Hosted by Meghan Maneval, panelists Stephenie Southard, Steve Gasiamis, and Donald Rome dive into the key trends and challenges shaping the financial landscape in 2025. From navigating regulatory changes and ensuring security resilience, to exploring the rise of digital banking technologies like blockchain, AI, and open banking, guests will discuss how financial institutions must prepare for risks related to third-party management and more. Don’t miss out on a thought provoking and engaging conversation on the ever-evolving financial risk landscape.

Guests: LogicGate CEO, Matt Kunkel and CISO, Nick Kathmann

Historically GRC was viewed as one line in a budget sheet, but that is rapidly changing. GRC practitioners are elevating their programs with tools and technologies that aggregate data and story-tell situational risk, security, compliance changes and more so businesses can make risk-based decisions to move the needle forward. Matt Kunkel and Nick Kathmann will share why good security pays for itself, the role GRC plays in the boardroom and how to connect GRC programs to business impact. 

On this episode of GRC & Me, Netflix’s Tony Martin-Vegue join LogicGate’s Chris Clarke to explore the best ways to navigate this transition, how to learn and leverage popular risk quantification frameworks like Open FAIR, and why you shouldn’t completely throw your colored charts out the window just yet.

That was the premise behind Ted Harrington’s Independent Security Evaluators, a company dedicated to poking holes into other companies’ cyber defenses — for the right reasons, of course. On this episode of GRC & Me, Ted takes LogicGate’s Chris Clarke on a journey down the benevolent hacker’s rabbit hole, where they discuss:

• The difference between white box and black box testing (and which is better.)
• Why carrying these exercises out can build trust and become a competitive advantage in third-party risk assessment.
• Why it’s important to shift your mindset from one that views security as an obstacle to one that views it as an opportunity.
• Uncovering the unknown unknowns in cybersecurity.
• How “defense in depth” strategies can put security teams a step ahead of threat actors.
• The four traits that lead hackers to be successful, and why thinking like one can be an effective way to bolster your cyber defenses.

On this episode of GRC & Me, Ginger joins LogicGate’s Chris Clarke to discuss methods for developing methodical, standardized thought processes for risk decision-making in high-stakes scenarios, how NASA employees are trained to separate logic from emotion, how disasters can inform future mitigation planning, and why the most important part of managing risk is having the right leaders in place.

Allstate Canada's Chief Risk Officer Jason Wang has spent his career assessing and analyzing risk in the financial services space, dedicated to anticipating and mitigating risks just like the one that sank SVB. On this episode of GRC & Me, Jason joins LogicGate’s Chris Clarke to discuss the importance of building a holistic risk register, how to position risk management as a strategic enabler instead of a “revenue prevention” department, why it’s critical to include your chief risk officer on the executive team, and more.

On this episode of GRC & Me, Chris Clarke is joined by Cyberpink’s Founder & Owner, Praj Prayag-Deb, to discuss how to shift your organization’s risk culture toward this new approach, her formula for building successful cyber risk programs from scratch, how leveraging the right technology makes it all possible, and why adopting a growth mindset is critical for every cyber risk leader.

On this episode of GRC & Me, Megan Brown sits down with Wizz Air’s Andras Szabolcs, Cyber Risk Expert, and Peter Szigetvari, Operational Risk Expert, to break down the similarities and differences between two of these new European Union regulations — the Digital Operational Resilience Act, or DORA, and Network and Information Security Directive 2, or NIS2 — how they could affect nearly every company despite their official scope, and how organizations can prepare to comply with them using modern GRC technology.

This audio eBook reveals:

• How to effectively manage third-party relationships (hint: it’s not with spreadsheets)
• Steps to building a robust third-party risk management program that connects ALL the dots
• Why third-party risk management is everyone’s business
• How an interconnected risk program helps you calculate, communicate, mitigate, and report third-party risks

Ready to get proactive with your Third-Party Risk Management strategy? Visit logicgate.com today!

In our season 4 finale of GRC & Me, LogicGate CEO Matt Kunkel and GRC expert Michael Rasmussen covered resilience and agility. In this episode, the two are back to discuss integrity and apply it to the latest GRC trend, ESG or Environmental, Social, and Governance.

