GRC & Me

Chris Patteson, The Risk Wrangler, discusses the importance of resiliency and agility in risk management. Topics include maintaining operations during disruptions, cyber attack recovery plans, board-level agility, ransomware threat mitigation, and the role of GRC programs in maintaining security.

For centuries philosophers have given us the four cardinal virtues: prudence, justice, fortitude, and temperance. For the GRC community at large, there is more than enough room to add to these to cover our unique world and its dealings. At LogicGate, we think that resilience, agility, and integrity are perfect additions.In our season 4 finale of GRC & Me, LogicGate CEO Matt Kunkel and GRC expert Michael Rasmussen covered resilience and agility. In this episode, the two are back to discuss integrity and apply it to the latest GRC trend, ESG or Environmental, Social, and Governance.

It's a new year, and that means new resolutions. Move over pushups and pilates; we're kicking off the new year with a two-part podcast meant to get your 2022 off to a great start. If you are looking to have a more resilient and agile GRC program — and to find out how these two intersect with GRC practices and why they matter — then you have come to the right place!In this episode of GRC & Me, Michael Rasmussen and our CEO Matt Kunkel discuss why resiliency is critical for a risk management program. Michael also provides insights into how agility aligns with your organization's strategic plans.

Have you ever wondered what exactly holistic GRC is? What does it look like, and do people really mean when they say a “holistic GRC program”?In this episode of GRC & Me, returning guest Dustin Owens, VP of Cyber Risk and Resilience at Kivu Consulting, will break down all the what's, how's, and why's regarding holistic GRC programs and platforms. Dustin also shares some GRC stories about how companies use a holistic GRC approach to achieve business outcomes.

Have you ever worried about how you should communicate risks to the board? How much data can they handle?In this episode of GRC & Me, we are joined by Richard Seiersen, who has previously worked for Twilio, GE, and LendingClub as CISO, was a co-founder of Soluble that was acquired by Lacework in 2021, and is currently the Chief Risk Officer at Resilience Insurance. His books include How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto: Confronting Security with Data. Together with Mark Tattersall, VP of Product at LogicGate, we get the skinny on what kind of conversations are happening at the board level and what they really want to see and hear, plus, the rise of insurtech, technology being a driver for consistency, and how all these topics inspired Richard to write his books.

Do you see cybersecurity troubled waters coming your way but don’t know how to navigate the storm? With a good course charted, a strong and united crew, and a savvy captain you can navigate even the scariest of threat seas.In this GRC & Me episode, we are joined by Adam Gladsden, a third-party risk advisor who heads up the risk advisory practice at SecurityScorecard. Adam guides us as we look at the current cyber threat landscape, the connection to the enterprise's third-party and cyber risks, and how it affects all risk categories. We also discuss how organizations can improve and mature their third-party risk programs.

Learn how risk quantification can help organizations prioritize risks, the limitations of qualitative risk assessment, the use of the Monte Carlo method to reduce uncertainty, quantifying risk based on financial impact, and the importance of cyber insurance in risk management.

Charlie Meyer is LogicGate’s Implementation Services Manager. In his role, he has served at the helm of countless implementation strategies for GRC solutions. Charlie provides guidance for best practices for implementation and shares real-world examples of how companies have run successful launches with a GRC provider.While Charlie primarily works in the initial implementation process, he advises customers to maintain a relationship with their GRC provider and look for ongoing opportunities for improved services and applications.

Jason Wang, Chief Risk Officer at Synergy Credit Union, joined the financial institution  to build out and enhance its  enterprise risk management functions, including a disaster recovery and pandemic response framework — all just before the start of the pandemic.Jason’s forethought and preparation positioned Synergy to successfully navigate COVID-19.In this episode of GRC & Me, Jason shares his experiences chairing Synergy’s COVID-19 Committee and discusses how to evaluate new risks that have emerged within your company in the aftermath of the pandemic. Jason also speaks to the importance of understanding Environmental Social Governance (ESG), why it’s here to stay, and what you should be doing about it.Jason believes that everyone is a risk manager in your organization and provides strategies to help you create company-wide buy-in for mitigating risk and protecting your data.

Dustin Owens’ extensive background in GRC began with an undergraduate degree in computer information systems. When he realized programming wasn’t his professional calling, he transitioned to the security and cybersecurity space — now, he’s accrued 25 years of experience in the field. After being introduced to risk quantification in 2003 as part of the National Security Agency’s INFOSEC Assessment Methodology, Dustin hasn’t looked back. As LogicGate’s Principal GRC Architect, he focuses heavily on how risk quantification can help obtain consistent risk findings that are accurately defined in monetary terms.In this episode of GRC & Me, Dustin breaks down why organizations have much to benefit from adopting risk quantification practices to better assess, manage and respond to risk. Plus, it helps organizations better prioritize the activities that require more attention and investments.“It makes it very easy to compare risk mitigation activities and whether they do risk acceptance or transfer risk, based on the amount of impact that that risk has to the business,” explains Dustin,” which allows organizations to “see if it makes sense to go in one direction versus another.”