Drafting Compliance

FedRAMP Readiness: Lessons for SaaS & Growing Enterprises

FedRAMP compliance is one of the toughest challenges facing SaaS companies working with the federal government, and in this episode we explore the most common readiness gaps, misconceptions, and cultural shifts organizations must overcome to succeed. Drawing from extensive experience advising technology companies, we discuss why small SaaS firms often struggle with operational maturity, why FedRAMP compliance timelines frequently extend far beyond initial expectations, and how federal updates such as FedRAMP 20x and NIST 800-171 adoption are reshaping requirements across the supply chain. We cover strategies for managing executive accountability, building sustainable compliance programs, preventing compliance drift, and avoiding costly project delays. Whether you are a startup or a large enterprise seeking FedRAMP authorization, this conversation offers practical insights into achieving and maintaining compliance while adapting to evolving federal requirements.▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Introduction0:18 - Beer3:20 - Pre-C3PAO Readiness Challenges for Small SaaS Companies21:45 - FedRAMP Timeline and Project Management Failures25:10 - Management Accountability and Program Ownership29:40 - Maintaining Long-term Compliance and FCA Risk Management36:00 - Beer Reviews

CCPA live from HyperConnect 2025

Join Kayne and Tom live from San Diego, CA, home of the CCPA, as they sit down with Rob Carson, Founder and CEO of Semper Sec, to unpack what the California Consumer Privacy Act (CCPA) really means for businesses, even outside the Golden State. From Article 9's evolving cybersecurity audit requirements to the tension between ISO standards and California’s growing preference for NIST CSF 2.0, this episode dives deep into what compliance professionals need to know now, and how to prepare before deadlines hit in 2028. Plus, we're cracking open some beers and talking shop: privacy audits, regulatory agility, framework conflicts, and how companies can avoid audit fatigue while still staying secure. Whether you're a CISO, risk pro, or compliance nerd, this is the practical, unfiltered discussion you've been waiting for.

Auditing: AI and the Future

Kayne and Tom talk about an article on the future of auditing with consideration for AI and it’s uses. Along the way, they uncover where organizations should be considering strategic shifts around AI and where they need to exercise caution. Of course we all get to enjoy another face of disgust from an otherwise truly enjoyable beer. Reference documents: https://hyperproof.io/resource/the-future-of-auditing-2025/ Beer:  Cadence (Belgian-Style Ale) by Reformation Brewery ▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:16 - Beer background 4:05 - We’re facing new regulatory requirements like NIS2 and DORA in the EU, along with potential state-by-state regulations in the US, and the challenges of FedRAMP. How should companies be adjusting audit readiness strategies to handle this increasing complexity? 10:45 - Something that I mentioned in the article was that in our IT benchmark survey, we found that 59% of organizations now test all controls rather than just the most important ones. What's your perspective on this shift, and have we made similar changes? 14:45 - How has the integration of AI and cloud technology changed your thinking about auditing and compliance in the past year? 20:30 - What role do you see for external consultants in the audit preparation process? 26:15 - How are we handling the challenge of managing multiple audits simultaneously while avoiding duplication of work across departments? 28:55 - What specific inefficiencies have we identified in our current audit processes, and which technologies have been most helpful in addressing them? 33:40 - The article emphasizes the value of continuous controls monitoring. What measurable benefits have you seen from implementing real-time monitoring of your controls? 39:18 - Beer reviews

How to handle Data Privacy for AI with Dustin Wilcox

Kayne and Tom talk about AI and regulatory consequences with a Special guest, and Tom’s brother, Dustin Wilcox, a Fortune 20 CISO with a Global Healthcare company. They knock back a delicious Porter beer and uncover the secrets of AI and regulatory management. A blockbuster of a good time. ▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:28 - Beer background 4:40 - The balance between AI usage and privacy laws 9:10 - Deepseek and data breaches 15:30 - How do the “right to be forgotten” provisions under GDPR and CCPA impact the development and deployment of AI systems? 22:00 - What are the potential risks and implications for organizations if they fail to identify users interacting with their AI systems in the context of GDPR and CCPA compliance? 25:18 - What are the potential security and privacy risks associated with deploying a GPT LLM using proprietary data without a centralized IT team managing access controls? 35:30 - Can you share best practices for ensuring AI systems are designed to respect user privacy rights? 46:05 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.

Risk Assessment with Adam Brennick

Kayne and Tom talk with Adam Brennick, Director of Security, Risk, and Compliance at Cockroach Labs. Adam dives into the risk assessment process and some of the best practices for building and maturing the risk management lifecycle. Kayne has a surprising score for the beer today and it is marked for future celebrations. Beer: No-Li Squatch Pirate Juicy Haze IPAReference Documents:https://hyperproof.io/resource/iso-27001-statement-of-applicability/https://hyperproof.io/iso-27001/https://youtu.be/PdYu6_m42Ek▬ Contents of this episode ▬▬▬▬▬▬▬▬▬▬ 0:00 - Intro 0:23 - Beer background 4:40 - Intro Questions9:40 - Risk Assessment Supporting Compliance Audits17:00 - Engaging Business Owners in Risk Management23:45 - Risk Treatment and Risk Acceptance Education31:55 - Strengthening Trust in Compliance Reports37:40 - Compliance Reports and Go-to-Market Strategy42:30 - Beer reviews The Drafting Compliance series: To lighten the dark corners of compliance, hosts Kayne and Tom as share with you Hyperproof's journey to becoming FedRAMP moderate, an overall roadmap to achieve FedRAMP compliance in a year, and the tips and tricks they learn along the way. As if compliance isn't fun enough, the hosts also try out a new beer each episode and rate it on a scale from 1-10.