How Can a Well-Structured GRC Program Give You a Competitive Edge?
In our last Super Cyber Friday, "Hacking Competitive GRC: An hour of critical thinking about how to get ahead of your competition with a well-structured program," we explored how organizations can transform governance, risk, and compliance (GRC) from a checkbox exercise into a strategic advantage. Joining us for this conversation were Markindey Sineus , GRC SME, Vanta , and Quincy Castro , CISO, Redis .
HUGE thanks to our sponsor, Vanta
Watch the full video here:?
Did you know that we have an events calendar? Visit our events page to subscribe so you can stay up to date on Super Cyber Friday and other CISO Series content.
Join us next Friday (03-21-25) for “Hacking the Commodification of Cyber Crime”
Super Cyber Friday will be back next Friday, March 21st, 2025 for our discussion “Hacking Narrative Threats: An hour of critical thinking about measuring the risks you least control.”
It all starts at 1 PM ET/10 AM PT.
Best Quotes from our guests
"You find yourself in that situation where the nature of being a startup is you're making innovative stuff that people want to buy, but you're trying to sell to some of the most stringent and rigorous companies in the world." – Quincy Castro, Redis
"It's really important to come in and just own who you are. I think there's a lot of people out there that think, ‘Oh, I've got to go in and there can’t be any nos on this spreadsheet,’ but that’s not true." – Quincy Castro, Redis
"Big enterprise buyers know you’re a startup. They don’t expect perfection, but they do expect honesty. Trying to make things look better than they are will backfire." – Quincy Castro, Redis
"We want to shift the conversation from compliance to business enablement because, at the end of the day, it’s going to shorten those sales cycles when your prospects see that you have an ISO certification or a SOC 2." – Markindey Sineus, Vanta
"Risk management is an ongoing process. A lot of people think it’s something you do once or twice a year, but really, how you set yourself apart is by addressing risks as they arise, not just during audits." – Markindey Sineus, Vanta
Quotes from the chat room
"Map your committed frameworks to your internal one to streamline controls and requirements." - Ann Montaniel Al-Oteiby , senior director of security compliance, Dragos, Inc.
"Track bids or customer engagements that you won, which required a compliance standard. Report regularly to senior leadership on the contracts won, and the opportunities lost in order to justify future compliance efforts." - Duane Gran , director of information security, Converge Technology Solutions Corp. ?
"Seems like the goal of competitive GRC is to 'never lose a deal merely based on security/privacy practices'. Which is something that as far as I know never really happens, except maybe with security product buyers because they deeply care about the security/privacy of their vendors." - Justin P. , director, security trust and risk, Klaviyo
"Most people focus on compliance. If you build a culture of managing the negative impacts of risk, you will align to business strategy, appetite, and build the support to maintain a sustainable program." - Ann Montaniel Al-Oteiby , senior director of security compliance, Dragos, Inc.
"I have reviewed so many SOC and ISO reports that when you dig into them, the scope of services does not cover the services your company is actually paying for." - Mathew Biby , CISO advisory board, Strobes Security, Inc.
Senior Director of Security Compliance - GRC at Dragos, Inc.
1 天前First time I’ve attended these, glad I found this, it definitely won’t be the last… format is good and love that you make time for Q&A - discussion!