{"version":"1.0","type":"rich","provider_name":"Acast","provider_url":"https://acast.com","height":250,"width":700,"html":"<iframe src=\"https://embed.acast.com/$/6702dcb9c88f09c3e0b9a10a/68e67c6f79fd6a22445bcb20?\" frameBorder=\"0\" width=\"700\" height=\"250\"></iframe>","title":"Clean Reports, Flawed Systems, and the Future of GRC","description":"<p>TJ, Kendra, and Elliot are back, and welcomed <a href=\"https://www.linkedin.com/in/evan-millman-cissp-2291261a/\" rel=\"noopener noreferrer\" target=\"_blank\">Evan Millman</a>, GRC Manager at Abnormal Security, for what started as a casual chat and evolved into a sharp look at compliance blind spots, the role of AI in GRC, and how professionals can shape their careers in a changing field.</p><p><br></p><p><strong>[00:02:00]</strong> Evan shares how he used ChatGPT to analyze a risk assessment report.</p><p><strong>[00:05:00]</strong> What GRC leadership looks like at Abnormal Security (ISO 27001, 27701, 42001, SOC 2).</p><p><strong>[00:07:00]</strong> The complicated relationship between organizations and auditors — bias, incentives, and the reality of “clean” reports.</p><p><strong>[00:12:00]</strong> Why third-party attestations are table stakes, not real assurance.</p><p><strong>[00:19:00]</strong> TJ and Evan debate solutions: peer reviews, government oversight, or is the system fundamentally flawed?</p><p><strong>[00:27:00]</strong> How Abnormal approaches vendor risk: criticality ratings, renewals, and compensating controls.</p><p><strong>[00:32:00]</strong> Tools and automation in GRC — benefits and buyer’s remorse.</p><p><strong>[00:36:00]</strong> The role of AI: evidence review, documentation search, and “trust but verify.”</p><p><strong>[00:39:00]</strong> Should GRC professionals become coders, or double down on soft skills?</p><p><strong>[00:44:00]</strong> Evan’s career advice: networking, persistence, and why soft skills matter more than technical depth.</p>","author_name":"Chaos"}