Show Summary
In this episode of the Secure Access Podcast, host John Dillard chats with Jason Mordeno, the Director of Compliance and Security at Sign In Solutions, about the intricacies of SOC 2 and ISO compliance standards. John introduces his background in security and compliance and the mission of Sign In Solutions as a visitor management platform. Jason shares his unconventional journey from 3D animation to compliance and discusses his passion for creating robust security frameworks. The conversation covers key aspects of SOC 2 and ISO, including differences, overlaps, and the practical challenges companies face while implementing these frameworks. Jason emphasizes the importance of a security mindset, effective communication, and foundational security principles in managing compliance across diverse and complex organizations. He also provides insights into current trends in compliance, the role of tools, and the importance of being proactive with incident response. This episode serves as a comprehensive guide for anyone looking to understand and navigate the complexities of SOC 2 and ISO compliance.
Key takeaways
Importance of security frameworks: Discussion on SOC 2 compliance and ISO standards, and their relevance to businesses.
Expert insights: Jason Mordeno shares his journey from 3D animation to compliance, emphasizing the importance of a security mindset.
Compliance frameworks overview: Detailed explanation of SOC 2 and ISO, their differences, similarities, and implementation strategies.
Challenges in compliance: Importance of human factors and effective communication in maintaining robust security frameworks.
Role of tools: Tools assist in compliance but are not a silver bullet; manual processes and human ingenuity are crucial.
Global organizational considerations: Strategies for managing compliance in diverse and large-scale enterprises.
Common compliance mistakes: Miscommunication and presumption are major pitfalls in compliance execution.
Trends in compliance: Importance of staying proactive and preparing for emerging threats and regulatory changes.
Final advice: Maintain a security mindset, believe in yourself, and focus on foundational pillars to navigate compliance challenges.
Quotes
"Security mindset is thinking, how would we do this? What if we're the attacker?"
"The challenge is not going to be money. The challenge is not your process. The challenge is not the business itself. The challenge is always going to be the people."
"The first tool is yourself, right? Because without it, nothing runs."
"Communication is the most offside answer I can give, but communication."
"Never think you're secure. You must assume you'll be breached at any point."
"Believe in yourself. If you're a security person, compliance person...keep yourself grounded because you are the foundation of the security mindset in the company."
This episode is brought to you by Sign In Solutions. If you found today’s conversation insightful, be sure to subscribe, leave a review, and share it with your network. For more on transforming compliance, security, and workplace experiences, visit www.signinsolutions.com.
