<![CDATA[We Make Sure]]>Governance, Risk,Welcome to the WeMakeSure Podcast — where cybersecurity, governance, risk, and compliance meet real-world leadership.

This channel is built for executives, founders, IT leaders, compliance professionals, and security practitioners who want to understand how cybersecurity and risk management actually drive business success — not just pass audits.

Each episode breaks down complex topics like Cybersecurity, HIPAA, ISO 27001, SOC 2, vendor risk, leadership, and security culture into practical conversations you can apply immediately inside your organization.

On this channel you’ll find:

🎙 Video podcast episodes with security and compliance leaders
🛡 Cybersecurity insights explained in plain English
📊 Risk and compliance strategies for growing companies
🏥 Healthcare security & HIPAA guidance
🏢 Leadership lessons for CISOs, founders, and executives
Real-world stories from audits, breaches, and security programs

Whether you're leading a startup, managing IT, running compliance, or sitting in the C-suite, the goal is simple:

Help organizations build trust, reduce risk, and create a culture of security.

Because security isn’t just about controls and checklists.

It’s about making sure the things that matter most are protected.

🔔 Subscribe for weekly conversations on cybersecurity, governance, risk, compliance, and leadership. and Compliance

]]>http://www.wemakesure.comRiverside.fm (https://riverside.com)Thu, 28 May 2026 11:31:20 GMTMon, 09 Mar 2026 14:26:15 GMT60David Pahlman and Robert Parker<p>Governance, Risk,Welcome to the <b>WeMakeSure Podcast</b> — where cybersecurity, governance, risk, and compliance meet real-world leadership.</p><p>This channel is built for <b>executives, founders, IT leaders, compliance professionals, and security practitioners</b> who want to understand how <b>cybersecurity and risk management actually drive business success</b> — not just pass audits.</p><p>Each episode breaks down complex topics like <b>Cybersecurity, HIPAA, ISO 27001, SOC 2, vendor risk, leadership, and security culture</b> into practical conversations you can apply immediately inside your organization.</p><p>On this channel you’ll find:</p><p>🎙 <b>Video podcast episodes</b> with security and compliance leaders<br />🛡 <b>Cybersecurity insights</b> explained in plain English<br />📊 <b>Risk and compliance strategies</b> for growing companies<br />🏥 <b>Healthcare security &amp; HIPAA guidance</b><br />🏢 <b>Leadership lessons for CISOs, founders, and executives</b><br />⚡ <b>Real-world stories from audits, breaches, and security programs</b></p><p>Whether you're leading a startup, managing IT, running compliance, or sitting in the <b>C-suite</b>, the goal is simple:</p><p><b>Help organizations build trust, reduce risk, and create a culture of security.</b></p><p>Because security isn’t just about controls and checklists.</p><p><b>It’s about making sure the things that matter most are protected.</b></p><p>🔔 <b>Subscribe for weekly conversations on cybersecurity, governance, risk, compliance, and leadership.</b> and Compliance</p>episodicDavid Pahlman and Robert Parkerpahlman.david@gmail.comno<![CDATA[David Pahlman - Starting the First Risk Assessment]]>The episode provides a practical guide to conducting a risk assessment, emphasizing simplicity and practicality. It outlines five key steps: defining scope, identifying risks, assessing likelihood and impact, planning response, and documenting the assessment.

Takeaways

  • Simplicity in risk assessment
  • Regular review of risk assessment

Chapters

  • 00:00 The Truth About Risk Assessment
]]>32a2049e-a0a9-4629-9b36-398b8aadf3f1Tue, 07 Apr 2026 16:47:47 GMT<p>The episode provides a practical guide to conducting a risk assessment, emphasizing simplicity and practicality. It outlines five key steps: defining scope, identifying risks, assessing likelihood and impact, planning response, and documenting the assessment.</p><p></p><p>Takeaways</p><ul><li>Simplicity in risk assessment</li><li>Regular review of risk assessment</li></ul><p></p><p>Chapters</p><ul><li>00:00 The Truth About Risk Assessment</li></ul>no00:04:35David Pahlman - Starting the First Risk Assessmentfull<![CDATA[David Pahlman - Agentic A.I. Governance]]>Agentic AI is a compliance problem that most businesses aren't ready for. It requires governance, human checkpoints, audit logging, and updated AI policies to address the liability and accountability issues. Businesses need to define the scope and permissions, build human checkpoints, require audit logging, and update AI policies to address the challenges of agentic AI.

