The Compliance Playbook to Cybersecurity

The Compliance Playbook to Cybersecurity

From GRC Academy by Jacob Hill

June 5, 2025 · 32 min · Season 2 · Episode 9

About this episode

In this episode, Jacob Hill interviews Tim Golden to explore the critical relationship between compliance and cybersecurity within the GRC framework.

"Compliance is the security referee - frameworks are the playbooks." In this episode, I’m joined by Tim Golden, Founder of Compliance Scorecard, to unpack the misunderstood, and mission-critical world of cyber GRC. Tim shares what he’s learned from decades of hands-on work - from implementing NIST frameworks before “GRC” was even a term, to helping teams understand why writing policies is just as important as patching vulnerabilities. Here are some highlights from the episode: What GRC actually means - and why governance is the most misunderstood part Why people who say "compliance isn't security" are missing the point How explaining the "why" of cybersecurity controls aids in acceptance Why data retention policies can protect you from major legal headaches And yes… a story about how Tim accidentally ransomwared himself 🙃 This is a must-listen for anyone navigating compliance, cybersecurity, or just trying to understand how it all fits together! I really enjoyed this conversation! What were your biggest takeaways? Let me know in the comments. Follow Tim on LinkedIn: https://www.linkedin.com/in/timothygolden/ Compliance Scorecard Website: https://compliancescorecard.com/…

People in this episode

Host: Jacob Hill

Guest: Tim Golden

Topics covered

  • cybersecurity
  • compliance
  • GRC
  • NIST frameworks
  • data retention policies

Keywords

  • cyber GRC
  • compliance
  • security
  • policies
  • vulnerabilities
  • NIST
  • data retention

Sponsors

Vanta

Mentioned in this episode

Organizations: Compliance Scorecard, Governance, Risk, and Compliance Academy

More episodes of GRC Academy

Explore listener stats, chart rankings, contacts and more on the GRC Academy podcast page.