In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Emma Lawler and AJ Yawn from Rippling to explore the evolving world of Governance, Risk, and Compliance (GRC) and why modern organizations need to rethink how they approach SOC 2 audits, security evidence, and compliance operations.

Emma and AJ share insights into how companies can move away from manual, checkbox-driven compliance processes and toward engineering-driven security programs powered by automation, transparency, and first-party data. Rather than treating GRC as a once-a-year project, the conversation focuses on building systems that continuously improve security posture while reducing friction between companies, auditors, and operational teams.

The discussion dives into why automation should not be confused with reduced rigor, the importance of maintaining auditor independence, and how organizations can shift compliance “to the left” by embedding security into operational workflows instead of treating it as a final hurdle.

Valentina, Emma, and AJ also explore the cultural side of compliance, including why findings should be viewed as actionable signals for improvement rather than blame, and how organizations can design systems where compliance efforts compound over time instead of restarting from scratch every audit cycle.

Key topics covered:

• Why SOC 2 is more than a compliance checkbox
• Engineering compliance instead of documenting compliance
• The role of automation and first-party data in modern GRC
• Why auditor independence still matters
• Shifting security and compliance earlier into operational workflows
• Treating GRC as a continuous product instead of a yearly project
• Building scalable systems that reduce long-term audit fatigue
• Turning security findings into opportunities for improvement

Who should listen:
This episode is ideal for security leaders, compliance professionals, auditors, startup founders, IT teams, and anyone looking to build more sustainable and scalable security and compliance programs.

About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Red Sentry: https://redsentry.com/
🔗 Learn more about Rippling: https://www.rippling.com/

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Brianna Martinson, Director of Engineering at Tepia, to explore what it truly means to build secure, resilient systems around humans — not in spite of them.

Brianna shares how her background as a longtime developer shapes Tepia’s people-first engineering philosophy. Rather than treating software as isolated features, Tepia partners with clients to understand entire system flows, user behavior, and business constraints — especially when working with complex or legacy environments.

The conversation dives into why “user error” is often a design failure, how discovery and design should be just as rigorous as development, and why tiny usability decisions can make or break adoption and security outcomes. Brianna and Valentina also discuss holistic system thinking, DevOps principles, microservice architecture, and the emotional realities teams face when legacy tech becomes a liability.

The episode closes with a candid discussion on why leaning into discomfort — even when it risks short-term losses — leads to stronger trust, better systems, and more meaningful impact.

Key topics covered:

• Why human-centered design improves security outcomes
• The hidden risks of blaming users instead of systems
• Designing intuitive systems that people actually use
• Navigating legacy code, technical debt, and hard rebuild decisions
• Holistic engineering, DevOps, and microservice architecture
• Why doing things “the right way” builds long-term trust over short-term profit

Who should listen:
This episode is ideal for engineering leaders, security professionals, product teams, founders, and anyone building or securing complex systems where humans, technology, and business intersect.

About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Tepia: https://tepia.co/
🔗 Contact Red Sentry

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Timothy Shields, Partner at Kelley Kronenberg, to unpack what data privacy law really looks like when it meets real-world technology, security, and business constraints.

Timothy brings a rare perspective to privacy law, having started his career as a software developer and academic before becoming a tech and data privacy attorney. That technical background shapes how he advises companies today—moving away from unrealistic “zero-risk” thinking and toward practical, defensible decision-making.

The conversation explores where organizations most often misunderstand data privacy requirements, why documentation and intent matter as much as tools, and how companies can reduce legal exposure before something goes wrong. Valentina and Timothy also discuss breach response, AI-related legal risk, and why small companies are just as exposed as large enterprises.

Key topics covered in this data privacy episode:

• Why legal risk in tech is rarely “zero risk” — and why that mindset fails
• How a technical background changes the way privacy law is applied in practice
• Common privacy blind spots engineers and executives overlook
• The biggest legal mistakes companies make after a breach
• Why proactive security testing and planning matter more than perfection
• The critical role of documentation when regulators or courts get involved
• Why not doing what you said you would do creates more liability than getting breached
• Where AI liability is headed and what companies should be doing now
• Why “we’re too small to be a target” is one of the most dangerous privacy myths

Who should listen?

This episode is essential for founders, executives, legal teams, engineers, security leaders, and anyone responsible for handling customer data, building software, or managing cyber risk. If your company collects, processes, or stores data—or is experimenting with AI—this conversation offers practical guidance you can actually act on.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Kelly Kronenberg: https://www.kelleykronenberg.com/
🔗 Contact Red Sentry

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Madison Morrow, Director of Business Development at Blue Sages, and Farshad Esnaashari, a medical device full–lifecycle consultant, to break down one of the most urgent topics in the med-tech industry: cybersecurity requirements for FDA medical device submissions.

The conversation explores why the FDA is increasing its cybersecurity expectations, the most common mistakes manufacturers make, and how device makers can integrate security early in the product lifecycle. Madison explains how Blue Sages supports medical device companies through engineering best practices, software documentation, testing, and compliance, while Farshad brings over 30 years of experience in architectural security, risk management, and interpreting FDA cybersecurity guidance.

Key topics covered in this FDA cybersecurity episode:

• Why cybersecurity must start early in medical device design (not at the end)
• What the FDA now expects: SPDF, SBOM, traceability, threat modeling, and vulnerability management
• Why shallow SBOMs, missing traceability, and late pentesting delay submissions
• How penetration testing and offensive security strengthen FDA submissions
• Practical guidance for med-tech startups balancing speed, safety, and compliance
• How AI introduces new cybersecurity risks in medical devices and what the FDA expects for model updates, rollback plans, and integrity checks

Who needs this episode?

