Compliance Unfiltered With Adam Goslin

In this crucial episode, of Compliance Unfiltered, the CU Guys cover some of the alarming tactics of online predators targeting children on platforms like Roblox and Discord. Discover how these predators build trust, impersonate kids, and manipulate them into dangerous situations. Learn about the hidden dangers in popular gaming spaces, the impact of recent exposés, and practical steps for parents to protect their children. This episode is essential listening for anyone concerned about children's safety in the digital world. Arm yourself with the truth and join the fight to protect the next generation.

Struggling with compliance chaos? Join the CU Guys as they uncover how adaptive solutions can transform your compliance process. In this episode, Adam shares insights from his decade of experience, revealing how to streamline compliance with dynamic mapping and adaptable tools like the TCT Portal. Learn to cut time, reduce risks, and save money by customizing workflows and eliminating redundant efforts. Perfect for compliance teams and leaders eager to see real cost savings and efficiency. Tune in to revolutionize your compliance strategy today!Episode Transcript:We're gonna chat today, Adam, about, well, about using our imagination. As a matter of fact, let's imagine using an adaptive compliance tool. Tell the folks about it. Sure. This is a topic that's, it's just, it's applicable for folks that are struggling with compliance, ones that are already familiar with the landscape, et cetera. It's a inventive and special kind of torture that people go through when you're trying to fit your compliance program into some type of a rigid structure or setup. At some point in the game, the light bulbs start going on, or maybe not, that you're spending more time screwing around with manual workarounds, bridging gaps between what you'd like to do and what you're actually doing, et cetera.And there's a lot of tooling out there and there's compliance platforms. They were built in a kind of a best case scenario mindset, initially up against a single standard, and then they started shoehorning in other ones, type of a deal. Somebody that was originally when they started doing things, this is the way they did it. So they built a whole platform around that, and now everybody that uses it is kind of stuck with it, type of a deal. So for folks that are juggling different certs or have some complexity to their engagement, they've got different divisions across the globe, et cetera, then that's where you start moving away from that kind of best case scenario type of a deal. And so it's part of the fun, the adventure that we've been on is we've seen how frustrating it can be to manage a compliance, a compliance engagement that has complexity because we've been through it ourselves.We've experienced as a organization that's gone through compliance. We've assisted and helped innumerable organizations with managing their compliance. We've worked alongside assessors and auditors. I personally spent close to two years doing level one QA work for a large international QSA firm. So it's been a rewarding adventure to navigate the waters of seeing what was out there and then being able to serve folks that are in this space. And it's also important for folks. One of the biggest things that I like to tell people is a lot of people will kind of get into this mode. They do whatever they do to be able to manage their compliance. And they get it to a point where it's almost like, I'm capable of getting this done. And so they go, oh, that's cool. We're just going to go and stick with that. So they get into this point of where it works, AKA they accomplished the objective.But my big recommendation is for those folks, especially if I look at it from the perspective of those in leadership as an example, I love to use this talking point a fair amount because I remember as a frontline person responsible for compliance for the organization, my boss would just swoop by my desk type of a deal. And hey, it's compliance season again. Good luck. Make sure that we have all our crap done by blah, blah, blah, blah, blah. And then he would flip off type of a deal. And between the good luck and where's my fucking report, There was a whole bunch of blood, sweat, tears, pain, stress, you know, but a lot of that happened.

