September: Asking Compliance and InfoSec Experts Almost Anything

Elliot Volkman

by Elliot Volkman

September 28, 2022

At times, the world of cyber security or InfoSec can feel like a mystery. The most important conversations seem to happen behind closed doors, among close-knit communities, or occasionally in the bars around RSA and Black Hat. Compliance isn’t too dissimilar, except the differences are that you practically need to speak another language to understand the raw regulations, requirements, or privacy acts associated with it. At Drata, we embrace transparency and constantly strive to open more doors to those interested in learning about our industry. In fact, this is one of the primary goals behind the launch of Secured, the Drata community.

With this in mind, our team has developed a lineup of amazing experts in their field who have been kind enough to open their door to you and answer almost anything. Our first Ask Me Almost Anything (AMAA) kicked off with the beta launch of Secured, where Lemonade’s CISO was kind enough to be our first test subject guest.What exactly is an Ask Me Almost Anything (AMAA)? AMAAs give you the opportunity to ask experts nearly anything, within reason, and it’s as simple as that.

Jonathan Jaffe Answers Almost Anything

Meet Jonathan Jaffe, the CISO of Lemonade and a wonderful partner to Drata.

During the AMAA, Jonathan covered:

  • What his thoughts are on the latest InfoSec buzzwords, including a colorful explanation of Zero Trust in the form of a zombie invasion.

  • His perspective on shifting from a security practitioner to a security leader.

  • The role security plays at Lemonade.

  • Why he went into law and swung back to InfoSec.

And much more.

Kelli Wisuri Answers Your Questions About Security Reviews

If you’ve ever wondered what it takes to build a solution dedicated to resolving one of the more painful aspects of vendor security reviews, Kelli Wisuri has you covered. Kelli is the Head of Product at HyperComply. She is a product leader and engineer with 10 years of experience helping businesses work better.So far, the community has come up with some interesting questions such as:

  • As a threat intelligence analyst, what is the best way to support due diligence efforts?

  • What are the repercussions of providing an answer that the vendor doesn’t like?

  • Any advice for our small team as we don’t have an official security person—I’m IT and an engineer.

Care to join in? Signup for Secured and drop your question in the discussion thread.

Your Questions Answered About Security Awareness 

Every October is Cybersecurity Awareness Month, and we have the perfect person to help fill in the blanks for you: Curricula’s Founder, Nick Santora.

Check Secured in just over a week when we post Nick’s thread.

The Drata Newsletter

Trusted is Drata’s newsletter focused on the world of compliance, security, data privacy, and everything in between.


The Drata Community

Screen Shot 2022-07-13 at 9.45 1
Resources for you
G2 Reports Social LinkedIn 1200x627@3x

Drata Named a Cloud Compliance Leader in G2 Spring 2023 Reports

Media - Drata's Continued Support of Auditor Alliance

Drata’s Declaration of Continued Audit Independence

4 States Cybersecurity Laws

4 States Passed Nearly Half of All New Cybersecurity Laws Enacted Across the US in 2022

Elliot Volkman
Elliot Volkman
Director of Brand, Content, and Community