Seiso Side-Up

Episode 19 - Hacklore and Friends

Seiso, LLC. — Tue, 28 Apr 2026 13:00:00 GMT

The conversation explores the concept of 'hack lore' and its impact on cybersecurity, focusing on the disconnect between perceived security and actual security. It delves into the myths and misconceptions surrounding security, the role of AI in creating new hack lore, and the need to address the mundane aspects of security. The discussion also highlights the importance of holding companies accountable for customer security outcomes and the challenges of AI in cybersecurity. The conversation delves into the challenges of implementing AI and security in modern workflows, highlighting the need for a secure-by-design approach and the importance of understanding customer security outcomes. It also emphasizes the role of leadership in taking ownership of security and risk.

Takeaways

Hack lore: The conversation sheds light on the concept of 'hack lore' and its impact on cybersecurity, emphasizing the need to retire bad advice and focus on the basics.
AI and Hack Lore: The emergence of AI in cybersecurity introduces new challenges and misconceptions, leading to the creation of new hack lore around AI security advice and frameworks. Secure-by-design approach is crucial for AI and cloud systems
Leadership must take ownership of security and risk

Chapters

00:00 AI and Hack Lore: The New Frontier
25:26 Security as an Afterthought in AI Implementation
31:11 Cultural Perspective on Applying Security Basics to AI
39:31 Secure by Design in Real-world AI Environments
45:25 Ownership of Risk and Accountability
50:53 Implementing Secure by Design Principles

Episode 18 - vGRC Evolution Part II of II

Seiso, LLC. — Mon, 30 Mar 2026 19:49:19 GMT

The conversation delves into the evolving role of GRC professionals, emphasizing the non-negotiable skills, challenges, and the shift from compliance operators to strategic partners. It also explores the influence of GRC on business decisions, burnout prevention, and the importance of continuous learning and risk-based decision-making.

Takeaways

Technical understanding and fluency are non-negotiable skills for modern GRC professionals.
Risk management, continuous learning, and business context understanding are crucial for GRC professionals.
Data analytics and risk visualization play a significant role in GRC responsibilities.
GRC professionals are evolving from compliance operators to strategic partners, influencing business decisions earlier in the planning stage.
Challenges for GRC teams include continuous learning, resistance from within GRC and the business, and burnout prevention.
Leadership can better support evolving GRC roles by involving GRC professionals in strategic conversations early and building trust.
Prioritizing cloud hosting, security, and AI technology skills is essential for GRC professionals.
A risk-based approach and proactive decision-making are crucial mindset shifts for modern GRC teams.

Chapters

00:00 Skills for Modern GRC Professionals
11:08 GRC as a Strategic Partner
17:20 Challenges and Growing Pains
22:37 Preventing Burnout

Episode 18 - vGRC Evolution Part I of II

Seiso, LLC. — Wed, 04 Mar 2026 19:45:00 GMT

The podcast episode explores the evolution of GRC roles, the impact of automation on GRC tasks, and the strategic shift in GRC expectations. It also delves into the measurement of the value of GRC beyond passing audits. The conversation highlights the expanding nature of GRC roles and the significant impact of automation on GRC tasks.

Takeaways

GRC roles are expanding
Automation has significantly impacted GRC tasks

Chapters

00:00 Evolution of GRC Roles
05:31 Impact of Automation on GRC Tasks
21:31 Measuring the Value of GRC

Episode 15 - Building Trust and Compliance: Guiding a Client to CMMC Level 2 Certification

Seiso, LLC. — Tue, 28 Oct 2025 12:45:25 GMT

In this episode, we take you behind the scenes of how our team helped a client successfully achieve CMMC Level 2 certification. From assessing gaps and aligning controls to overcoming legacy system challenges and navigating the audit process, we break down each step of the journey. You’ll hear how collaboration, governance, and a clear security roadmap turned a complex compliance goal into a milestone achievement. Whether you’re preparing for your own certification or just curious about how CMMC impacts business resilience, this episode offers practical insights and lessons learned straight from the field.

2024 Seiso Side-Up Podcast Recap

Seiso, LLC. — Tue, 14 Jan 2025 17:48:50 GMT

In this episode, we kick off season 2 of the podcast with a recap of a few episodes from 2024.