On this episode of Compliance Unfiltered, The CU Guys dive into the often-overlooked world of service accounts. They explore the critical role these accounts play in organizational environments, ensuring seamless communication and authentication across systems. Adam shares best practices for setting up service accounts, including the importance of descriptive naming and secure password management. The episode also features cautionary tales from the trenches, highlighting common pitfalls and the importance of proper documentation and controlled testing. Tune in to learn how to enhance your organization's compliance and security posture by giving service accounts the attention they deserve.Episode Transcript:Well, today, Adam, we're going to talk about something a little different, specifically something we haven't chatted much about before. And that is service accounts. Why don't you give the listeners a high level overview of service accounts and what they're typically used for?Sure. So in an organizational environment, the systems will use accounts for communication, for authentication to the network, for interaction between web servers and database servers or file servers and basically look at it as the accounts that the infrastructure or software within the environment is leveraging to be able to effectively communicate with other systems and other infrastructure and all that fun stuff. So service accounts is kind of a, it's similar to your login when you come in in the morning and you log into the network, you put in your username and password and everything and then you can get to your email and get onto the network, et cetera.Similar type of notion, but it's an account that's just used by the systems within the environment. So it basically, those accounts kind of keep things ticking, communicating, moving, all of that fun stuff within an organization's environment.Sure. Now, what are some of the things that listeners should take into account when setting these accounts up?Well, you know, and this comes from, you know, from a year or three of, you know, kind of dealing with, you know, dealing with different organizations and, you know, and whatnot. Best practices as well, but, you know, just things have tripped across, etc.But, you know, as an example, you know, typically with a user's account, you would, you know, the different organizations have different methodologies, right? First name, dot last name, or first initial and last name, you know, type of a thing. And similarly, get into the habit of using descriptive names for your service accounts. So you actually know what these accounts are doing. With most accounts, there's an additional field that will be providing, like, a description of what this account's being used for. So you don't need to get too wordy with the naming of the account, but you put detailed descriptions in, you know, against those accounts so that it's really clear, you know. You got to remember, you know, a lot of times these accounts, a lot of times these accounts are set up and then people aren't, you know, aren't doing anything with them for extended periods of time. It may be years down the road and somebody's come back in and going, well, what the heck is, you know, XGK42C user account doing? No clue. So it helps if you name them appropriately, et cetera, because what I've seen in some environments, like, well, what's this being used for? Oh, let's shut it off. Yeah. So sometimes it doesn't end up well. You know, for those accounts, setting up long, complicated passwords, these are machine-based accounts. They don't give a hoot about entering in a 50-character password, you know, scrambled, you know, scrambled barf.

On this milestone 200th episode of "Compliance Unfiltered," The CU Guys delve into the evolving landscape of cybersecurity, focusing on how AI is being leveraged by both defenders and attackers. They explore the dual nature of AI, highlighting its potential to enhance security measures while also lowering the barriers for cybercriminals. From AI-generated malware to sophisticated social engineering tactics, this episode provides a comprehensive look at the current arms race in cybersecurity. Join Todd and Adam as they discuss the implications of these advancements and the importance of staying vigilant in an ever-changing digital world.Episode Transcript:Honestly, we have to go do some digging and some research, but I'm not sure how many compliance-related pods have 200 episodes. So I think it's fair to say we're in a relatively elite group, if you will, but no, it's been fun doing what we do. It's fun to be able to bring data, information, topics, and discussions to folks in the compliance space. Hopefully, they've enjoyed the ride as much as we have, but hey, we'll keep cracking. You and I were talking a little bit ago, we'll do something a little more spectacular for episodes like 250 or something, as we get to that point. It's been fun, been a good ride, but I'd also echo the notion, for the folks that are listening, do us a favor, honestly, what do you want to hear about? Did you hear about something cool, some new topic in the security or compliance space that you want to know more about, something that, in your retrospective, you think that we haven't quite covered in its entirety, something else that we could hit? Follow me, give us the ideas. We love receiving the feedback and the input, always looking for neat new stuff to chat about, so pretty cool. Absolutely. Well, today we're going to chat about, you know, a hot topic, I would say, and that's specifically how hackers are using AI in 2026.So there is a lot of talk of AI being used for good, but at a high level, how is AI helping the bad actors out of it? Well, I mean, with any technology, as it goes from its infancy and starts to blossom, if you will, it has the capability for being used to help those which are protecting organizations or that are outsourcing security-related functions to companies, things along those lines. And so, for the good guys, there are certainly added benefits to the notion of AI, but most certainly, there's no question that the bad actors out there, they similarly, it's almost like getting into an arms race, where they're able to use that same technology for evil.And taking advantage of capabilities for increased speed, automation, more advanced attacks, things along those lines. So, we'll get into a number of those topics today, but now it's being used on both sides of the fence, and it very much feels like an arms race unfolding, as we speak, if you will. No, no, most definitely. Now, for many cybersecurity professionals, the best offense is a great defense. But how is AI lowering barriers to entry for the bad guys? Well, you know, for the bad guys, you know, they're developing, you know, they're developing tools. It used to be that, you know, you have that or whatever. Let's say we go back 10 years, right? You know, you had to have a certain level of capability, level of skill, things along those lines that, you know, that would be, you know, that would be happening.