In this episode of GRC & Me, Michael Rasmussen and our CEO Matt Kunkel discuss why resiliency is critical for a risk management program. Michael also provides insights into how agility aligns with your organization's strategic plans.

In this episode of GRC & Me, returning guest Dustin Owens, VP of Cyber Risk and Resilience at Kivu Consulting, will break down all the what's, how's, and why's regarding holistic GRC programs and platforms. Dustin also shares some GRC stories about how companies use a holistic GRC approach to achieve business outcomes.

In this episode of GRC & Me, we are joined by Richard Seiersen, who has previously worked for Twilio, GE, and LendingClub as CISO, was a co-founder of Soluble that was acquired by Lacework in 2021, and is currently the Chief Risk Officer at Resilience Insurance. His books include How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto: Confronting Security with Data. Together with Mark Tattersall, VP of Product at LogicGate, we get the skinny on what kind of conversations are happening at the board level and what they really want to see and hear, plus, the rise of insurtech, technology being a driver for consistency, and how all these topics inspired Richard to write his books.

In this GRC & Me episode, we are joined by Adam Gladsden, a third-party risk advisor who heads up the risk advisory practice at SecurityScorecard. Adam guides us as we look at the current cyber threat landscape, the connection to the enterprise's third-party and cyber risks, and how it affects all risk categories. We also discuss how organizations can improve and mature their third-party risk programs.

In this episode of GRC & Me, Bob discusses the importance of risk quantification and how it can help organizations make better strategic decisions. We also discuss how Black Kite’s Open FAIR™ based solution calculates the probable financial impacts of cyber breaches and how it communicates risks in quantitative, easy-to-understand business terms so that organizations can risk smarter and with confidence.

Charlie provides guidance for best practices for implementation and shares real-world examples of how companies have run successful launches with a GRC provider.

While Charlie primarily works in the initial implementation process, he advises customers to maintain a relationship with their GRC provider and look for ongoing opportunities for improved services and applications.

Jason’s forethought and preparation positioned Synergy to successfully navigate COVID-19.

In this episode of GRC & Me, Jason shares his experiences chairing Synergy’s COVID-19 Committee and discusses how to evaluate new risks that have emerged within your company in the aftermath of the pandemic. Jason also speaks to the importance of understanding Environmental Social Governance (ESG), why it’s here to stay, and what you should be doing about it.

Jason believes that everyone is a risk manager in your organization and provides strategies to help you create company-wide buy-in for mitigating risk and protecting your data.

When he realized programming wasn’t his professional calling, he transitioned to the security and cybersecurity space — now, he’s accrued 25 years of experience in the field. 

After being introduced to risk quantification in 2003 as part of the National Security Agency’s INFOSEC Assessment Methodology, Dustin hasn’t looked back. 

As LogicGate’s Principal GRC Architect, he focuses heavily on how risk quantification can help obtain consistent risk findings that are accurately defined in monetary terms.

In this episode of GRC & Me, Dustin breaks down why organizations have much to benefit from adopting risk quantification practices to better assess, manage and respond to risk. Plus, it helps organizations better prioritize the activities that require more attention and investments.

“It makes it very easy to compare risk mitigation activities and whether they do risk acceptance or transfer risk, based on the amount of impact that that risk has to the business,” explains Dustin,” which allows organizations to “see if it makes sense to go in one direction versus another.”

It starts with asking questions. Five of them, to be exact.

Emily Heath, DocuSign’s Chief Trust & Security Officer, covers five questions or pillars to ensure you’re able to confidently speak about your company’s security program.

In this episode of GRC & Me, Emily returns to the podcast to discuss her advice for organizations seeking to drive transparency and competence with both their board of directors and customers. Because the pandemic has changed the risk landscape, Emily believes that the world of GRC must become more resilient. By that, she means organizations should improve their ability to rebound with minimal impact to business. 

A global pandemic has taught both organizations and people that risk is everywhere. And while Emily, who also serves on the board of directors for LogicGate and NortonLifeLock, is determined to help organizations prepare for risks, she also finds time for the small things, such as the cooking blog she began during the pandemic.