Episode 8 - Intrinsic Motivation and Work-Life Harmony

Seiso, LLC. — Wed, 18 Dec 2024 21:54:13 GMT

In this episode, we invited special guest Ken Presutti, an Agile coach and sports endurance coach, to discuss the value behind intrinsic motivation and how it can tie both personal and professional goals together.

It's that time of year where organizations and individuals seek to establish their annual objectives and goals to meet the needs of the business, and in our industry, look to the year ahead to improve their cybersecurity strategy. We'll also discuss ways that Seiso enables a better work-life harmony for our workforce, and ways you can align your personal values with your professional milestones and initiatives.

Episode 16 - How to Become a Human Firewall

Seiso, LLC. — Mon, 01 Dec 2025 22:00:57 GMT

In this episode, Joe Wynn and Taylor Lee join Lauren to discuss How to Win Friends and Influence People and Crucial Conversations books. They discuss how to correctly communication phishing attacks, how to listen with empathy and how to lead by example. Listen to this episode to learn how to become a human firewall.

Episode 4 - GRC Evolution

Seiso, LLC. — Thu, 01 Aug 2024 13:29:00 GMT

Listen in as Seiso GRC Engineers discuss the evolution of the practice through a commonly known set of informations security and risk scenarios that focus on security best practices, resiliency, and the overarching guardrails to keep everything operating in harmony.

Episode 10 - Getting Started in Cyber and Continuous Education

Seiso, LLC. — Fri, 28 Feb 2025 16:29:27 GMT

During this episode, we're joined by Seiso engineers and consultants to discuss their individual paths to breaking into the cybersecurity industry and how they lay out their ongoing knowledge growth. We also discuss our recommendations for new and upcoming cybersecurity engineers in developing their skills. Finally, we round out the episode with a conversation on the ins and outs of being master of one or jack of all trades (or somewhere in between).

Episode 3 - Meet the Seiso CMMC Experts

Seiso, LLC. — Thu, 06 Jun 2024 18:55:40 GMT

Senior GRC Engineer Heidi Patrick and Security Consultant Justin Fearon talk all things CMMC. In this episode, we discuss the gotcha's when approaching CMMC compliance and how Seiso facilitates a process to reach CMMC readiness with creativity, allowing our customers to achieve their cybersecurity goals and eventually move towards the assessment process against CMMC requirements.

Episode 13 - HIPAA Security Rule Updates

Seiso, LLC. — Fri, 30 May 2025 15:59:00 GMT

In this episode, we'll review the proposed updates to the HIPAA Security Rule and discuss the challenges that organizations encounter when becoming HIPAA compliant or maintaining HIPAA compliance through these changes.

We also dive into the complexities and differences between HIPAA compliance in the cloud, versus on-prem, and how compliance automation can be a game changer in keeping up with these changes.

#vGRC #HIPAA #cybersecurity #riskmanagement

Episode 7 - Ethics in Cybersecurity

Seiso, LLC. — Wed, 20 Nov 2024 14:12:43 GMT

In this episode, GRC Engineer Justin Fearon and CEO Joe Wynn discuss the importance of ethics and integrity in cybersecurity. Join us on the Seiso Side Up Podcast as Justin and Joe deep-dive into the intent behind the book The Code of Honor - Embracing Ethics in Cybersecurity, written by Paul J Maurer and Ed Skoudis. You can purchase your copy of the book here: https://www.amazon.com/Code-Honor-Embracing-Ethics-Cybersecurity/dp/1394275862

Look for more information on this topic, as presented by Simon Simek, in this video: https://youtu.be/zP9jpxitfb4?si=9Cvr0ZYTlFepaln3

Episode 2 - Meet the Seiso Founders

Seiso, LLC. — Thu, 06 Jun 2024 18:56:15 GMT

Joe Wynn (CEO) and Jon Zeolla (CTO) tell us about how and why they started https://seisollc.com and even more about where Seiso is headed through continuous innovation, constant learning, and bringing creative, frictionless information security / risk management practices to the Seiso customers.

Tune in to hear all about Seiso origin stories and some special segments that give you the insight into what makes Seiso a great business partner.

Episode 12 - What is vGRC, really?

Seiso, LLC. — Mon, 28 Apr 2025 23:11:40 GMT

Listen in as we discuss the Seiso vGRC model with CEO Joe Wynn and COO Eric Lansbery. We'll cover topics from various angles of the Governance, Risk, and Compliance needs of Seiso customers, tell some real-life stories about how the vGRC model can benefit your organization, and even have a friendly debate about the efficacy of what we all come to know as vCISO, in the modern information security services industry.

