Podcast
All About Risk
Hosted by C1Risk · ENGLISH
Dive into the digital deep end with the c1risk podcast, your go-to stream for all things GRC and cybersecurity! Each episode, we unpack the complex world of Governance, Risk Management, and Compliance. Whether you're fortifying a finance fortress or safeguarding a startup, join us as we explore cutting-edge strategies and insider insights tailored for any industry. Tune in, turn up your cybersecurity savvy, and transform risks into rewards with your host Lily Yeoh.
15episodes
Episodes
Newest firstAll episodes
Episode 9: AI Is Rewriting Risk
Apr 1900:32:26Tap to summarizeChip Block joins Lily Yeoh and explains how AI is forcing organizations to rethink governance, security, and traditional control frameworks. From AI-generated software to data validation and trust, this episode explores why checklists and static controls are no longer enough for modern risk management.00:00 - Chip Block’s Background and Why Risk Is Changing03:12 - Why Cybersecurity Is a Business Problem, Not Just a Tech Problem06:18 - How AI Breaks Traditional Security Models10:05 - Why GRC Frameworks and Legacy Controls Need to Evolve14:22 - Data Ownership vs Data Validation in the AI Era18:40 - Shifting Risk Management Toward Business Outcomes22:05 - Securing Data Beyond Devices, Networks, and Perimeters27:10 - Why Many Security Controls No Longer Matter31:08 - AI and the Future of Software Vulnerabilities36:02 - The End of Traditional SDLC and Slower Release Cycles40:15 - What Cybersecurity Leaders Should Invest In Now44:05 - Why Trust May Replace Information Security as the Next Frontier
Transcribe →Episode 8: Defensible Evidence - Say What You Do. Then Prove It.
Feb 2500:34:58Tap to summarizeIn this episode of All About Risk, Lily Yeoh sits down with Shayne Adler, co-founder of Aetos Data Consulting, to talk about defensible evidence, the gap between policy and reality, and why perfect compliance is a myth.They unpack compliance debt, right-sizing controls, AI overpromises, data theater, and what it really means to say what you do and do what you say.To learn more about Shayne Adler and Aetos Data Consulting visit here00:00 – From Law to Chief Trust Officer07:11 – What Defensible Evidence Actually Means11:30 – Compliance Debt and the Policy Gap16:15 – Who Is Compliance For?17:43 – Right-Sizing Controls and Avoiding Overload24:19 – AI Hype, Data Theater, and Operational Discipline
Transcribe →Episode 7: The Real Risks of AI in Legal-Tech
Dec 2900:42:50Tap to summarizeAI is moving fast, but in legal-tech, accuracy and trust are non-negotiable. In this episode of All About Risk, Lily Yeoh speaks with Dean Sapp, CISO and DPO at Filevine, about what happens when AI is introduced into environments where bad data and false outputs carry real consequences.Dean breaks down why enterprise AI is different from consumer tools, the risks of hallucinations, deepfakes, and AI-driven phishing, and why strong guardrails around data, permissions, and retention matter. They also explore how CISOs are using AI to improve threat detection, automate controls, and translate technical risk into business impact leaders can act on.The result is a practical look at AI, security, and risk as an operational reality, not a trend.
Transcribe →Bonus Episode 6: Your First Role in GRC
Dec 1500:06:21Tap to summarizeIn this final episode of this three part bonus series, Lily Yeoh shares clear, practical insight on what it really takes to break into a career in GRC. She talks about where people often start, how different backgrounds can translate into the field, and what helps you stand out early on.She also touches on common missteps, the importance of staying curious, and what to focus on in your first months on the job.
Transcribe →Bonus Episode 5: How Do I Get Ready? School, Certs, and Skills
Dec 800:06:35Tap to summarizeLily Yeoh breaks down what you really need to enter GRC, from choosing between a degree or certifications to knowing which starter certs are worth your time. She explains how to get hands-on experience before your first role, the soft skills that actually help you stand out, and the one practical skill that’s shaped her own career. This episode gives you a clear, grounded starting point for building a future in GRC.1. GRCP — GRC ProfessionalOCEG-Great intro to governance, risk, compliance, ethics, and audit basics.2. CCEP — Certified Compliance & Ethics ProfessionalSCCE-Focuses on compliance, ethics, investigations, and corporate policy.3. ISO 31000 Risk Management CertificationVarious accredited bodies-Covers organizational risk frameworks and is accessible without technical depth.4. CompTIA SecurityCompTIA-Security fundamentals that support GRC roles tied to IT and cybersecurity.5. CGRC (formerly CAP)ISC2-Intro to governance, risk and security authorization. Good for early GRC careers.ADVANCED LEVEL CERTIFICATIONSThese require experience, deeper security knowledge, or exposure to audit, risk, or governance functions.6. CISSP — Certified Information Systems Security ProfessionalISC2-High-level security governance, risk, architecture, and leadership.7. CISA — Certified Information Systems AuditorISACA-The gold standard for audit, controls, and assessment work inside GRC teams.8. CRISC — Certified in Risk and Information Systems ControlISACA-Focused on IT risk, business risk, mitigation, and control design.9. CISM — Certified Information Security ManagerISACA-Security governance, program management, and risk management at scale.10. CGEIT — Certified in the Governance of Enterprise ITISACA-Enterprise-level IT governance, strategic alignment, and performance risk.
