Podcast
Seiso Side-Up
Hosted by Seiso, LLC. · EN
Here we cut through the noise in cybersecurity.
This isn’t a show about perfect frameworks or polished slide decks. It’s a place for honest conversations about security strategy, governance, and risk as they actually exist inside real organizations - messy, evolving, and deeply tied to how the business runs.
Each episode explores what it really takes to build, operate, and sustain security programs that don’t get ignored, overcomplicated, or treated as a once-a-year exercise. We focus on clarity, ownership, and practical decision-making - especially for people early in their security careers or stepping into leadership for the first time.
Seiso works with mid-sized, regulated organizations that need cybersecurity to function day-to-day - not just during audits or incidents.
Our customers bring us in early, at the leadership level, because security decisions shape how the business grows, sells, and operates. We’re trusted as long-term operating partners, helping teams run, stabilize, and mature security programs over time.
That practitioner-driven, real-world experience is what shapes every conversation on Side-Up.
12episodes
Episodes
Newest firstAll episodes
Episode 20 - AI Chats w/ Zenable and OpenArc
3d ago00:43:33Tap to summarizeThe conversation covers the integration of AI in software development, the importance of feedback and verification in the development process, and the client perception of AI's impact on software development speed and quality. The conversation delves into the security risks posed by AI agents, citing an example of a security breach and discussing the importance of combatting these risks. It explores the implementation of preventative controls, observability, and data analysis, as well as the management of access and controls. Additionally, it touches on the future of AI in software development and the need for organizations to adopt AI policies to mitigate potential challenges.TakeawaysAI in Software DevelopmentFeedback and VerificationClient Perception of AI AI agents pose new security risksSecurity principles still apply to AI agentsChapters00:00 Client Perception of AI24:52 Security Risks of AI Agents30:34 Preventative Controls for AI Agents36:12 Managing Access and Controls43:35 Future of AI in Software Development
Transcribe →Episode 19 - Hacklore and Friends
Apr 2800:50:00Tap to summarizeThe conversation explores the concept of 'hack lore' and its impact on cybersecurity, focusing on the disconnect between perceived security and actual security. It delves into the myths and misconceptions surrounding security, the role of AI in creating new hack lore, and the need to address the mundane aspects of security. The discussion also highlights the importance of holding companies accountable for customer security outcomes and the challenges of AI in cybersecurity. The conversation delves into the challenges of implementing AI and security in modern workflows, highlighting the need for a secure-by-design approach and the importance of understanding customer security outcomes. It also emphasizes the role of leadership in taking ownership of security and risk.TakeawaysHack lore: The conversation sheds light on the concept of 'hack lore' and its impact on cybersecurity, emphasizing the need to retire bad advice and focus on the basics.AI and Hack Lore: The emergence of AI in cybersecurity introduces new challenges and misconceptions, leading to the creation of new hack lore around AI security advice and frameworks. Secure-by-design approach is crucial for AI and cloud systemsLeadership must take ownership of security and riskChapters00:00 AI and Hack Lore: The New Frontier25:26 Security as an Afterthought in AI Implementation31:11 Cultural Perspective on Applying Security Basics to AI39:31 Secure by Design in Real-world AI Environments45:25 Ownership of Risk and Accountability50:53 Implementing Secure by Design Principles
Transcribe →Episode 18 - vGRC Evolution Part II of II
Mar 3000:30:40Tap to summarizeThe conversation delves into the evolving role of GRC professionals, emphasizing the non-negotiable skills, challenges, and the shift from compliance operators to strategic partners. It also explores the influence of GRC on business decisions, burnout prevention, and the importance of continuous learning and risk-based decision-making.TakeawaysTechnical understanding and fluency are non-negotiable skills for modern GRC professionals.Risk management, continuous learning, and business context understanding are crucial for GRC professionals.Data analytics and risk visualization play a significant role in GRC responsibilities.GRC professionals are evolving from compliance operators to strategic partners, influencing business decisions earlier in the planning stage.Challenges for GRC teams include continuous learning, resistance from within GRC and the business, and burnout prevention.Leadership can better support evolving GRC roles by involving GRC professionals in strategic conversations early and building trust.Prioritizing cloud hosting, security, and AI technology skills is essential for GRC professionals.A risk-based approach and proactive decision-making are crucial mindset shifts for modern GRC teams.Chapters00:00 Skills for Modern GRC Professionals11:08 GRC as a Strategic Partner17:20 Challenges and Growing Pains22:37 Preventing Burnout