On this insightful episode of Compliance Unfiltered, join the CU Guys as they delve into the essentials of security training and compliance for Q1 2026. Discover the importance of regular security reminders, the role of incident response plans, and how to keep your organization vigilant against evolving threats. With practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their security posture and compliance strategies. Tune in to stay ahead in the ever-changing landscape of cybersecurity.Episode Transcript:So, you know, when it comes to training for, you know, for personnel, for security best practices, you know, there's a there's a number of things that just kind of leap out to folks, right. You've got your security awareness training at higher, you've got annual security awareness, a refresher training, etc. So, you know, in the event that your organization isn't already doing those things, then by all means contact TCT, we can get you in the right direction.But, you know, these are like the bare minimum, you know, type of a thing, but there's various compliance requirements are going to mean, you know, there's, you know, various other things, you know, that that should be done surrounding your, you know, security awareness and training program, not the least of which is security reminders, which is part of the reason why we do this kind of quarterly pod. You know, we've got organizations that will leverage both the, you know, the TCT pod and the TCT blog to use to supplement their security reminder, your kind of stance for their organization. So that's part of the reason why we why we pleased to aim, if you will. Um, but that said, if you can do reminders, you know, more often than quarterly, great, you know, but, uh, you know, you want, you want the personnel maintaining vigilance, you know, all the way throughout the year, et cetera.But, you know, the, you know, for, for different organizations, they're going to have different types of directed training, um, that need to cover, you know, need, need to cover and or should cover additional, uh, facets that the organization wants to consider. So as an example, and one of the, one of the areas that, you know, oftentimes, uh, that organizations will kind of overlook is the fact that anybody on their team is a target. You know, I mean, everybody's got a LinkedIn, they, you know, say that they're working for the company, you know, et cetera. But because of that, the public association between the personnel and the organization itself, that means everybody, uh, you know, is, is effectively a target, not only, uh, in their day by day work, you know, arena, but also in their personal lives as well. Um, so, you know, everybody in the organization should not only be kind of paying attention to security and compliance related stuff, uh, when it can certainly, when it comes to work related elements, but, you know, just keep in mind that you could be, uh, you could be the subject of a, of kind of an indirect attack at trying to get to the organization.So keep that in mind. Um, you know, every organization should have incident response, uh, an incident response plan, um, and, uh, you know, some type of a requirement for doing associated testing, uh, testing training, et cetera, you know, each year with your personnel, with certain vendors, et cetera. And so as part of that training, um, it is recommended to, um, to do a tabletop exercise, uh, to run through various scenarios, et cetera. Um, but one of the big problems is, is that many organizations they'll, they take on this notion that, oh, if I declared an incident, then it's some type of a sign of failure, uh, you know, type of a thing. And so, you know, they don't declare low level incidents. They don't want to, um, you know, they don't exercise their program, you know, throughout, throughout the year.

