 |
The Art of Cybersecurity: Real-World Risk & Compliance StrategiesAuthor: Cheri Hotman
Cybersecurity is as much art as it is science or technology. It must be creatively designed, right-sized, implemented, and sustainedall within stealthy constraints: finite time, budget, resources. Meanwhile, customers demand this framework, that standard, and yet another security questionnaire. Its a lot to jugglebalancing security that genuinely protects people and data with the theater that often slips into meaningless checkbox exercises. On this podcast, expect sharp, unfiltered conversations about the realities of cyber and what it truly takes to do it rightand make it actually matter. Language: en-us Genres: Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
Continuous Improvement in Cyber: Findings Are the Point
Friday, 2 January, 2026
In this episode, Cheri Hotman sits down with long-time colleague and GRC leader Peter Spier for a candid, no-nonsense conversation about what actually keeps organizations secure and what quietly puts them at risk.Peter brings more than two decades of experience across PCI, audits, and enterprise risk to unpack a topic most teams avoid. Integrity in GRC. Together, they challenge the obsession with green checkmarks, clean audit reports, and “passing” frameworks while ignoring what really matters. Reducing real risk.This conversation cuts straight through common myths:Why a report with zero findings should make you nervous, not confidentHow audits differ fundamentally from running a security programThe danger of scoping games and checkbox complianceWhy continuous improvement requires uncomfortable conversationsHow ego, incentives, and fear quietly undermine security decisionsCheri and Peter also explore the human side of cybersecurity. Coachability, transparency, and the willingness to surface problems early before attackers do. This episode is for leaders, practitioners, and auditors who care less about appearances and more about building programs that actually protect the business.If you have ever felt uneasy about a “perfect” audit, struggled to push bad news up the chain, or wondered whether your compliance program is giving you a false sense of security, this conversation will resonate.