With such varied experience, the president and founder knew exactly what he set out to solve when he founded Ascent in 2015: simplifying the knowledge work required to keep up with regulations and maintain compliance. 

To help clients build and automate repeatable compliance programs, Ascent employs artificial intelligence (AI) to produce knowledge sets and streamline processes — for example, it can produce an output in two minutes for a task that could take humans thousands of hours (it’s true!)

In an episode of GRC & Me, Brian explains why AI is the right tool for the job because it allows “people to unlock their potential and their time to focus on different activities.”

In this episode of GRC & Me, Peter and David provide some of their valuable insights about how to incorporate agile GRC technology to make sure it’s actually doing its job to help manage the risks in your company and ensure your business is aligned so successful risk governance can take place and nothing slips through the cracks.

We all face risks in our daily lives, now more than ever. Peter and David are here to help companies handle them with agility and flexibility, and stay tuned: they’re even offering listeners a complimentary consulting session to talk about GRC technology and agile risk governance. Reach out to Peter and David directly: peter.berger@protiviti.nl & david.ngu@protiviti.nl

• “Trust really is ‘security, compliance, and privacy’—it's the three-legged stool.”
• “The ‘compliance’ is a byproduct [of risk], ‘governance’ is the way you operate, but how you truly define ‘risk’ is where the focus is.”
• “Sensitive data being pushed around an organization through e-mails and spreadsheets—that kind of model is not sustainable.”

Show Highlights

[01:43] From a detective in England to Chief Trust & Security Officer at DocuSign
[03:17] Duties and responsibilities of a Chief Trust Officer
[04:26] Evolution of GRC
[05:26] Exciting trends in GRC
[06:42] “Duct tape and bubble gum” concept is alarming
[07:30] What compelled Emily to join LogicGate’s Board of Directors?
[08:57] Advice for women in tech who are seeking leadership roles
[11:15] A little birdy told us...

Resources:

• Connect with Emily on LinkedIn
• Connect with Emily on Twitter
• DocuSign

• There's a number of players providing solutions, but only a small number of true winners that will emerge to set this new standard for usability and effectiveness combined with affordability.
• Risk and compliance needs change so fast that the technology has to be flexible enough to keep up.
• The market is wide open for a company to set the pace for the rest of the pack and for the industry.

Show Highlights

[01:26] Karry's humble start
[03:44] What lead Karry to the GRC space
[04:50] The emergence of SaaS as a business model and how Karry got involved with it
[06:18] Why GRC is a perfect fit for SaaS delivery model
[07:34] What is exciting about GRC today?
[08:33] Where else the market is going in the future?
[09:27] Karry's one element that instills positive culture

Resources:

• Connect with Karry on LinkedIn
• Connect with Karry on Twitter
• Karry’s LogicGate Profile

• Risk assessment is not the same thing as conducting an assessment of your compliance program.
• The risk assessment is not designed to be an audit of every activity your company is doing; it’s designed to scan across the breadth of what your company is doing
• The skill-set needs are changing.

Show Highlights

[01:41] Jack shares what led him to risk and compliance as a career path.
[03:51] How Jack crossed paths with LogicGate founders.
[04:34] Jack explains what is RAMP and how it benefits clients today.
[06:19] How companies can adopt continuous improvement within their compliance programs according to Jack.
[08:58] Some more examples of what you can do for continuous improvement.
[10:13] How things are changing in the near, medium and long term future in the risk and compliance world.
[13:24] The processes clients and companies have taken to ensure success and enabled them to move forward.
[15:00] A brief origin of Jack's other talent.

Resources:

• Connect with Jack on LinkedIn
• Connect with Jack on Twitter
• Connect with Deloitte on LinkedIn
• Deloitte US
• Deloitte UK
• Navigant Consulting
• Huron Consulting
• KPMG
• LogicGate
• Matt Kunkel LinkedIn

• “I'm a firm believer that cyber security is very much a journey.”
• “Do the basics and do them well—that's a strong foundation.”
• “Doing security from a sustainable point of view is trying to develop the right people, the right processes and technologies, which would allow for cyber resilience against whatever the threat landscape might be.”