Join the CU Guys on this special New Year edition of Compliance Unfiltered. As they reflect on the past year and look forward to 2026, the guys discuss the evolution of compliance standards, the role of artificial intelligence in streamlining client engagements, and the importance of client feedback in shaping the future of TCT. Tune in for insights on how TCT plans to enhance its platform to better serve the diverse needs of its clients in the compliance space.Episode Transcript:Today we're going to talk about a happy new year. How about that? We're going to talk about the year that was, the year that is, and the year that will be at TCT and in the compliance space in general. So Adam, before we get started, I wanted to remind the folks, now the beginning of the year is the perfect time of year for you to reach out to us, let us know your thoughts, your suggestions, funny jokes, maybe a great recipe, always interested to hear what you have to say to us at Compliance Unfiltered.Well, happy new year to you, sir. Talk to us a little bit more about what the year is like for you. Yeah, and one thing to add on to what you were just saying there a minute ago, because I similarly would echo the sentiment. We'd love to hear from the listeners and, you know, certainly if there are topics that you're struggling with, if there's a topic that you struggled with that you think somebody else may be in the same situation, like us to cover, et cetera, go ahead and throw the, throw the ideas. We'd love to, love to hear the input, love to hear the feedback.But, man, we're, we're heading into the, heading into the end of a good old 2025. And, well, we got, you know, we got holidays a foot. We've got all sorts of traveling happening. We've got college football all over the place. It's a, it's a good time of year and also a good time to kind of reflect on, you know, reflect on 25, look ahead at 26. So, you know, I don't know, as I, as I, you know, kind of take, take stock of, of 2025, you know, it's just a, in general, it's a time of year where, you know, remain appreciative of the, you know, of the, the, the folks that surround us, you know, whether they be family or family or friends, and certainly in TCT's case, the, you know, the, the awesome client base that we've got, you know, their, their involvement, their, their, their business, unbelievably appreciative of, of everybody, you know, that, that we've got, you know, it's been, yeah, it's been a really, it's been a really fun, really fun year.Lots of stuff going on on, you know, and all that fun stuff. I mean, you know, you look back and, and you just look at, you know, how many new friends that we've, you know, that we've kind of made throughout the, you know, throughout the year, it's been, it's been a, it's been a wild ride. So it's, it's always fun, fun doing that. Part of the, the, the part that I really like about, you know, kind of about how we do what we do and this arena is, you know, is that input, is that feedback that we get from the, you know, from the customers, especially the new ones that, you know, that come on, getting their input on, you know, things they'd like to see within the system and features and functions, et cetera.Um, God, when we, when we started this, it started with like, I don't know, we had, I had 200 or something, uh, different ideas for things that I wanted to, you know, go kind of go do with the system, but when we launched it, it very quickly morphed because, you know, we did encourage the, the, you know, everybody to participate, right? And so when we launched this thing back in 2015, um, it was actually technically, I don't know if anybody knew this, but it was, it was technically ready to ready for prime time in 2014. And it's kind of apropos because we're at the end of the year, right? Well, back in 2014, we were ready to roll in, I think it was around the October, mid to late October timeframe, early November.

