#AuditTuesday GRC Podcast

Hosted by YouAttest

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

Jun 2026

Language

EN-US

About the show

Every Tuesday we're sharing valuable content for you with the leading authorities in GRC, Compliance and Identity Security.

Listen to episodes

60 recent

June 9, 2026Episode 1043 min

Turning Identity Data Into Cyber Risk Intelligence - RKON + YouAttest, #AuditTuesday

Identity data is everywhere — but turning it into actionable cyber risk insight?That’s where most organizations struggle.IAMs get deployed, 2FA turned on, Access reviews get completed. But the real question remains:👉 What is your identity risk right now?After a year in the making, RKON has developed the IAM Maturity Intelligence Center — a cyber risk portal designed to transform identity activity into real-time, measurable risk.In this live session, RKON and YouAttest will walk through how organizations can move beyond static governance and into continuous identity risk intelligence.🔍 What you’ll learn:- How to turn identity audits into real cyber risk signals- The KPIs that actually matter (audit coverage, user review cadence, stale access)- How the IAM Maturity Intelligence Center delivers a single view of identity risk- How YouAttest integrates to provide continuous identity GRC visibility👥 Featuring:Duane Clouse – Senior Manager, IAM & Zero Trust, RKONGarret Grajek – CEO, YouAttestKashif Mehmood – Technical Field Director, YouAttestIf you’re still relying on periodic reviews and spreadsheets to understand identity risk, this session will challenge that model — and show what’s next.For more information, reach out to us @YouAttest , https://youattest.com and info@youattest.com. RKON can be reached at sales@youattest.com, https://rkon.com.

May 26, 2026Episode 946 min

From SBOM to Access Governance: Closing the Supply Chain Gap

Software supply chain risk is exploding — but most organizations still treat it as a code problem, not a control problem.In this live session, Interlynk and YouAttest connect the dots between software composition risk and identity governance — showing how SBOM insights must tie back to who can access, build, and ship software.🔍 What you’ll learn: - How SBOMs expose hidden risk in your software supply chain - How identity governance applies to developers, pipelines, and build systems - How to connect SBOM findings to access reviews and least privilege enforcement - How YouAttest helps operationalize identity controls across the SDLC👥 Featuring: Surendra Pathak – CEO, Interlynk Garret Grajek – CEO, YouAttest Shannon Noonan - CEO, HiNoon ConsultingIf you’re investing in SBOMs but not governing who controls the software lifecycle, you’re only solving half the problem.Register now to see how software supply chain security and identity governance finally come together.To learn more - contact us at YouAttest: https://youatest.com/contact

April 29, 2026Episode 839 min

Who Has Access to Your Systems? Featuring Dino Price of AgileGRC

Identity is still the #1 control auditors and attackers look at first — but most small and mid-sized organizations are still struggling to answer:Who has access to what… and is it a risk?Join us for a live conversation with Dino Price (AgileGRC) as we break down how identity directly impacts:- SOC 2, HITRUST, and CMMC readiness- Day-to-day security operations- Real-world risk (not just audit checkboxes)No theory. No enterprise fluff. Just what actually works.What we’ll cover (more practical framing) ✅ What an Identity Risk Assessment actually looks like for SMBs ✅ The most common identity gaps we see in SOC 2, HITRUST, and CMMC ✅ How to find orphaned accounts, stale users, and over-permissioned access ✅ Why service accounts and shared access are still a major blind spot ✅ Practical steps you can take this quarter (not a 12-month roadmap)

April 7, 2026Episode 736 min

Let's talk to The GRC Recruiter - #AuditTuesday w/ Pete Strouse

Thinking about a career in GRC—or trying to hire the right talent?Join us for this live #AuditTuesday session featuring Pete Strouse, “The GRC Recruiter”, CEO & Founder of InfoSec Connect. Pete brings deep, real-world insight from the front lines of GRC hiring—and will share what he’s seeing across the market today.This isn’t just theory—Pete will break down what actually works, what employers are looking for, and where opportunities are emerging. Plus, he’ll be taking your live questions during the session.In this episode, we’ll cover:The most in-demand GRC roles for 2026What backgrounds, certifications, and experience actually matterHow the GRC job market is evolving with AI, identity, and compliance pressuresPractical insights for both job seekers and hiring managersWhether you're looking to break into GRC, level up your career, or understand how to build a high-performing GRC team—this session will give you real-world perspective you won’t get from job boards.

March 24, 2026Episode 640 min

Time for an Identity Risk Assessment w/ Neil Chapman, Ph.D., and IntraSystems

Identity has become the control plane for modern security — yet most organizations still don’t have a clear answer to one critical question:Who has access to what… and should they?Join us for a live conversation with Neil Chapman, PhD (IntraSystems) as we explore why identity is now at the center of cyber security.In this session, we’ll break down: ✅ What an Identity Risk Assessment is — and why it’s overdue ✅ How to uncover orphaned, stale, and over-privileged accounts ✅ Why service accounts and key roles create hidden exposure ✅ What auditors and attackers look for first in the identity layer ✅ Practical steps security and governance teams can take immediately🎙 Featuring: Neil Chapman, Ph.D – IntraSystems Garret Grajek – YouAttestIf identity governance, least privilege, and modern risk assessments are on your 2026 roadmap, this is a discussion you won’t want to miss.💬 Live Q&A included — bring your real-world identity challenges.