This discussion is essential for anyone involved in medical device development, regulatory submissions, FDA compliance, cyber risk, software validation, or connected device security. If you’re preparing a 510(k), De Novo, or PMA submission in 2025–2026, this episode gives you a clear roadmap of what to prioritize.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Connect with Blue Sages to explore their engineering and regulatory support for medical device companies: https://www.bluesages.com/

🔗 Contact Red Sentry: https://redsentry.com/contact

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Dr. Bennett Hammer, founder and president of Hammer IT, for a deep dive into one of today’s most common yet misunderstood risks: email security. They break down the evolving threat landscape, from the rise of phishing and ransomware to the ways AI is now being used by both attackers and defenders.

The conversation explores why email remains one of the most effective entry points for cybercriminals, how remote and hybrid work environments have expanded the attack surface, and the practical steps organizations can take to strengthen their defenses. Dr. Hammer highlights the importance of proactive measures, continuous user education, and building a culture where employees are empowered to question suspicious activity.

A handful of valuable takeaways:
• Phishing and ransomware continue to top the list of email-based threats
• AI is accelerating both offensive and defensive capabilities in cybersecurity
• Remote work has created new vulnerabilities in email workflows
• User training and awareness remain essential for preventing breaches
• Strong filtering, verification protocols, and layered defenses make a measurable difference

To explore more of Dr. Hammer’s work or try his free tools, visit hammeritconsulting.com, hammersecure.com, or HammerSpam, his spam email analyzer.

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered pentesting firm helping companies identify and fix vulnerabilities before attackers can exploit them.

Find more about Red Sentry.

In this episode of CTRL-ALT-SECURE, Valentina Flores discusses the importance of understanding neurodiversity in tech leadership with guests Andy and Fred from Irregular Training. They explore how neurodivergent individuals, including those with autism and ADHD, can bring unique strengths to the workplace, the challenges posed by standardized work environments, and practical steps organizations can take to support neurodiverse talent. The conversation emphasizes the need for flexibility, trust, and a shift in hiring practices to leverage the strengths of neurodivergent individuals for a more inclusive and productive workplace.

A handful of valuable takeaways:

• Neurodiversity is a key part of how teams actually function and succeed.
• Understanding different thinking styles can unlock creativity and performance.
• Standardized workplaces often miss what neurodivergent employees need to thrive.
• Traits like deep focus, pattern recognition, and problem-solving are real strengths.
• Flexible roles and trust-based cultures bring out the best in neurodivergent talent.
• The future of work will depend on embracing and designing for neurodiversity.

To learn more about Andy and Fred’s work on building inclusive, high-performing teams, visit their site Irregular Training.

CTRL-ALT-SECURE is brought to you by Red Sentry, a human-led, tech-powered pentesting firm helping companies identify and fix vulnerabilities before attackers can exploit them.

Find more about Red Sentry.

Ctrl-Alt-Secure Podcast: Breach Mode – How to Survive a Cyber Crisis
Host: Valentina Flores (Red Sentry CEO)
Special Guest: Casey Boggs (President, ReputationUs)

Are you a CISO or CIO preparing your organization for the reputational fallout of a cyberattack? In this episode, we dive deep into the critical, often-overlooked side of cybersecurity: reputation management. Join Valentina Flores and Casey Boggs as they discuss real-world strategies for crisis communication, incident response, and protecting your brand when the unthinkable happens.

Key Topics:

• Why reputation is as important as technical response
• Common mistakes companies make after a breach
• Building a proactive incident response and communication plan
• Industry-specific challenges (healthcare, finance, tech, and more)
• Authenticity and transparency in crisis communications

Chapters:
00:00 – Introduction & Guest Welcome
02:10 – Casey Boggs’ Background & ReputationUs
05:30 – The Real Impact of a Cyber Breach on Reputation
09:00 – Who’s to Blame? Internal & External Stakeholders
13:20 – Common Mistakes in Crisis Response
18:00 – Timing & Transparency: When to Communicate
22:45 – Building a Smart Incident Response Plan
28:10 – Legal, Insurance, and PR: Who’s on Your Team?
33:00 – Industry-Specific Considerations
37:15 – Success Stories & Lessons Learned
41:00 – Proactive Steps for CISOs & CIOs
45:00 – Final Takeaways & Resources

About Our Guest:
Casey Boggs is President of ReputationUs, a leading firm specializing in reputation management and crisis mitigation. With over 20 years of experience, Casey has helped organizations across industries navigate the aftermath of cyber incidents and protect their most valuable asset: trust.

Connect with Us:
🔗 Red Sentry
🔗 ReputationUs

Find more about Red Sentry.

Welcome to the Control-Alt-Secure podcast! In this episode, host Valentina Flores (CEO of Red Sentry) sits down with Richard Frederick, founder and CEO of Strategic All Source Intelligence, to uncover the hidden risks of your digital footprint.

We dive deep into:

What your digital footprint really is—and why it matters more than ever
How hackers and threat actors weaponize open source intelligence (OSINT) against individuals and organizations
The most overlooked ways companies expose themselves online
Real-world strategies for managing and reducing your attack surface
The role of pen testing, cloud security, and continuous monitoring in modern cyber defense
Actionable tips for building cyber resiliency and protecting your reputation

Whether you’re a business leader, IT professional, or just want to stay safe online, this episode is packed with insights you can use right away.

🔗 Connect with Richard Frederick for more on intelligence and risk advisory services. https://sasintel.com/

Don’t forget to like, subscribe, and hit the bell for more cybersecurity conversations!

Find more about Red Sentry.