On this festive edition of Compliance Unfiltered the CU Guys delve into the challenges and joys of the compliance season. With a focus on gratitude and reflection, they discuss the importance of operational mode in easing compliance burdens and share insights on how TCT is making compliance management more manageable. Tune in for a heartfelt conversation filled with appreciation for clients and colleagues, and a sneak peek into TCT's future innovations. Don't miss this engaging episode that promises to make your compliance journey a little brighter. #ComplianceUnfiltered #TCT #ComplianceManagementEpisode Transcript:Well, Adam, this time of year, I like to spend my time being thankful. Thankful for a lot of things. Thankful for my kids. Thanks for my dog. Thanks for my family and job and all the things. What are you thankful for this year, sir? Oh, well, um, you know, just, it's been, uh, it's been a, uh, been a good year. We'll, we'll be, we'll be doing like, uh, officially a new year's, uh, a new year's edition, you know, type of thing for the official reflection on the year and all that fun stuff, so stay tuned. But, um, no, it's just, uh, you know, you get to this point in the year and, uh, you know, every, it's, it's funny, you know, um, you know, some, you know, I'm, thankful, I'm thankful we're at this point, we're about to, you know, go embark on, uh, you know, whatever, in about 10 days or so of, uh, primarily, uh, food and family and all of that fun stuff. But no, it's, uh, it's a, it's a fun time of year.You know, it, it makes me, it makes me think about some of the poor souls that are like, especially in the compliance space, right? You've got, there's a lot of organizations. I think, I think it was born from, you know, a lot of organizations, the, the compliance endeavors started by somebody originating out of like the, the CFO, you know, the, the accounting arena, and they're so used to having their, their engage, you know, their, their stuff go on a, you know, an annual cycle, you know, most companies are, are going January, December, right? And so there's a lot of people that, uh, that have their compliance engagements that go from January 1st to December 31st. So, you know, while a lot of people are heading off in, into the, uh, into the holiday sunset, if you will, you know, there's definitely some people in this compliance space. They're, they're kind of gearing up, right? They're mentally preparing themselves for, uh, for all of the fit that's about to hit the Shan. They got an extra cup of eggnog over there. Uh, yeah, with hopefully a couple of additives in it to help them navigate the waters. But I mean, it's for a lot of folks in the, in the, in the compliance arena, this time of year is, is, uh, it's kind of stressful, uh, extra stressful, right?You're not, you're not just worrying about trying to navigate holidays and all that fun stuff, but you're, you're also, you know, staring down, uh, staring down a big hole in, uh, engagement and, and all of that fun stuff. So that definitely makes it, uh, make, makes it a little bit more exciting for some of the, some of the poor souls in the, in the, in the compliance management arena. That totally tracks. Now, what type of messages of peace and goodwill do you have for those compliance teams out there right now in the stick of it? Well, you know, we started this wild extravaganza for a reason, right? We were trying desperately to, you know, to help folks navigate their compliance engagements in a more peaceful manner, if you will. And a good part of that just comes down to, you know, the one thing I'd say to the folks in the compliance arena that, you know, they're, you know, about to enter the kind of fray, if you will, for their, for the annual engagement. I always try to, you know, find ways to make, make things better.

On this episode of "Compliance Unfiltered," The CU Guys dive into the intricacies of compliance management programs. They explore various implementation approaches, from manual spreadsheets to sophisticated systems, and discuss the importance of organizations owning their data. Adam shares insights on the potential pitfalls of relying solely on assessor systems and emphasizes the efficiencies gained by leveraging internal systems. Check out this episode to discover how to streamline your compliance processes and make your organization's compliance journey more efficient and effective.Episode Transcript:Well, I mean, in some cases, they're using their own compliance management solutions. And in other cases, there's many that just opt for the good old-fashioned spreadsheet and using some type of a completely manual approach with network drops or share points as a typical inclusion, et cetera.You know, some people are kind of cobbling together their own series of internal tools and manual processes that they've kind of put together, depending on who's running the program over the years and whatnot. Well, you know, you've got other organizations that, you know, they'll simply just use their assessor-provided systems with the notion that, well, we need to get all the stuff in there anyway, so we'll just use their system, you know, type of a thing. So it's kind of a mixed bag would be a good way to go about putting it. Sounds that way now you like to say that an organization that an organization needs to own their own data What do you mean by that? And why is it important? Well, you know, you've got these folks that, you know, that do use their assessor systems, right? And the downside of that is that, you know, it's on the organization to make their own program efficient, effective, work for them, you know, things along those lines.And, you know, the reality is that, you know, depending on various circumstances, things change over time, you know, you may have, you may have, you know, there was a particular firm that you were leveraging and a particular person at that firm that you used, and they moved on, they retired, they got promoted, you know, I've seen it all. They got bought out, they went out of business, you know, things along those lines, maybe the relationship with whoever is your currently assigned point person this year isn't as good as they were in years gone by. It could be the same person they've just changed. It could be that you've had some type of personnel shift, you know, things along those lines. You know, one of the things that we'll see a fair amount is, you know, organizations that are basically getting bought out, right, and organizations getting scooped up and folded into another gigantic barhemoth, you know, type of thing. And so the relationship you used to have and the pricing you used to have isn't the same as it used to be. So, you know, the reality is that things change, you know, all over the board. And so, you know, when you've got these modifications to, you know, to the players that are involved in your compliance program, you know, overall, then, you know, if your systems, quote, unquote, if your, quote, unquote, systems were dependent on, you know, this other third party and now something's happened with said third party, well, now what are you left with? You know, you're not left with anything. So, you know, it's part of the reason why, you know, I say that, you know, the organization subject to compliance at the end of the day, you know, it's on them to, you know, have the repository for their own information, for their own data, so they, you know, got it in a way that works for them. That's the most important, you know, element for, you know, for these companies. They need to be able to kind of depend on having their own way of doing things and then, you know, figuring out a way to interface with, you know, with the various third parties that they've got to go and interact with.