Show Highlights

[01:12] How Dominic got into his current position
[02:35] The answer to Megan's million dollar question
[03:16] Dominic shares his favorite story
[04:32] How small businesses can develop cyber security while staying in budget
[05:34] Megan agrees that CIS control set is a great tactical and practical way to begin
[06:14] Differentiating cyber security from corporate and enterprise needs
[08:18] Security issues in Canada and how it differs from anywhere else in the world
[09:30] What keeps Dominic up at night
[10:52] What is sustainable security and how to attain it
[12:18] Dominic tells how he got into comedy

Resources:

• Cyber SC
• Connect with Dominic on LinkedIn
• Connect with Dominic on Twitter
• Cyber SC Facebook
• Cyber SC Twitter
• Cyber SC YouTube Channel

• “The more that you can show your customers that you're being a good steward with their data, the more they're likely to trust you. And from a reputational standpoint and a branding standpoint, that's always one of the best benefits and one of the reasons that consumers will choose one product or service over the other.”
• “And I think if you look carefully, the CCPA is quite a blessing. It helps reduce expenses and monetize the information life cycle because you have a better understanding of what's under the hood in your company.”
• “...you know there's not one silver bullet when it comes to preparing data for an information governance strategy, IG is essentially a multidisciplinary type of approach.”

Show Highlights

[01:28] Rafael’s background in law and consulting
[02:35] Discussing Rafel’s company and beginnings
[04:36] The “Olympics of Privacy” 
[05:59] A watershed moment in Compliance and Privacy
[08:05] Rafael’s personal connection to records in California 
[09:05] The incredible moment Rafael received his birth records
[12:00] The “blessing” of CCPA
[14:11] Rafael’s personal opinion of CCPA
[16:19] Best practices for privacy and policy management
[19:30] Policy management systems
[21:04] How to read more about Rafael’s thoughts on these issues
[22:58] The Little Girl With The Big Voice
[24:03] Vendor Risk Management 
[25:00] Being mindful of what’s outside your company walls as well as what’s within them

Resources:

• Connect with Rafael on LinkedIn
• Connect with Rafael on Twitter
• Rafael’s Website
• The Little Girl With the Big Voice

• “Ultimately, you wouldn't go through any of these assessments unless it's driving business.”
• “You don't want to be more secure just so you can be more secure, it's got to be a part of your overall business plan.”
• “You have to start looking at this as a positive business driver instead of something that is just a line item that costs money at the end of the year.”

Show Highlights

[01:15] How Bryan got to where he is now
[01:54] SAS 70 Solutions was born
[03:18] Bryan starts with Abacode
[04:21] The trend Bryan is witnessing in cybersecurity
[05:28] How companies determine what to apply
[07:01] What is FedRAMP?
[08:31] The FedRAMP process
[10:36] What to do internally before seeking outside counsel
[12:39] Bryan's value for customers in the market today
[15:41] GRC best practices and cybersecurity trends
[17:54] A different type of security that Bryan provides!

Resources:

• Connect with Bryan on LinkedIn
• Abacode Cybersecurity Website
• Abacode Cybersecurity LinkedIn
• Abacode Cybersecurity Twitter
• Abacode Cybersecurity Facebook
• Tampa Bay Dalmatian Rescue

• Transparency is very important to consumers right now. You want to make sure that you're clear about what's happening to personal information.
• Have a full and complete understanding of who you share information with.
• You don't want to be held liable for a vendor who misused data.

