time at work, it's so important that we feel happy and safe and that we enjoy what we're doing." - Zoe RouthResources:Zoe Routh on the Web | LinkedIn | Twitter | Facebook | InstagramZoe Routh Leadership Podcast | The Olympus Project | People Stuff 

Exploring the most intriguing minds and their stories can motivate us. In this episode of Innovation In Compliance, host Tom Fox talks with Eli Marcus, a fellow member of the C-Suite Network and a prominent figure in the self-help sector. They delve into Marcus's career, his transition from the world's largest seminar company owner to a celebrated podcaster, and his unending quest for knowledge and personal development. They also dissect the intimate power of podcasting and the significance of asking the right questions.Eli Marcus has a passion for self-help and motivation. Growing up as a "non-fiction self-help geek," Eli found solace and guidance in books, which later fueled his entrepreneurial spirit. He went on to establish the Seminar Center in New York City, which quickly became the world's largest seminar company, hosting iconic figures ranging from Michael Jackson to motivational speakers like Les Brown. Marcus has embraced the transformative power of podcasting and is the host of The Motivation Show, a popular podcast within the C-Suite Network.You’ll hear Tom and Eli discuss: Podcasting offers a unique intimacy, fostering a one-on-one bonding experience that often reveals insights about a person's journey, interests, and perspectives that might not emerge in other formats. “The quality of your life is determined by the quality of the questions you ask,” Eli says. He encourages listeners to probe deeper and not shy away from asking challenging questions. Success doesn't come from a one-off motivational boost. Instead, it's about constant learning, repetitive practice, and reaching a tipping point that significantly alters your perspective. Eli’s approach to his podcast involves asking the questions that pique his curiosity most; he believes his audience will share this curiosity. Passion is integral to making engaging podcasts, as it resonates with listeners even on an audio level. Eli's favored guests are individuals who are well-known or have a large audience. However, he also looks for fascinating individuals, regardless of their following. Learning deep things and understanding the perspectives of others can help you complain less and appreciate more. The perspective of "Don't sweat the small stuff" is valuable, and most things, in reality, are small stuff, excluding significant life events like the death of a loved one. Celebration and positivity even in times of grief can be a powerful coping mechanism. KEY QUOTES:“The quality of your life is determined by the quality of the questions you ask." - Eli Marcus"I always wanted to stay in the self help game, right? How can I do this in the easiest way and just get started? And that's the beauty of being able to do the podcast." - Eli Marcus"It's not like you drink water once and you're good for the rest of the year. The same thing with motivation or learning. You just got to keep learning over and over again. And sometimes what Malcolm Gladwell calls the tipping point, you need maybe 1000th time or repetition finally before it sinks in and it tips things over your way. " - Eli MarcusResources:Eli Marcus on LinkedIn | Instagram | Twitter | Email

Cybersecurity isn't just the business of the future - it's the war of today. In this episode of Innovation In Compliance, Tom Fox and guest Patrick Hynds, CEO of Pulsar Security, delve into the world of cybersecurity and its implications for organizations of all sizes. From ransomware threats to the role of government in this expanding battlefield, Patrick discusses the evolution of cyber attacks, the importance of ongoing vigilance, and practical steps businesses can take to defend themselves. Patrick unpacks the concept of the 'Pyramid of Threats', and discusses why continuous network maintenance is crucial for cybersecurity. He also shares his predictions on the future of global cyber threats.Patrick Hynds is a veteran-turned-technology entrepreneur with a distinct perspective on cybersecurity. An alumnus of the prestigious military academy at West Point, Patrick served as an infantry officer in the first Gulf War. His early affinity for programming, paired with the perspective gained from his military experience, propelled him into the field of technology. In 1996, he incorporated his company, Pulsar Security, which today is a leading provider of penetration testing services, enabling organizations to identify and address their vulnerabilities.Tune in to hear Tom and Patrick talk about: Cybersecurity is a necessity in today's interconnected world, impacting entities ranging from billion-dollar corporations to individual users. Pulsar Security offers penetration testing or Red Team services, effectively operating as 'hackers for hire' to identify potential vulnerabilities in client organizations. Cyberattacks are a persistent risk that need to be managed strategically, not just identified. It affects even the smallest organizations and individuals. Pulsar Security's new product, Cyber Shield, is designed to help smaller organizations manage their cybersecurity at an affordable level. There is a significant shortage of cyber engineers in the industry, with an estimated 3 million positions unfilled worldwide. Awareness and education are key in enhancing cybersecurity. Simple actions like enabling two-factor authentication, managing passwords effectively, and regular patching can greatly improve security. The role of government in the cyber realm is evolving, with agencies like SISA and NIST offering resources and guidelines to help organizations enhance their security posture. Patrick and his team developed the "Pyramid of Threats" to help people envision the cybersecurity risks they face: The bottom layer of this pyramid includes script kiddies who use easily obtainable scripts to exploit vulnerabilities in systems, often leading to data theft and sales on the dark web. The next level up includes people with personal grudges who are tech-savvy enough to launch attacks. They tend to focus on specific targets, making them potentially more dangerous than the script kiddies. The third layer of the pyramid consists of syndicates who are primarily financially motivated. They use similar tactics to script kiddies but tend to target systems with known vulnerabilities to launch ransomware attacks, steal identities, or mine Bitcoin. KEY QUOTES:"For these large organizations, we provide what's called penetration testing or Red Team services. We'll attack them on a regular basis, sometimes on a continuous basis, to see where their vulnerabilities are. Because you can't see your own vulnerabilities most of the time." - Patrick Hynds"We've developed the thing called the Pyramid of Threats. …the Pyramid of Threats is meant to try to help people envision what the risks are, who's coming after you" - Patrick Hynds"Unfortunately, I don't think people can forget about cybersecurity. That's never going to happen. It's not thinking about a media campaign. Companies don't have that luxury because the cat's out of the bag." - Patrick HyndsResources:Patrick Hynds on LinkedIn | TwitterPulsar Security | Podcasts