The CU Guys dive into the heightened risks hotels face during the holiday season. They discuss the importance of maintaining cybersecurity vigilance amidst increased traffic and seasonal hiring. The conversation covers best practices for background checks, training, and physical security, emphasizing the need for diligence to prevent data breaches. Tune in to learn how to protect your organization during the busiest time of the year.Episode Transcript:Now, you know, one thing I wanted to talk about is our listeners, and we'd love to hear from them. And what I mean by that is we'd love to know, if you're listening to this, we'd love to know your feedback and input on topics that you'd like to hear about or folks that you'd think we'd enjoy having on the show, and we'd love it if you would send those inquiries to complianceunfiltered@total compliancetracking.com. Yeah, I mean, honestly, even if they've got, hey, I heard this like really, really, really funky story or whatever, you know, and anything, anything, anything that folks want to hear about, they'd be, it'd be great to kind of hear what their interests are and, and we'll be happy to, we'll be happy to oblige. No doubt. Now, speaking of the holiday season, Adam, we're going to jump right in because the holiday season is putting hotels at risk.Tell us more, Adam. Why does this time of year heighten the risk for hotels? I mean, we're right in the, you know, in the thick of the holiday season, you know, between Thanksgiving and Christmas and New Year and all that fun stuff. So, you know, we've got, it's an interesting time when, you know, there's a lot of hotels that are, you know, that have a lot more traffic than they would normally. And, you know, staff are, you know, running all over the place trying to make sure they're taking care of guest needs, you know, etc.But, you know, keep in mind that that means it's also peak season for, you know, cyber attackers and bad actors to be able to take advantage, you know, of it. I mean, they, you know, they know that now is the best time to, you know, gain access to the sensitive data because everybody's, you know, run around, distracted and all that fun stuff. So, you know, it's not if you're going to suffer an attack. It's really about more about when and how. So, you know, you don't want, as an operator of one of these types of establishments, you definitely don't want to fall victim to it and find out in the wrong way that you were subject to some type of an attack. So, it's better to be safe than sorry. That's a good shout. Now, as you're dealing with kind of an influx of new folks in an organization, right? So like seasonal hiring, how does seasonal hiring impact background checks? Well, I mean, the biggest thing is, is that, um, is for the organizations don't, don't cut corners, you know, if you've got to bring in some additional staff or, you know, for seasonal hiring, et cetera, that there's, there's certainly the possibility. Um, although I, um, you know, we'll call you, it'd be pretty ballsy to pretty ballsy to go give this one a whirl, but, you know, if you're not going to have any idea, if you don't run your background checks, so, um, could be bad actors come, you know, that are, that are coming through, uh, you know, with the seasonal hiring push, um, you know, it, uh, it may very well be, it's someone that just has a, uh, a pass that doesn't line up with the rules, regulation guidelines for your organization, but you're not going to have any idea if you're not running the, running the background checks.Um, even though you have to fill up staffing needs quickly, you know, et cetera, you know, it's not, you don't want to do it at the cost of possibly running into an issue, you know, make sure that you're maintaining your due diligence, forming thorough background checks on everybody that, you know, is going to, uh, is going to run into the hiring line.

