Risk Grustlers / Episode #14
Doing the little things right
featuring Drew Danner, Managing Director, BD Emerson
In this episode, Drew Danner, Managing Director at BD Emerson, offers a new take on the old security vs. compliance debate—they’re one and the same. With ten years in the army and a no-nonsense approach to cybersecurity, he’s been in the trenches (literally and figuratively) and is a go-to professional for all things security. So grab a coffee and a notepad, because this conversation is packed with insights you won’t want to miss. Tune in now!
“Security is the operation of achieving compliance.”
“Consistency, that’s what it’s all about. Doing the little things right, every single time.”
“The easiest security controls can have the biggest impact if you just do them right.”
“You don’t need a certificate to do the right thing. Start with the basics.”
Description
In this episode, Drew Danner uncomplicates GRC and stresses the importance of “keeping it stupid and simple.” Drawing from his experiences in both the army and cybersecurity, he shares easy and practical tips for building a sustainable security program.
Drew emphasizes the importance of doing the “little things” in GRC. He highlights how small, consistent actions—like reviewing contracts and integrating compliance into daily operations—can drive meaningful change and prevent last-minute crises.
Tune in to hear his insights on bridging the gap between compliance and security, navigating intimidating frameworks, and how early attention to security can help companies win customer trust and build stronger businesses.
Highlights from the episode
- Pro tips for companies that are getting started with compliance
- Overcoming intimidation with new frameworks like ISO 27001
- The simplicity of building effective security controls
- The evolving nature of security audits in the age of AI