Transcribe →Episode 18 - vGRC Evolution Part I of II
Mar 400:26:40Tap to summarizeThe podcast episode explores the evolution of GRC roles, the impact of automation on GRC tasks, and the strategic shift in GRC expectations. It also delves into the measurement of the value of GRC beyond passing audits. The conversation highlights the expanding nature of GRC roles and the significant impact of automation on GRC tasks.TakeawaysGRC roles are expandingAutomation has significantly impacted GRC tasksChapters00:00 Evolution of GRC Roles05:31 Impact of Automation on GRC Tasks21:31 Measuring the Value of GRC
Transcribe →Episode 17 - New Year, Same AI Risks
Jan 1400:19:15Tap to summarizeAI is no longer experimental—it’s embedded in enterprise systems, security operations, and everyday business tools. In this episode of The Seiso Side-Up Podcast, host Lauren Shaffer joins Seiso COO Eric Lansbery and co-host Heidi Patrick to discuss why AI security, AI governance, and risk management are now critical priorities. The conversation covers the evolution of AI adoption and the real risks organizations face, including model poisoning, data leakage, hallucinations, and unmanaged GenAI use. Eric shares practical guidance on applying NIST AI Risk Management Framework, ISO/IEC standards, ethical AI, and GRC best practices to build secure, compliant, and resilient AI programs. This episode delivers key 2026 AI governance takeaways for security leaders, GRC professionals, and executives looking to manage AI risk, meet regulatory expectations, and strengthen enterprise trust.
Transcribe →Episode 16 - How to Become a Human Firewall
Dec 100:20:28Tap to summarizeIn this episode, Joe Wynn and Taylor Lee join Lauren to discuss How to Win Friends and Influence People and Crucial Conversations books. They discuss how to correctly communication phishing attacks, how to listen with empathy and how to lead by example. Listen to this episode to learn how to become a human firewall.
Transcribe →Episode 15 - Building Trust and Compliance: Guiding a Client to CMMC Level 2 Certification
Oct 2800:13:10Tap to summarizeIn this episode, we take you behind the scenes of how our team helped a client successfully achieve CMMC Level 2 certification. From assessing gaps and aligning controls to overcoming legacy system challenges and navigating the audit process, we break down each step of the journey. You’ll hear how collaboration, governance, and a clear security roadmap turned a complex compliance goal into a milestone achievement. Whether you’re preparing for your own certification or just curious about how CMMC impacts business resilience, this episode offers practical insights and lessons learned straight from the field.
Transcribe →Episode 14 - Tackling Business Growth with GCC and vGRC
Aug 300:27:02Tap to summarizeOn this episode, we have a special guest, Sourabh Moharil, Managing Director and Co-Founder of the Global Capability Center (GCC) company Agilite. Seiso CEO Joe Wynn joins our co-hosts, Lauren Shaffer and Eric Lansbery, to navigate the value behind establishing a GCC while integrating with a vGRC model to develop, maintain, and continuously improve compliance at that scale of business growth operations. Listen in on this very special episode and learn more about how GCC and vGRC can help to simplify security while upscaling your company strategically - for start-ups and well-established businesses alike.
Transcribe →Episode 13 - HIPAA Security Rule Updates
May 30, 202500:36:49Tap to summarizeIn this episode, we'll review the proposed updates to the HIPAA Security Rule and discuss the challenges that organizations encounter when becoming HIPAA compliant or maintaining HIPAA compliance through these changes. We also dive into the complexities and differences between HIPAA compliance in the cloud, versus on-prem, and how compliance automation can be a game changer in keeping up with these changes. #vGRC #HIPAA #cybersecurity #riskmanagement
Transcribe →Episode 12 - What is vGRC, really?
Apr 28, 202500:21:55Tap to summarizeListen in as we discuss the Seiso vGRC model with CEO Joe Wynn and COO Eric Lansbery. We'll cover topics from various angles of the Governance, Risk, and Compliance needs of Seiso customers, tell some real-life stories about how the vGRC model can benefit your organization, and even have a friendly debate about the efficacy of what we all come to know as vCISO, in the modern information security services industry.
Transcribe →