Seiso Side-Up

Episode 19 - Hacklore and Friends

The conversation explores the concept of 'hack lore' and its impact on cybersecurity, focusing on the disconnect between perceived security and actual security. It delves into the myths and misconceptions surrounding security, the role of AI in creating new hack lore, and the need to address the mundane aspects of security. The discussion also highlights the importance of holding companies accountable for customer security outcomes and the challenges of AI in cybersecurity. The conversation delves into the challenges of implementing AI and security in modern workflows, highlighting the need for a secure-by-design approach and the importance of understanding customer security outcomes. It also emphasizes the role of leadership in taking ownership of security and risk. Takeaways * Hack lore: The conversation sheds light on the concept of 'hack lore' and its impact on cybersecurity, emphasizing the need to retire bad advice and focus on the basics. * AI and Hack Lore: The emergence of AI in cybersecurity introduces new challenges and misconceptions, leading to the creation of new hack lore around AI security advice and frameworks. Secure-by-design approach is crucial for AI and cloud systems * Leadership must take ownership of security and risk Chapters * 00:00 AI and Hack Lore: The New Frontier * 25:26 Security as an Afterthought in AI Implementation * 31:11 Cultural Perspective on Applying Security Basics to AI * 39:31 Secure by Design in Real-world AI Environments * 45:25 Ownership of Risk and Accountability * 50:53 Implementing Secure by Design Principles

Episode 18 - vGRC Evolution Part II of II

The conversation delves into the evolving role of GRC professionals, emphasizing the non-negotiable skills, challenges, and the shift from compliance operators to strategic partners. It also explores the influence of GRC on business decisions, burnout prevention, and the importance of continuous learning and risk-based decision-making. Takeaways * Technical understanding and fluency are non-negotiable skills for modern GRC professionals. * Risk management, continuous learning, and business context understanding are crucial for GRC professionals. * Data analytics and risk visualization play a significant role in GRC responsibilities. * GRC professionals are evolving from compliance operators to strategic partners, influencing business decisions earlier in the planning stage. * Challenges for GRC teams include continuous learning, resistance from within GRC and the business, and burnout prevention. * Leadership can better support evolving GRC roles by involving GRC professionals in strategic conversations early and building trust. * Prioritizing cloud hosting, security, and AI technology skills is essential for GRC professionals. * A risk-based approach and proactive decision-making are crucial mindset shifts for modern GRC teams. Chapters * 00:00 Skills for Modern GRC Professionals * 11:08 GRC as a Strategic Partner * 17:20 Challenges and Growing Pains * 22:37 Preventing Burnout

Episode 18 - vGRC Evolution Part I of II

The podcast episode explores the evolution of GRC roles, the impact of automation on GRC tasks, and the strategic shift in GRC expectations. It also delves into the measurement of the value of GRC beyond passing audits. The conversation highlights the expanding nature of GRC roles and the significant impact of automation on GRC tasks. Takeaways * GRC roles are expanding * Automation has significantly impacted GRC tasks Chapters * 00:00 Evolution of GRC Roles * 05:31 Impact of Automation on GRC Tasks * 21:31 Measuring the Value of GRC

Episode 17 - New Year, Same AI Risks

AI is no longer experimental—it’s embedded in enterprise systems, security operations, and everyday business tools. In this episode of The Seiso Side-Up Podcast, host Lauren Shaffer joins Seiso COO Eric Lansbery and co-host Heidi Patrick to discuss why AI security, AI governance, and risk management are now critical priorities. The conversation covers the evolution of AI adoption and the real risks organizations face, including model poisoning, data leakage, hallucinations, and unmanaged GenAI use. Eric shares practical guidance on applying NIST AI Risk Management Framework, ISO/IEC standards, ethical AI, and GRC best practices to build secure, compliant, and resilient AI programs. This episode delivers key 2026 AI governance takeaways for security leaders, GRC professionals, and executives looking to manage AI risk, meet regulatory expectations, and strengthen enterprise trust.

Episode 16 - How to Become a Human Firewall

In this episode, Joe Wynn and Taylor Lee join Lauren to discuss How to Win Friends and Influence People and Crucial Conversations [https://amzn.to/4pFDwn0%20] books. They discuss how to correctly communication phishing attacks, how to listen with empathy and how to lead by example.  Listen to this episode to learn how to become a human firewall.