Episode 0 - Meet the Hosts

Seiso, LLC. — Wed, 15 May 2024 17:19:11 GMT

In this episode, our Seiso Side-Up co-hosts talk about what this podcast is all about, segments that we'll showcase, and a little background on our co-hosts themselves.

Episode 6 - PCI Compliance and Pentesting

Seiso, LLC. — Tue, 01 Oct 2024 10:35:00 GMT

On this episode of the Seiso Side Up podcast, we welcome two guests - Jake Mayhew and Justin Leapline. Jake has decades of experience performing and teaching the ins and outs of penetration testing, at times performing tests for companies that handle cardholder data, and Justin is a subject matter expert in the world of PCI (Payment Card Industry) security & compliance. Join us as we dive into the gotchas of becoming PCI compliant and how to best approach penetration testing as part of the PCI compliance journey.

Episode 17 - New Year, Same AI Risks

Seiso, LLC. — Wed, 14 Jan 2026 13:27:26 GMT

AI is no longer experimental—it’s embedded in enterprise systems, security operations, and everyday business tools. In this episode of The Seiso Side-Up Podcast, host Lauren Shaffer joins Seiso COO Eric Lansbery and co-host Heidi Patrick to discuss why AI security, AI governance, and risk management are now critical priorities. The conversation covers the evolution of AI adoption and the real risks organizations face, including model poisoning, data leakage, hallucinations, and unmanaged GenAI use. Eric shares practical guidance on applying NIST AI Risk Management Framework, ISO/IEC standards, ethical AI, and GRC best practices to build secure, compliant, and resilient AI programs. This episode delivers key 2026 AI governance takeaways for security leaders, GRC professionals, and executives looking to manage AI risk, meet regulatory expectations, and strengthen enterprise trust.

Episode 5 - easy_infra

Seiso, LLC. — Fri, 30 Aug 2024 15:05:00 GMT

On this episode, CTO Jon Zeolla and Sr. Security Engineer Keith Holland discuss the inner-workings of the Seiso open source project, easy_infra.

easy_infra is a docker container that simplifies and secures Infrastructure as Code deployments by running security scans prior to running IaC tools. It supports three main use cases:

Experimentation by supporting interactive use and secure troubleshooting.
Continuous Integration as a part of Pull/Merge Request validation.
Continuous Deployment as an automated deployment tool.

https://github.com/SeisoLLC/easy_infra

Episode 14 - Tackling Business Growth with GCC and vGRC

Seiso, LLC. — Sun, 03 Aug 2025 13:57:05 GMT

On this episode, we have a special guest, Sourabh Moharil, Managing Director and Co-Founder of the Global Capability Center (GCC) company Agilite. Seiso CEO Joe Wynn joins our co-hosts, Lauren Shaffer and Eric Lansbery, to navigate the value behind establishing a GCC while integrating with a vGRC model to develop, maintain, and continuously improve compliance at that scale of business growth operations.

Listen in on this very special episode and learn more about how GCC and vGRC can help to simplify security while upscaling your company strategically - for start-ups and well-established businesses alike.

Episode 1 - The Original Rebel Scrum Team

Seiso, LLC. — Thu, 06 Jun 2024 18:56:05 GMT

Senior Security Engineer Keith Holland and Lead Security Engineer Sean Cavanaugh talk about the intricacies and challenges facing application security practitioners in today's modern cloud-based software development world. The Original Rebel Scrum team was formed as Seiso adopted the Agile methodology to project management, lead by co-host Lauren Shaffer. Throughout their time at Seiso, both Sean and Keith have helped grow the DevSecOps, Web Application Pentesting, and Product Security practices.

Episode 11 - AI Advancement & Security Concerns

Seiso, LLC. — Mon, 24 Mar 2025 18:03:11 GMT

Listen in as our podcast host, Lauren Shaffer, our special guest Travis Buckinham, along with Seiso Co-Founder Jon Zeolla discuss the advancements in AI and the security concerns related to AI in healthcare, finance, and other industries.

What is the industry doing to address these concerns?

What can the world expect from AI in healthcare now, and in the near future?

How helpful is AI when introduced into the supply-chain?

Referenced article: https://www.techspot.com/news/106289-medical-misinformation-ai-training-data-poses-significant-risks.html