September: Asking Compliance and InfoSec Experts Almost Anything

Elliot Volkman

by Elliot Volkman

September 28, 2022

At times, the world of cyber security or InfoSec can feel like a mystery. The most important conversations seem to happen behind closed doors, among close-knit communities, or occasionally in the bars around RSA and Black Hat. Compliance isn’t too dissimilar, except the differences are that you practically need to speak another language to understand the raw regulations, requirements, or privacy acts associated with it. At Drata, we embrace transparency and constantly strive to open more doors to those interested in learning about our industry. In fact, this is one of the primary goals behind the launch of Secured, the Drata community.

With this in mind, our team has developed a lineup of amazing experts in their field who have been kind enough to open their door to you and answer almost anything. Our first Ask Me Almost Anything (AMAA) kicked off with the beta launch of Secured, where Lemonade’s CISO was kind enough to be our first test subject guest.What exactly is an Ask Me Almost Anything (AMAA)? AMAAs give you the opportunity to ask experts nearly anything, within reason, and it’s as simple as that.

Jonathan Jaffe Answers Almost Anything

Meet Jonathan Jaffe, the CISO of Lemonade and a wonderful partner to Drata.

During the AMAA, Jonathan covered:

  • What his thoughts are on the latest InfoSec buzzwords, including a colorful explanation of Zero Trust in the form of a zombie invasion.

  • His perspective on shifting from a security practitioner to a security leader.

  • The role security plays at Lemonade.

  • Why he went into law and swung back to InfoSec.

And much more.

Kelli Wisuri Answers Your Questions About Security Reviews

If you’ve ever wondered what it takes to build a solution dedicated to resolving one of the more painful aspects of vendor security reviews, Kelli Wisuri has you covered. Kelli is the Head of Product at HyperComply. She is a product leader and engineer with 10 years of experience helping businesses work better.So far, the community has come up with some interesting questions such as:

  • As a threat intelligence analyst, what is the best way to support due diligence efforts?

  • What are the repercussions of providing an answer that the vendor doesn’t like?

  • Any advice for our small team as we don’t have an official security person—I’m IT and an engineer.

Care to join in? Signup for Secured and drop your question in the discussion thread.

Your Questions Answered About Security Awareness 

Every October is Cybersecurity Awareness Month, and we have the perfect person to help fill in the blanks for you: Curricula’s Founder, Nick Santora.

Check Secured in just over a week when we post Nick’s thread.

Trusted Newsletter
Resources for you
SOC 2 Points of Focus

Everything You Need to Know About the Revised Points of Focus for the SOC 2 Trust Services Criteria

List Shift Left Security

What is Shift Left Security and Why Should Businesses Incorporate It?

List 13 states with comprehensive privacy laws

These Are the 13 States With Comprehensive Consumer Privacy Protection Laws

Elliot Volkman
Elliot Volkman
Director of Brand, Content, and Community
Related Resources
GRC Maturity: Manual Risk Management Programs Fall Behind

GRC Maturity: Manual Risk Management Programs Fall Behind

DDRR Recap

A Recap of Drataverse Digital: Risk and Reward


Drata's New NIST AI RMF: A Game-Changer for AI Risk Management

ICYMI Drataverse Digital Thumb

ICYMI at Drataverse: Enhanced Access and Control