Socializing Security

In this episode of Socializing Security, Milou and Brian talk about the launch of HERS — Humans in Equity, Risk, and Security, a new conference built around the idea that security is ultimately about people online this Friday March 13, 2026. They discuss why human connection, community, and inclusive leadership are becoming essential in the risk and security world, and how HERS was designed to bring those conversations to the forefront. The episode explores the vision behind the event, the importance of creating spaces where practitioners can share real experiences, and the role of community in navigating an increasingly complex security landscape. Milou and Brian also reflect on the behind-the-scenes process of building the conference, the relationships that have grown out of the Socializing Security network, and why gatherings like HERS matter now more than ever. If you work in security, compliance, risk, or governance — or simply care about the humans behind the systems — this conversation offers a preview of what HERS hopes to build: a community grounded in collaboration, curiosity, and trust. Chapters 00:00 Introduction to the Conference 04:59 The Concept of 'HERS' Conference 11:05 Human Connection in Security 18:13 Risk Management in Practice 27:28 Lunch and Networking Opportunities 36:12 Content Creation and Community Building 41:06 Closing Remarks and Event Details

In this engaging second-part conversation, Brian and Milou continue their discussion with Jon Edwards, focusing on the intersection of healthcare, compliance, and technology. They explore the challenges posed by AI in healthcare, the importance of regulatory compliance, and the necessity of building strong relationships within organizations to ensure effective risk management. Jon shares personal anecdotes that highlight the human element in healthcare and the critical role of security and compliance in protecting patient data. The conversation emphasizes the need for collaboration across teams and the importance of third-party audits in identifying and mitigating risks. Make sure you check out part 1 of the conversation with Jon: 🎧 https://www.socializingsecurity.com/e/e084-a-first-hand-report-on-trust-and-compliance-in-healthcare-cybersecurity-part-1 Chapters 00:00 Introduction 00:51 Reintroducing Jon Edwards 02:09 Back to the Cliffhanger of Wearable AI Tech 07:52 The Importance of Regulatory Oversight 12:42 Verifying the Claims of Vendors 16:56 Personal Experiences Shaping Healthcare Perspectives 20:22 Viewing Audits as an Improvement Plan for Patient Protection 24:13 Being Chosen to Work in Healthcare 29:09 The Interconnection of Privacy and Security 33:10 Reflections on our Conversations with Jon Edwards 41:40 Outro

In this episode of Socializing Security, hosts Brian and Milou engage with Jon Edwards, a seasoned IT professional with nearly 30 years of experience, focusing on cybersecurity in the healthcare sector. The conversation explores the critical importance of cybersecurity, the challenges of vendor relationships, and the evaluation of technology in healthcare. Jon shares insights on the need for transparency from vendors, the complexities of compliance, and the impact of AI on patient care. The episode concludes with a cliffhanger about the ethical implications of wearable AI technology in healthcare. Make sure to check out Jon's open letter to technology providers: https://www.linkedin.com/pulse/open-letter-technology-providers-hospital-systems-jon-edwards-ylsuc/?trackingId=J3%2Be74LAQX6kC1gZVGAjfw%3D%3D And a reference to our very first interview means you should check out our conversation with Tom Hollingsworth: https://www.socializingsecurity.com/e/e005-security-vendorscape-with-tom-hollingsworth/?token=d2b16c19c47e4f6f012bb216bbee148f Chapters 00:00 Introduction to Jon Edwards 06:23 The Importance of Secure Vendors 10:14 Compliance and Vendor Trust 16:59 Healthcare Careers Matter 19:09 Picking Trustworthy Vendors 24:53 Coordinating Teams to Evaluate Trust 29:31 Dealing with Less Than Secure Technology 33:50 Closing Out and a Cliffhanger for a Second Part 38:19 Outro

In this episode of Socializing Security, Milou shares her journey as a founder and entrepreneur, discussing her various ventures, the challenges faced in the tech industry, and the importance of compliance and ethics. She emphasizes the value of community, networking, and personal growth while providing insights into her future aspirations and advice for others looking to start their own businesses. Chapters 00:00 Introduction to Milou's Journey 01:20 Updates on Ventures and Startups 05:47 Ethics and Compliance 09:34 The Importance of Culture and Rewards 17:10 Setting Sensible Policies Maintaining Compliance 21:54 Milou's Small Businesses 26:14 Building a Community and Networking 31:13 Conclusion and Future Plans

In this solo episode, Brian breaks down the role of the Cybersecurity and Infrastructure Security Agency (CISA) — the federal agency responsible for protecting U.S. critical infrastructure and leading cyber defense efforts across government. From securing elections and the .gov domain to promoting “Secure by Design” software and coordinating with private industry, CISA’s reach is broader than most people realize. Brian also explores the political controversy surrounding its leadership and why its future matters for both public and private sector security. Cybersecurity isn’t just a government problem — it’s an everyone problem. Chapters: 00:00 Introduction to CISA 01:27 CISA's Mission and Responsibilities 03:25 Evolution from NPPD to CISA 05:50 CISA's Operational Directives and Authority 09:09 Coordination with States and Private Sector 12:32 CISA's Initiatives and Programs 16:23 Guidance for Individuals and Organizations 19:21 CISA's Track Record and Challenges 21:16 Political Controversies Surrounding CISA 25:10 Conclusion and Future Insights