March 10, 2026Episode 543 min

2026 DORA Audits: What Regulators Will Expect with Ralf Menegatti

DORA is no longer theoretical. The EU’s Digital Operational Resilience Act (Regulation (EU) 2022/2554) is in force.Financial institutions and the organizations that support them must now demonstrate measurable digital operational resilience. Regulators will expect clear evidence of ICT risk management, incident response readiness, third-party oversight, and governance accountability.More importantly — what will regulators expect to see when they examine your identity and access governance controls?Identity is at the center of DORA compliance:Access governance and least privilegeControl over privileged accountsThird-party and vendor access oversightEvidence of monitoring, review, and remediationTo help you prepare for 2026 supervisory reviews, YouAttest welcomes leading EU regulatory expert Ralf Mennegatti, CEO of Luxembourg-based DAQS, for a focused discussion on what regulators will expect — and how to prepare now.We’ll cover:The current state of DORA enforcementWhat supervisors are reviewing in 2026How DORA impacts identity governance programsPractical steps to align your identity systems with regulatory expectationsThis will be a live session with actionable guidance and real-world insight.Bring your questions — Fragen gerne auf Deutsch!To learn more about how YouAttest helps organizations strengthen identity governance and audit readiness, contact us at info@youattest.com.

February 25, 2026Episode 41 hr 1 min

#AuditTuesday - AI Governance in 2026 w Reliath AI

AI adoption is accelerating — but governance, risk, and regulatory readiness are still lagging behind.As organizations move toward 2026, leaders must cut through the hype and understand what AI governance actually means, what regulations truly require, and how to operationalize governance across the enterprise.Join us live as we discuss: ✅ What AI governance really means in 2026 ✅ What regulations require vs. what frameworks recommend ✅ How organizations can prepare for AI risk, audits, and oversight ✅ How Reliath AI and YouAttest help address AI governance in practice🎙 Featuring:Herb Roitblat — Chief AI Officer & CTO, Reliath AIYves Binda — SVP, Solutions Architect, Reliath AIAsha Mehesh — Data & Technology StrategistGarret Grajek — CEO and Founder, YouAttest Jerry Sisson — Host and CRO of EdgeRealm.ai 💬 LIVE Q&A — ask your toughest questions on AI risk, governance, and compliance.If you’re responsible for AI strategy, risk management, compliance, or executive readiness, this session is built for you.

February 17, 2026Episode 334 min

Finding (and Auditing) Those Microsoft Share Files w/ Alan Sugano

Shared Microsoft files are everywhere — but do you actually know who has access, what’s still exposed, and which links never expire?Join us for a live discussion where we break down:✅ What Microsoft files are being shared across your enterprise✅ How to actually discover shared access in OneDrive, Teams, and SharePoint✅ Why expired (or never-expiring) links are a hidden risk✅ What identity + GRC teams should be doing right now to reduce exposure🎙 Featuring:Alan Sugano – Cyber Expert, ADS Consulting GroupIf you care about identity governance, audit readiness, and Microsoft security, this is a session you don’t want to miss.Contact us at YouAttest: https://youattest.com/contact or info@youattest.com

January 27, 2026Episode 257 min

#AuditTuesday - Executing SCuBA Compliance, featuring Jason Dunn-Potter (CW5-R) and Allgress

Join us for this #AuditTuesday LinkedIn Live as we break down CISA’s Secure Cloud Business Applications (SCuBA) framework and what it really takes to execute on SCuBA compliance in real-world environments.As organizations increasingly rely on Microsoft 365 and Google Workspace, securing identities and cloud configurations has become a top audit and risk priority. In this live session, we’ll cut through the noise and focus on what auditors, GRC professionals, security leaders, and MSPs need to know now.YouAttest’s Garret Grajek will be joined by Jason Dunn-Potter(CW5-R), ex-Whitehouse Chief Warrant Officer to join on this informative SCuBA webinar. Jeff Kushner, GRC expert at Allgress will provide input on how to start you SCuBA compliance- Why SCuBA matters for audits, risk assessments, and compliance programs- Key identity risks and misconfigurations auditors are seeing today- How SCuBA secure configuration baselines actually work- What SCuBA means for Microsoft 365 and Google Workspace security- How to approach a SCuBA risk assessment without overcomplicating itLive session. Questions were taken/answered by the audience.

January 14, 2026Episode 127 min

Auditing Microsoft Active Directory for Compliance & Zero Trust Security

Active Directory remains the backbone of enterprise identity — and one of the largest sources of audit findings, security gaps, and insider risk. Yet many organizations still rely on manual reviews, spreadsheets, and outdated processes to prove compliance.In this #AuditTuesday LinkedIn Live, we’ll break down why Active Directory auditing is more critical than ever — especially for SOX compliance, access governance, and Zero Trust identity security.You’ll learn:Why AD continues to be a top risk area for SOX, auditors, and security teamsHow manual access reviews fail — and where auditors focus firstHow YouAttest automates Active Directory audits with continuous evidence, AI-driven insights, and auditor-ready reportingHow automated user access reviews strengthen Zero Trust by enforcing least privilege and accountability