The CU Guys dive into the critical topic of central logging sanity checks. They explore the common pitfalls organizations face when they set up central logging systems and then leave them on autopilot. Adam emphasizes the importance of regular sanity checks to ensure that logging systems are functioning as expected and highlights the risks of assuming everything is working perfectly. The discussion also covers the need for compliance professionals to validate assumptions, spot-check logs, and ensure that alerts are being properly handled. Tune in to learn how to maintain a robust compliance program that truly supports organizational security.Episode Transcript:Today, we're going to talk about, you know, another central theme here, not just a central member to a band, but central logging, specifically central logging sanity checks. So a lot of companies that have mature compliance programs set up their central logging and then kind of put it on autopilot. What are the downsides there, Adam? Well, I mean, I've been for a long time, a huge fan of trust, but verify. And, you know, when the, when the companies go in and, and kind of set up their, their central logging, you know, they, they really do just kind of, okay, we're done, you know, we're done, we've, we've established all the things, you know, we've done all the checks and we've set up the system and we have all the right processes and, you know, we, the, the reviews are happening and alerts are flying and, you know, so then they just, you know, move into this mode where they just literally let her roll and, you know, and then don't tend to go back to it, you know, for, you know, for a recheck or a sanity check or, or whatnot. They just go into the guiding assumption that everything's good because it's up and it's, nothing's gone boom and, you know, blah, blah, blah.So, you know, the, the, the most important part for, for these organizations is that they, they go back in and, you know, double check, you know, is, is what I think happening, is it actually happening? You know, but, you know, they got, they got to go back in and, and just do a sanity check on, you know, on things. So, you know, that's kind of the, the, the driving force here with the, with this particular topic. Sure. Now with that in mind, what are some of the concerns that compliance professionals should be focusing on?Well, I mean, first and foremost, you know, is everything that I think is logging actually logging, you know, is it are things that I set up to, to, you know, to log, are they still logging? Did something go off the rails? Um, it's really, really easy, uh, depending on the system and the, and the structure that's set up, what checks and things that they put in place, it's really easy to, I don't know, I'm just gonna make a number up. So let's just pretend, you know, out of the gate, there were a hundred different things that were, you know, that were sending stuff to central logging. Well, you know, fast forward a couple of months or in a lot of cases, a couple of years, um, you know, the, uh, are the things that we, uh, are those hundred things still, still doing what they're doing?I mean, you know, there's, there's all sorts of possibilities for something going wrong. You know, you've got, you know, updates or patches that, you know, may go ahead and interfere with the, with the capability for those devices to push their logs. I mean, it could be something as simple as, you know, somebody was messing with a firewall rule to try to do some troubleshooting and, you know, lock down some ports so they could get some things isolated, et cetera. And then forgot to put every, put Humpty Dumpty back together, you know, back together again and blah. And in the process, you know, block the, you know, the outbound logging, you know, capability from, you know, fill in the blank device, that type of thing.

In this heartfelt episode of "Compliance Unfiltered," as the TCT Guys reflect on their journey with TCT, sharing personal stories of growth, challenges, and gratitude. Adam and Todd delve into the evolution of TCT, the invaluable input from clients, and the strong relationships built over the years. Join them as they discuss the importance of client feedback in shaping the organization's offerings and celebrate the dedicated team that makes it all possible. Tune in for an inspiring conversation about making compliance management a little less daunting and a lot more rewarding.

In this episode of "Compliance Unfiltered," the CU Guys dive into the complexities of managing multiple compliance certifications and custom request lists. They explore the challenges faced by organizations of all sizes, from small businesses to international giants, in navigating the ever-evolving compliance landscape. With insights into the common pitfalls and practical advice on streamlining processes, this episode is a must-listen for anyone involved in compliance management. Tune in to discover how to make your compliance journey less painful and more efficient.