Transcribe →Bonus Episode 4: Careers in GRC - What a Career in GRC Looks Like
Dec 200:11:39Tap to summarizeIn this bonus episode (1 of 3), we zoom out and unpack what a career in GRC actually looks like. Lily Yeoh explains the field in simple terms, talks through the types of challenges GRC professionals help organizations navigate, and highlights the mix of backgrounds that thrive here. We touch on what early roles focus on, how government and commercial paths differ, and what someone should understand before jumping in. If you’re curious about GRC as a profession, this first of three episode gives you a clear, approachable starting point.1. GRCP — GRC ProfessionalOCEG-Great intro to governance, risk, compliance, ethics, and audit basics.2. CCEP — Certified Compliance & Ethics ProfessionalSCCE-Focuses on compliance, ethics, investigations, and corporate policy.3. ISO 31000 Risk Management CertificationVarious accredited bodies-Covers organizational risk frameworks and is accessible without technical depth.4. CompTIA SecurityCompTIA-Security fundamentals that support GRC roles tied to IT and cybersecurity.5. CGRC (formerly CAP)ISC2-Intro to governance, risk and security authorization. Good for early GRC careers.ADVANCED LEVEL CERTIFICATIONSThese require experience, deeper security knowledge, or exposure to audit, risk, or governance functions.6. CISSP — Certified Information Systems Security ProfessionalISC2-High-level security governance, risk, architecture, and leadership.7. CISA — Certified Information Systems AuditorISACA-The gold standard for audit, controls, and assessment work inside GRC teams.8. CRISC — Certified in Risk and Information Systems ControlISACA-Focused on IT risk, business risk, mitigation, and control design.9. CISM — Certified Information Security ManagerISACA-Security governance, program management, and risk management at scale.10. CGEIT — Certified in the Governance of Enterprise ITISACA-Enterprise-level IT governance, strategic alignment, and performance risk.
Transcribe →Episode 6: Making Cyber Human. Why Risk Starts with People, Not Technology
Oct 3100:47:34Tap to summarizeDr. David Mussington, former member of the White House National Security Council and Professor at the University of Maryland, joins Lily Yeoh on All About Risk to challenge how we think about cybersecurity. He argues that the biggest threat isn’t just in the network, it’s in how we communicate, govern, and make decisions. From national policy to AI’s growing role in cyber defense, this episode explores what real resilience looks like when people, not just systems, are at the center of security.
Transcribe →Bonus Episode 3: Understanding GRC - Choosing the Right GRC Tools
Sep 2200:14:54Tap to summarizeIn this final installment of our bonus series Understanding GRC, we explore the practical side of adopting GRC tools. From the limits of spreadsheets to the advantages of integrated platforms, this episode highlights what to look for in a solution, how ROI is measured, and why phasing in processes with a “crawl, walk, run” approach sets organizations up for long-term success.
Transcribe →Bonus Episode 2: Understanding GRC - Where to Start
Sep 1200:10:18Tap to summarizeIn our second bonus episode, we dig into the first steps of building a GRC program with our expert Lily Yeoh. We cover why it starts with people, process, and technology, and the importance of documenting what you’re protecting. You’ll hear how to make policies meaningful instead of just templates, when to bring in expert guidance, and how to get leadership buy-in. We also touch on the real risks of skipping GRC, from regulatory fines to reputation loss.
Transcribe →Bonus Episode 1: Understanding GRC
Sep 300:15:48Tap to summarizeBonus Episodes: Understanding GRC is a special bonus series designed for anyone who’s new to governance, risk, and compliance. Each episode breaks down core concepts into simple, practical insights, helping you understand not just what GRC is, but why it matters and how it impacts everyday business decisions. Whether you’re starting your career, leading a small team, or just curious about the field, this series will give you a solid foundation to build on.In our first bonus episode, we kick things off with the fundamentals: What does GRC really stand for, and how do governance, risk, and compliance actually work together? We’ll also look at why GRC is a framework every business can benefit from.
Transcribe →