Asha Palmer is on a mission to revolutionize the ethics and compliance profession. She joins Tom Fox in this episode of Innovation in Compliance to discuss how marrying technology with ethics and compliance can lead to unprecedented strides in the profession. She shares her new role at Skillsoft, insights on leveraging technology to support learning objectives, and why it’s important to understand different learning styles for more effective training outcomes.Asha Palmer is the Senior Vice President of Compliance Solutions at Skillsoft, where she leads the strategy and product roadmap, delivering transformative learning experiences. She has a wealth of experience from her previous roles, including her time in the U.S. Attorney's office, as well as working at Conversant and OneTrust. A seasoned compliance professional, Asha is applying the skills she's honed throughout her career to enhance the ethics and compliance profession.You’ll hear Tom and Asha discuss: Technology plays a crucial role in the scalability and sustainability of the ethics and compliance profession. Asha advocates for an understanding of different learning styles to deliver more effective training and compliance communications. It’s important to understand the ‘why' behind business operations to drive meaningful outcomes for both administrators and learners. Trainers need to provide a varied learning experience to cater to different types of learners, fighting the forgetting curve and ensuring information retention. Asha stresses the importance of delivering compliance training in a way that is tailored to the audience's comfort, language, and culture.  The speed of delivery can affect comprehension, especially for non-native English speakers. As such, training should be delivered at a pace that enables learners to retain and apply the information. Asha discusses the challenge of delivering compliance learning globally. It involves adapting to various languages, cultures, and legal and regulatory requirements. Skillsoft updates training modules in response to new or changing regulations, and emerging risks. Their strategy includes listening to customer needs and creating a roadmap to meet those needs. It’s important to create a sustainable ethical and compliant culture within organizations. Asha encourages open conversation and learning from successes and failures in order to improve the effectiveness of ethics and compliance programs. KEY QUOTES:"I have a hashtag, don't lose the learner. Because if you lose the learner, you'll never get them back." - Asha Palmer"One of the great things I've learned is that we can't be sustainable or scalable without the help and benefit of technology." - Asha Palmer"We listen to our customers. I talk to customers a lot. As I said earlier, if there is something that they need to educate on that we haven't thought about, we go think about it and we think about how we can effectively then present learning and engagement so that they are able to educate their employee population on that." - Asha PalmerResources:Asha Palmer on Skillsoft | LinkedIn Skillsoft