In this episode of Compliance Unfiltered, The CU Guys dive into the challenges and strategies for retailers as they gear up for the holiday season. With cyber threats on the rise, particularly AI-driven attacks, the duo discusses the importance of proactive measures, employee training, and maintaining PCI compliance. They also explore the impact of seasonal hiring and the need for vigilance in protecting sensitive data. Tune in to learn how retailers can navigate the bustling holiday period while safeguarding their operations.

On this week's  episode of Compliance Unfiltered, The CU guys get candid and take a dive into the world of vendor relationships and the challenges faced in the marketplace. Adam shares his personal journey from working with "boneheads" to founding his own company, emphasizing the importance of genuine customer service and the pitfalls of AI hype. With a mix of humor and insight, they explore the disconnect between vendors and clients, offering a refreshing perspective on how businesses can truly serve their customers. Tune in for an unfiltered discussion that promises to be both enlightening and entertaining!

On this Episode of Compliance Unfiltered, the CU Guys delve into the complexities of HIPAA compliance for hospital systems. Adam discusses the dual nature of hospital compliance, highlighting both the advantages of early adoption and the challenges posed by the complexity of hospital systems. The conversation covers the intricacies of managing multiple compliance standards, the inefficiencies and costs associated with manual compliance processes, and the importance of maintaining control over compliance data. Adam emphasizes the need for hospital systems to regularly update their compliance controls to align with current technologies and reduce risks. All this, and more, on this week's Compliance Unfiltered!

On this episode of Compliance Unfiltered, The CU Guys dive into their recent experiences at the PCI European Community Meeting in Amsterdam. From the city's impressive public transportation to the vibrant conference atmosphere, they share insights and anecdotes that highlight the unique charm of Amsterdam. Discover the excitement around TCT's latest technology, EasyCert, and how it resonated with attendees. Whether it's the eclectic mix of conversations or the delightful culinary adventures, this episode captures the essence of a memorable trip. Tune in for a blend of professional insights and personal stories that make for an engaging listen.

On this episode of Compliance Unfiltered, the CU Guys dive into the critical role of inventory management within large-scale engagements. They explore why inventory is central to security and compliance programs, share insights on integrating inventory into daily operations, and discuss common pitfalls organizations face. With Adam's practical tips and real-world examples, this episode is a must-listen for anyone looking to enhance their compliance strategies. Special thanks to listener Heidi for suggesting this topic! Tune in and discover how to make inventory a core element of your compliance DNA, on this week;'s Compliance Unfiltered!

On this week's episode of Compliance Unfiltered, The CU Guys discuss the launch of EZ Cert, a new feature in the TCT Portal, designed to simplify compliance tasks for end users. Adam explains how EZ Cert streamlines the interface, making it more accessible and efficient for users who only occasionally interact with the system. The conversation highlights the business value of EZ Cert, emphasizing its ability to reduce bottlenecks and improve the efficiency of compliance engagements. The episode also touches on the benefits of EZ Cert for assessors. All this and more on this week's Compliance Unfiltered.

On this week's episode of Compliance Unfiltered, the CU Guys dive into their enriching experience at the PCI North American Community Meeting in Fort Worth, Texas. Discover how the conference exceeded expectations with improved organization and engaging interactions, and learn about the exciting new features like EasyCert that were unveiled. From exploring the immaculate public transportation to savoring local culinary delights, they share personal anecdotes and insights. Whether you're a compliance professional or just curious, this episode offers a unique glimpse into the vibrant world of PCI compliance. All on this week's Compliance Unfiltered.

On this episode, The CU Crew delve into the innovative approach of environment splitting to streamline compliance processes. Discover how this strategy not only enhances efficiency but also ensures adherence to regulatory standards. Join us as we explore real-world applications and expert insights that reveal the transformative power of environment splitting in today's compliance landscape. All this and more on this week's Compliance Unfiltered!