Resilient Cyber

Chris: So you're a proponent of a term called RegOps, can you explain what that is to us a bit and how it differs from traditional compliance?

Nikki: I'm interested in your background from Solutions Architect, to CTO, to Co-founding and running companies. Do you have any advice for other architects or IT and security practitioners for building up leadership skills and transitioning to business ownership? 

Chris: Do you think the evolution of Cloud and API enabled platforms is positioning us to innovate in compliance and potentially keep pace with DevSecOps?

 Nikki: What are some of the biggest reasons that organizations fail audits - do you feel like GRC/compliance and framework adoption is too challenging? Do you think that organizations are underwater with missing controls and where can they start? 

Chris: We know you're a big proponent of OSCAL and your organization RegScale has contributed to some of the OSCAL working groups. For those not familiar, can you explain what OSCAL is and the potential impact it can have on compliance?

Nikki: What do you see as some of the emerging trends around solving compliance issues - do you think we need a mix of tooling, processes, and orienting our practitioners/users to adapt? Or do we have too many different frameworks/guidelines that it can be difficult for us to keep up?

Chris: Looking at the future of compliance in say 3-5 years, how different do you think it will be and do you think this push towards automation, API's, codified artifacts and such will change compliance forever?