
The Compliance Playbook to Cybersecurity
From GRC Academy by Jacob Hill
June 5, 2025 · 32 min · Season 2 · Episode 9
About this episode
In this episode, Jacob Hill interviews Tim Golden to explore the critical relationship between compliance and cybersecurity within the GRC framework.
"Compliance is the security referee - frameworks are the playbooks." In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC. Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities. Here are some highlights from the episode: What GRC actually means - and why governance is the most misunderstood part Why people who say "compliance isn't security" are missing the point How explaining the "why" of cybersecurity controls aids in acceptance Why data retention policies can protect you from major legal headaches And yes… a story about how Tim accidentally ransomwared himself 🙃 This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together! I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments. Follow Tim on LinkedIn: https://www.linkedin.com/in/timothygolden/ Compliance Scorecard Website: https://compliancescorecard.com/…
People in this episode
Host: Jacob Hill
Guest: Tim Golden
Topics covered
- cybersecurity
- compliance
- GRC
- NIST frameworks
- data retention policies
Keywords
- cyber GRC
- compliance
- security
- policies
- vulnerabilities
- NIST
- data retention
Sponsors
Vanta
Mentioned in this episode
Organizations: Compliance Scorecard, Governance, Risk, and Compliance Academy
More episodes of GRC Academy
- Deltek's Journey to FedRAMP Moderate Equivalency · November 18, 2025 · 36 min
- What's Next for GRC Academy and Jacob Hill · September 4, 2025 · 4 min
- The Business Case for CMMC - Surviving DOGE · June 19, 2025 · 53 min
- How HITRUST Fixes What’s Broken in Cybersecurity Compliance · May 27, 2025 · 56 min
- CUI Masterclass with Ryan Bonner · May 9, 2025 · 51 min
- Small Business Achieves CMMC Level 2 Certification: Reynolds Construction's DIY Success Story · April 24, 2025 · 36 min
Explore listener stats, chart rankings, contacts and more on the GRC Academy podcast page.