Compliance Is Not Security | A Conversation With Compliance Guru, AJ Yawn | Tech Done Different With Ted Harrington

In this episode of Tech Done Different, we hear from compliance expert AJ Yawn. Perhaps the most surprising takeaway from this dynamic chat with a guru in compliance? Security and compliance are not the same thing. Yet, done properly, compliance can be a powerful driver for security. 

Listen in to learn:

why compliance reports should get better over time (and why a "clean report" is neither realistic nor a good thing)why cursory, scan-based "penetration testing" (meaning, really vulnerability scanning) does a disservice in many caseshow to get meaningful work done, in two steps: 1) meditate, and 2) the 90/90/1 Rulewhy to wake up earlyhow technology will shape the future of compliance testingwhy auditors should be advisors, not box-checkershow to vet auditors, and why different auditors are appropriate for different projects (and they're not all the same!)why you don't want auditors who have framework knowledge, but rather technical knowledgewhy compliance is not security (but security could be compliance)how to think about change, reassessments, and doing them soonerwhy the power of following up is "where you catch things"

Guest
AJ Yawn, CEO, ByteChek (@AjYawn on Twitter)

Host
Ted Harrington

This Episode’s Sponsors

If you’d like to sponsor this or any other podcast episode on ITSPmagazine, you can learn more here: https://www.itspmagazine.com/podcast-series-sponsorships

For more podcast stories from Tech Done Different With Ted Harrington: https://www.itspmagazine.com/tech-done-different-podcast

Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships

Learn more about Ted and his book at https://hackablebook.com