Show Highlights

• [00:50] Sharing Donata’s background
• [02:12] The nitty-gritty of regulations
• [03:30] The CCPA Bill exodus
• [05:49] Who does the CCPA Bill apply to?
• [06:50] How does the CCPA affect consumers today?
• [07:45] The fundamental differences between CCPA and GDPR
• [10:40] CCPA penalty provisions
• [11:52] Top three tactical tips to ensure compliance
• [15:34] Will there be swifter actions for non-compliant companies?
• [17:29] CCPA as a bellwether for future regulations.
• [19:24] Trends to anticipate
• [22:32] How Donata and Termageddon works with folks
• [24:05] Termageddon's origin and the impetus behind

Resources:

• Termageddon
• Connect with Termageddon on Twitter
• Connect with Termageddon on Facebook
• Connect with Donata on LinkedIn
• US Federal Privacy Law Tracker
• GDPR
• CCPA

• Defensibility is the ultimate concept that everybody drives to—whether they say it out loud or not.
• In the security landscape we see today, there are many opportunities for improvement.
• Even when I employ all of my resources, even when I put my best foot forward out there, failures can occur in my ability to protect data.

Show Highlights
[00:47] Neil introduces Asureti.
[01:23] What is SRCP?
[02:45] Do organizations have solid strategy around GRC principles today?
[04:50] The functions that need to be in place.
[07:36] The concept of "Good enough can be the cool."
[09:30] What should organizations be thinking about in terms of preparedness or potential consequences?
[11:09] The cliche of "Nothing bad has ever happened before.''
[12:54] Neil's encouragement to everyone.

Resources:
Asureti Website
Connect with Neil on LinkedIn

Resources:
Connect with Megan on LinkedIn
Connect with Megan on Twitter
Connect with Megan on LogicGate

• Risk Management is not really a profession. It's a competency that should be part of most degrees, if not all the degrees, at universities.
• Most organizations have been disillusioned with the astrology version of risk management.
• Sometimes, even a little quantification improves the quality of decision-making significantly.

Show Highlights
[01:17] Alex shares what the Risk Academy provides
[03:02] How Alex got into risk
[05:13] Alex's "controversial" blog
[08:04] Methodologies, strategies, importance
[13:52] What forces Alex to be controversial
[16:16] Brilliant idea of dumbing it down
[17:42] Approaching risk quantification
[20:37] The real question is, how complex can we go?
[23:29] How and when organizations should approach quantification
[26:00] An unrealistic fairytale based on averages
[29:03] Cultural difference in risk management approach
[30:00] Alex's predictions in the coming years
[34:17] Final nuggets of wisdom

Resources:
RISK-ACADEMY
Connect with Alex on LinkedIn
Connect with Alex on Twitter
Prospect Theory: An Analysis of Decision Under Risk by Daniel Kahneman and Amos Tversky
Judgment under Uncertainty: Heuristics and Biases by Daniel Kahneman and Amos Tversky
Foundations of Behavioral and Experimental Economics by Daniel Kahneman and Vernon Smith
How to Measure Anything: Finding the Value of ‘Intangibles’ in Business
Probability Management Conference
Monte Carlo Simulation
Moneyball
The Flaw of Averages: Why We Underestimate Risk in the Face of Uncertainty by Sam L. Savage

• It's tough to keep up without good technology
• The transparency between parties is tough with financial institutions
• A single point of failure can also be a single point of fraud

Show Highlights:
[02:50] Challenges that the smaller financial institutions have in their risk management programs
[07:13] The significant irony in financial institutions
[09:01] What Terri brings to the table
[10:50] Creating a culture of risk-awareness
[12:24] Reactive planning versus strategy planning
[14:25] The shift Terri has seen
[15:32] The unfortunate indicator
[16:45] Terri's opinion on banks reducing their operational costs
[19:43] One of the areas of challenge of heavily-regulated organizations
[21:37] What works and what doesn't for acquired financial institutions
[25:03] More tips for acquiring financial institutions
[26:49] Guilty by association
[27:59] Rounding up with the most shocking fraud story

Resources:
Secura Risk Management Website
Connect with Terri on LinkedIn
Connect with Terri on Twitter
Ozark Show

• There's a big need in the marketplace for a technology that’s flexible and dynamic, yet easy to use from an end-business-user perspective.
• “I took an educated bet that the market was right for a disruptive perspective.”
• “Everyone is somewhere between ought-to-buy and needs-to-buy a GRC platform.”

