Being a Lifeguard Instead of a Police Officer and Compliance Is NOT Security - David Hawthorne
In this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not.
We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.
We will discuss the role of the compliance audit and what frameworks like SOC2 were supposed to solve. We dive into the approach of supporting and empowering teams as a lifeguard as opposed to being a police officer yelling "no" all the time. By the end, David shares some practical advice for growing your team and staying safe as you scale.
Links mentioned in this episode:
http://davidhawthorne.com
https://github.com/shellninja