According to Curtis Preston, Chief Technical Evangelist at Druva, cyberattacks are not a matter of "if," but "when." In this episode, Tom Fox. and Curtis dive into the importance of backup systems and cyber resilience to protect against ransomware and other types of cyberattacks. Curtis shares his insights on how to limit the blast radius of an attack, why you should assume a breach, and the need to have a playbook and a cyber response team in place. They also discuss the role of state-sponsored attacks in non-kinetic warfare and the need for increased cyber resilience as we approach 2030.W. Curtis Preston has 30 years of experience in the backup and data protection industry. He started his career at MBNA, the second-largest credit card company in 1993, and has been specializing in backup servers ever since. He is currently the Chief Technical Evangelist at Druva, where he talks, writes, and hosts podcasts about data protection systems. Curtis is also known as ‘Mr. Backup’, a moniker that he adopted while writing his first book on backups.You’ll hear Tom and Curtis discuss: SaaS-based data protection systems are becoming increasingly important as more companies rely on SaaS infrastructures like Microsoft 365 and Google Workspace. Companies should not count on these providers to protect their data; they should consider using SaaS-based backup systems instead. Curtis tells Tom, “There should be security interest, as well as technical and storage and network interest. All of those interests should be reflected in the implementation of such an important system as a data protection system.” Ransomware attackers are now targeting backup systems directly, making it crucial for companies to modernize the security infrastructure of their backup systems. They can do this by using SaaS-based systems that come with modern security features such as multi-factor authentication, triggers and alerts, and the concept of least privilege. The inefficiencies and difficulties of a typical on-premises backup infrastructure, such as overbuilding and overengineering, can be solved by using a SaaS-based system where companies only pay for what they are actually using. Fire drills, or ransomware drills, can help companies develop “muscle memory” and test their incident response playbook before an actual attack occurs. Role-based administration is important to limit the blast radius in case an administrator's account is compromised. Each person involved in the backup process should have specific roles and responsibilities. State-sponsored attacks on American businesses, especially from Russia, are increasing. It's important to beef up defenses, assume breaches, and have a playbook ready to respond to ransomware attacks. By 2030, cyber resilience and protection topics will increase as people become more aware of cyberattacks. Passwords will be a thing of the past, and people will have to live in a world of constant cyberattacks. KEY QUOTES:"Today, I think the average user is so used to equipment that just works, they don't really think as much about backup and recovery, I think, as we did back in the day." - Curtis Preston"By the way, I do think by 2030, passwords will be a thing of the past." - Curtis Preston"It's also having a robust backup plan in place with sufficient security protocols and that when you are attacked, not if when you are attacked, they can't take your star player out, and if it all does go down, you have a way to at least build back." - Curtis PrestonResources:Curtis Preston on LinkedIn | TwitterBackup Central | Druva

Paul Valente, CEO and co-founder of VISO Trust and former CISO at Restoration Hardware, Lending Club and ASAPP, talks about automated third-party cyber risk management. He discusses why vendor data copies increase risk. He emphasizes boards' oversight duties and the need for continuous monitoring. He explains how automation and Document Intelligence replace slow questionnaires and enable auditability.

AI is a horizontal force that can be applied to every department and industry, from retail to banking, legal to HR. The market size for AI is projected to be over $680 billion by 2030, making it one of the most significant technological advances in modern history. Brian Sathianathan, Chief Digital Officer and co-founder of Iterate.ai, joins host Tom Fox on this episode of Innovation In Compliance to discuss the transformative power of low code software and AI for enterprise transformation. Brian Sathianathan is the Chief Digital Officer and co-founder of Iterate.ai, a company that helps large enterprises innovate faster through low code software and AI. Sathianathan began his career as a technologist at Apple, working on their secret products and later starting his own video streaming startup. He then transitioned to venture capital work before founding Iterate.ai with his co-founder John Nordmark.You’ll hear Tom and Brian discuss these ideas: AI is a horizontal force that can be applied to every department and industry. Low code software, such as Iterate.ai's drag and drop software, can help large enterprises innovate faster by building AI and IoT applications 17x faster than traditional methods. AI can be used to scale up a business by improving personalization, image recognition, and even employee hiring and termination. AI can also be applied to supply chain optimization, route optimization, and storage optimization. The AI market is projected to be over $680 billion by 2030, making it one of the most significant technological advances in modern history. Business process automation is becoming more popular as it allows for the removal of repetitive tasks, freeing up time for more creative work. Low code automation started with BPO/BPA processes and eventually expanded to other areas like enterprise applications, consumer ads, and industrial solutions. AI is applicable in BPO processes, particularly within banks, insurance, and finance institutions, where there is a lot of data and conversion from digital data into data that can actually be understood. AI is being used in combination with rule-based or workflow systems, and there will be more code generation and workflow generation happening in the future. Iterate.ai advises boards on use cases and business models to transform the business and eventually work with the senior leaders to get it going. KEY QUOTES:"Innovation is going to be everywhere and we wanted to have a company that helps large companies innovate a lot faster. …We realized that for large companies to innovate more aggressively and more effectively, they need software that actually is connected to all these ecosystems." - Brian Sathianathan"The beautiful thing about AI is that it's what I call a horizontal force. When you have technologies, there are vertical forces that can be only applied in one area of the business or you have horizontal forces which can be applied across the entire area of the business." - Brian Sathianathan"Using a platform like us, you can build a Lego blocks and build a workflow very gracefully, and you can apply AI at every point of the decision-making." - Brian SathianathanResources:Brian Sathianathan on LinkedIn | Twitter | EmailIterate.ai