Show Highlights:
[01:08] How the committee got started.
[2:53] Matt's handling of projects related to the Lehman Brothers’ fallout and the Madoff scandal
[3:11] Starting a custom app dev group at Navigant Consulting
[3:41] How he helped JPMorgan Chase’s mortgage bank get out of consent order with OCC
[4:11] What is the Dodd-Frank Ruling?
[4:54] The platform technology built for JPMorgan Chase to get compliant
[7:43] Why Chase ultimately went to Navigant
[9:25] The ‘lightbulb moment’ for Matt
[10:38] The search for different solutions
[11:50] Matt shares why he started LogicGate
[12:21] How did Matt pull the trigger and decide to leave his comfortable position and take that huge risk?
[14:18] The most interesting part of the platform
[15:36] How Matt views LogicGate
[16:31] Insight on how the company’s mascot (The GOAT) came to be
[18:05] What’s next for LogicGate?

Resources:
LogicGate's Website
Connect with Matt on LinkedIn
Connect with Matt on Twitter
Navigant Group
Dodd-Frank Ruling
GDPR
California Consumer Privacy Act

• Focus on critical items first and make sure you have people and processes in place beforehand.
• If technology is flexible, you can continue to scale and grow and change your processes over time.
• Start simple, drive value in one place, and then build that over time.

Show Highlights

[1:35] Szuyin’s consulting background and why she got certed
[2:33] Finding out about LogicGate
[03:34] The common challenges getting started
[4:46] The number one thing Szuyin recommends
[6:23] Keep it simple and less is more
[7:58] What holds small and mid-sized companies in a status quo?
[12:36] Preparing and ensuring a successful launch and avoiding losing the momentum post-implementation
[15:14] The other big thing
[16:45] Processes involving high-level metrics and what to look for
[18:02] A brief tangent on fair risk methodology
[20:04] What trends and solutions are making the biggest impact?
[22:32] The key priority right now
[23:00] Using risk to inform business-making decisions

Resources:

LogicGate
Connect with Szuyin on LinkedIn
Read up on Szuyin’s Work on Medium

• It’s important to first establish what your company is trying to accomplish with its GRC program.
• Frameworks are like the human body; you've got multiple systems involved. All those come together to help form a GRC program.
• In light of data breaches, consumers are picking up on privacy. They're demanding better practices with their personal data.

Show Highlights
[01:09] How Michael got involved in GRC
[02:35] What frustrates Michael
[04:39] The GRC moves, changes, and challenges
[06:32] Why organizations need strategy around GRC
[09:17] Deciding what framework is the best fit
[13:37] The trends Michael sees and what it indicates
[14:56] Success metrics for GRC teams
[17:17] Defining agile and what’s behind the emergence
[20:09] The differentiating factors among GRC solutions
[21:26] Massive data breaches; how they will shape the future of GRC
[22:45] Michael answers a “loaded” question

Connect with Michael on LinkedIn
Connect with Michael on Twitter
GRC 20/20
GDPR
California Consumer Privacy Act
Ten Thousand Commandments
The Competitive Enterprise Institute

• A data model is the underlying architecture that underpins any GRC program.
• We live in a world that is constantly moving, changing, and evolving. That’s why flexibility in business systems is key.
• Flexibility means being able to put a program in place on day one, without a final vision of where it’s going—it can change and adapt to changing requirements along the way.

Show Highlights
[01:07] Matt’s background
[03:50] Why data models are important to an effective GRC program
[05:10] The problems with a traditional data model
[07:55] How a flexible data model is really different
[09:25] Why choose a flexible data model
[12:24] How data model flexibility is innovating how we do business
[13:48] What innovation is developing from a flexible data model
[15:42] Matt's advice
[16:18] How Matt helped companies overcome obstacles

Resources:

• LogicGate's Website
• Connect with Matt on LinkedIn
• Connect with Matt on Twitter

This podcast is perfect for you if:

• You’re in a role concerned with corporate governance, risk management, or compliance (GRC)
• You want to protect your company and your brand
• You simply love GRC like Kelley does!

Tune in every month to learn from GRC experts and thought leaders, catch up on industry-shaping news, and better understand the decisions that drive results in your company.

Connect with Kelley on LinkedIn!