Takeaways

  • Agentic AI requires governance
  • Human checkpoints are essential for agentic AI
  • Audit logging is necessary for every action of an AI agent
  • Updated AI policies are crucial for addressing the challenges of agentic AI

Chapters

  • 00:00 Introduction to Agentic AI
]]>f5571728-59fe-4db0-ac82-d99dea827d5cMon, 06 Apr 2026 13:01:18 GMT<p>Agentic AI is a compliance problem that most businesses aren't ready for. It requires governance, human checkpoints, audit logging, and updated AI policies to address the liability and accountability issues. Businesses need to define the scope and permissions, build human checkpoints, require audit logging, and update AI policies to address the challenges of agentic AI.</p><p></p><p>Takeaways</p><ul><li>Agentic AI requires governance</li><li>Human checkpoints are essential for agentic AI</li><li>Audit logging is necessary for every action of an AI agent</li><li>Updated AI policies are crucial for addressing the challenges of agentic AI</li></ul><p></p><p>Chapters</p><ul><li>00:00 Introduction to Agentic AI</li></ul>no00:03:42David Pahlman - Agentic A.I. Governancefull<![CDATA[David Pahlman - Compliance As Code]]>Compliance as Code vs Real Compliance | HIPAA, ISO 27001, and NIST 800-53 Explained

Everyone is talking about Compliance as Code—automating controls, enforcing policies in CI/CD, and letting tools monitor security posture in real time. But can automation really handle the full scope of compliance frameworks like HIPAA, ISO 27001, and NIST 800-53?

In this episode of the We Make Sure Podcast, David Pahlman breaks down where Compliance as Code works incredibly well—and where it falls short.

You’ll learn why automation can enforce technical controls, but frameworks like HIPAA and ISO demand something deeper: governance, leadership involvement, risk-based decisions, and documented intent.

If you're a CISO, security leader, compliance professional, or executive, this episode will help you understand how to balance automation with real-world compliance strategy.

In this episode we discuss:
• What Compliance as Code actually is
• Where automation strengthens security programs
• Why HIPAA compliance is mostly administrative
• Why ISO 27001 requires intentional governance
• The limits of automation in NIST 800-53
• The difference between proving a control exists and proving why it exists

Compliance as Code is powerful—but real compliance still requires people, judgment, and leadership.

Subscribe for more conversations on:
Cybersecurity • Governance • Risk Management • Compliance • Leadership

About the We Make Sure Podcast

The We Make Sure Podcast explores the intersection of cybersecurity, governance, risk management, and leadership. Each episode breaks down complex security and compliance topics into practical insights that executives and security professionals can actually use.

If you work in security, compliance, healthcare technology, or executive leadership, this channel is built for you.

#CyberSecurity #Compliance #ISO27001 #HIPAA #NIST #GRC #DevSecOps #InformationSecurity #WeMakeSure

]]>290c11b7-23b8-47fe-b3a7-c8934b83b35aTue, 10 Mar 2026 15:23:30 GMT<p>Compliance as Code vs Real Compliance | HIPAA, ISO 27001, and NIST 800-53 Explained<br /><br />Everyone is talking about Compliance as Code—automating controls, enforcing policies in CI/CD, and letting tools monitor security posture in real time. But can automation really handle the full scope of compliance frameworks like HIPAA, ISO 27001, and NIST 800-53?<br /><br />In this episode of the We Make Sure Podcast, David Pahlman breaks down where Compliance as Code works incredibly well—and where it falls short.<br /><br />You’ll learn why automation can enforce technical controls, but frameworks like HIPAA and ISO demand something deeper: governance, leadership involvement, risk-based decisions, and documented intent.<br /><br />If you're a CISO, security leader, compliance professional, or executive, this episode will help you understand how to balance automation with real-world compliance strategy.<br /><br />In this episode we discuss:<br />• What Compliance as Code actually is<br />• Where automation strengthens security programs<br />• Why HIPAA compliance is mostly administrative<br />• Why ISO 27001 requires intentional governance<br />• The limits of automation in NIST 800-53<br />• The difference between proving a control exists and proving why it exists<br /><br />Compliance as Code is powerful—but real compliance still requires people, judgment, and leadership.<br /><br />Subscribe for more conversations on:<br />Cybersecurity • Governance • Risk Management • Compliance • Leadership<br /><br />About the We Make Sure Podcast<br /><br />The We Make Sure Podcast explores the intersection of cybersecurity, governance, risk management, and leadership. Each episode breaks down complex security and compliance topics into practical insights that executives and security professionals can actually use.<br /><br />If you work in security, compliance, healthcare technology, or executive leadership, this channel is built for you.<br /><br />#CyberSecurity #Compliance #ISO27001 #HIPAA #NIST #GRC #DevSecOps #InformationSecurity #WeMakeSure</p>no00:10:4911David Pahlman - Compliance As Codefull