When Compliance Replaces Security

Failed to add items

Sorry, we are unable to add the item because your shopping basket is already at capacity.

Add to cart failed.

Please try again later

Add to wishlist failed.

Please try again later

Remove from wishlist failed.

Please try again later

Follow podcast failed

Unfollow podcast failed

When Compliance Replaces Security

Listen for free

View show details

A SaaS company buys enterprise ChatGPT for 800 staff and strangely only uses 30 seats. A corporate signs annual risk exemptions for five years until the exception list itself is mistaken for a working security process. Same root cause, two symptoms.

Compliance is not security. Security culture is company culture. If your employees do not trust their managers, no policy you write will save you.

Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on why security policy depends on trust, why a signed risk acceptance is a legal act, and what a leadership cadence on security communication actually looks like.

Timestamps

00:00:00 Introduction
00:02:20 When risk exceptions become culture
00:07:50 Turning a five-year exemption list around
00:09:07 Working with auditors instead of around them
00:13:14 The trust gap: enterprise tools and personal accounts
00:19:27 Security culture is company culture
00:22:21 Wrap and what is next

Key Topics Covered

Why employee trust in management determines whether any security policy lands
How sanctioned enterprise tools, AI included, quietly fail when context and trust are missing
The legal weight of a signed risk acceptance, and why most managers treat it as paperwork
What a working leadership cadence on security communication actually looks like

Related ON2IT Content & Referenced Resources

Aplite GmbH: https://aplite.de
Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1w
Previous Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dY
Threat Talks: https://threat-talks.com/
ON2IT (Zero Trust as a Service): https://on2it.net/
AMS-IX: https://www.ams-ix.net/ams

Subscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

No reviews yet