GRC Isn’t a Checkbox: Dr. Mike Brass on AI Governance, Risk & the Three Lines of Defense S1E11 скачать в хорошем качестве

GRC Isn’t a Checkbox: Dr. Mike Brass on AI Governance, Risk & the Three Lines of Defense S1E11

Source: https://www.podbean.com/eau/pb-tcm8m-... GRC isn’t about checklists. It’s about structure, accountability, and human behavior. In this episode of The Cyber Mettle Podcast, Dr. Mike Brass — Head of Governance, Risk & Compliance and Enterprise Security Architecture at National Highways (UK) — joins Dr. Omar Sangurima and Alyson Laderman, Esq. for a deep dive into: • Why cybersecurity is fundamentally about human behavior • The evolution (and misuse) of “GRC engineering” • AI governance beyond the hype • The three lines of defense model and why it still matters • Why automation ≠ strategy• How apprenticeship models are reshaping cyber talent pipelines Dr. Brass brings a rare interdisciplinary lens — from archaeology and anthropology to global IT leadership — explaining why governance must be holistic, structured, and aligned to business outcomes. If your organization is being told AI can replace GRC… this conversation is for you. 🔎 What We Cover: Why GRC is a second-line-of-defense function — not a checkbox The difference between automation and governance Why AI controls must extend existing frameworks — not bypass them The role of Enterprise Security Architecture (ESA) Apprenticeships vs. “mythical unicorn” hiring CAF, ISO 42001, NIST AI RMF, CSA guidance Aligning security to business mission Why governance is about asking “why” — not just “how” 📘 Featured Book Governance, Risk and Compliance by Dr. Mike Brass Published by CRC Press (Taylor & Francis) ⚠️ Standard Podcast Disclaimer Though Dr. Brass and Dr. Sangurima are cybersecurity experts, and Alyson Laderman is an attorney, this podcast does not provide legal advice or specific cybersecurity consulting guidance. We share lived experience to help you think critically and make informed decisions. ⏱️ Chapters 00:00 – Omar’s “Fanboy” Moment & Intro 00:34 – Podcast Disclaimer 01:26 – Dr. Mike Brass Background (Archaeology → Cybersecurity) 03:46 – The Moment That Changed His View of Cybersecurity 07:12 – Human Behavior as the Core of Security 10:43 – Apprenticeships vs. Traditional Entry Paths 14:54 – UK Cyber Apprenticeship Model Explained 20:35 – Why Diversity of Thought Matters in Security 22:48 – What GRC Actually Does (Second Line of Defense) 28:47 – The “GRC Engineering” Debate 32:54 – AI Marketing vs. AI Reality 37:36 – AI Governance Frameworks (ISO 42001, NIST, CSA, ISACA) 44:40 – Aligning Controls to Business Outcomes 51:52 – AI, Supply Chain & Hidden Risk 56:59 – Enterprise Security Architecture’s Role 59:30 – Final Advice for Business Leaders 1:01:07 – Book Mention & Where to Find It 1:01:31 – Closing Thoughts   #CyberSecurity#GRC#AIGovernance#RiskManagement#InfoSec#ThreeLinesOfDefense#CyberLeadership#Governance#EnterpriseSecurity#CyberMettle 🔑 Keywords Dr Mike Brass interview, GRC explained, governance risk compliance podcast, AI governance framework, ISO 42001 overview, NIST AI RMF, CAF framework UK, three lines of defense cybersecurity, enterprise security architecture, cybersecurity apprenticeships UK, automation vs governance, AI risk management, cyber leadership strategy