Welcome to Torote Co.: A Sneak Peek at the Future of Socializing Security This week’s episode of Socializing Security is a little different — and very special. Milou takes listeners inside Torote Co., a brand-new creative HQ in Austin, TX that’s set to become the physical home for Socializing Security, Compliance Counsel, Cyber Counsel, and a growing ecosystem of founders, technologists, artists, and security leaders. What starts as a casual walkthrough quickly becomes a deeper conversation about community, creativity, entrepreneurship, and building spaces that actually bring people together — not just to work, but to collaborate, recharge, and imagine what’s next. 🎥 Strong recommendation: this is one episode you’ll want to watch, not just listen to. The full video tour is available on YouTube. Chapters: 00:00 – A Special Episode (Watch This One) 01:00 – Introducing Torote Co. 02:20 – Socializing Security Has an HQ 03:05 – Why Build a Physical Space Now 04:40 – Designing the Podcast Studio 06:10 – The Vision for In-Person Episodes & Events 07:55 – Community Over Conferences 09:40 – Coffee, Culture, and Connection 12:30 – Art, Plants, and Creative Energy 15:10 – Making Space for Play & Processing 17:45 – Mixing Art, Tech, and Security 19:50 – Upstairs: The Bigger Community Space 22:45 – Why Location Matters 25:30 – Socializing Security as a Community Platform 28:40 – Entrepreneurship, Risk, and Reality 32:10 – Gratitude, Growth, and What’s Next 36:40 – Closing Thoughts

In this episode, Brian and Milou discuss the evolving landscape of healthcare cybersecurity as they look ahead to 2026. They explore the challenges posed by funding, technology, and the integration of AI in healthcare, while also reflecting on their personal connections to the industry. The conversation highlights the importance of patient privacy, the role of healthcare providers, and the need for better standards in technology use within the medical field. Ultimately, they emphasize the opportunities that arise from these challenges and the importance of collaboration in addressing them. Chapters 00:00 Reconnecting and Looking Ahead to 2026 01:48 The State of Healthcare Cybersecurity 05:31 Understanding the Healthcare Ecosystem 08:23 Technology and Regulation in Healthcare 14:51 Consolidation in Healthcare 22:59 The Intersection of Law and Medicine 26:10 AI in Healthcare: Opportunities and Concerns 34:35 Creating Solutions: Opportunities for Improvement

We’re kicking off 2026 with a Founder-level episode — broken fingernails, moving boxes, and all — as Milou records from a brand-new Socializing Security HQ location in Austin, Texas at Torote Co. In this solo installment, Milou reacts to Brian’s 2026 technologist predictions (go listen to his episode, too 👀) and brings the compliance + privacy heat: the AI arms race is accelerating, consumer burnout is real, state-by-state regulation is getting messier, and the SOC 2 “race to the bottom” may finally force companies toward stronger global security standards. And yep — we’re manifesting: RSA. Defcon. Live studio recordings. Socializing Security is leveling up. Chapters Chapters 00:00 – Welcome back + new Socializing Security HQ 01:30 – 2026 prediction: AI arms race + “every company for themselves” 05:30 – Consumer burnout + privacy fatigue 08:30 – States taking the lead on privacy/security regulation 12:30 – Compliance/GRC careers rising (humans still needed) 16:30 – SOC 2 credibility + “race to the bottom” 20:30 – Shift to ISO 27001 + CSA STAR growth 24:00 – What’s next for Socializing Security (RSA/Defcon dreams) 26:00 – Big risks: breaches, healthcare, and personal privacy advocacy 29:00 – Closing thoughts + 2026 mindset

In this episode, Brian Knudtson reflects on the cybersecurity landscape as we enter 2026, discussing key themes such as the AI arms race, the importance of proactive security measures, identity management, multi-cloud security, supply chain vulnerabilities, and the critical state of healthcare cybersecurity. He emphasizes the need for innovation and collaboration between government and private sectors to address these challenges effectively. Chapters 00:00 Welcome to 2026: A New Year in Cybersecurity 02:35 The AI Arms Race in Cybersecurity 05:00 Proactive vs. Defensive Security Approaches 08:21 The Importance of Identity in Cybersecurity 11:44 Navigating Multi-Cloud Security Challenges 13:56 Supply Chain Security: A Growing Concern 17:00 Critical Infrastructure and OT Security Risks 19:24 Healthcare: A Target for Cyber Attacks 22:51 Government's Role in Cybersecurity 26:05 Innovation Amidst Cybersecurity Challenges 30:32 Conclusion and Outro

In this episode of Socializing Security, Brian and Milou dive into the messy, often misunderstood reality of working through the holiday season. From cultural expectations to the pressure of Q4 deadlines, they break down why this time of year feels especially heavy for consultants, founders, and global teams. They unpack the importance of boundaries (and why they’re so hard to set), how communication shifts when you’re working across time zones, and why emojis aren’t unprofessional — they’re a relationship-building tool. The episode closes with a “Tell Me Something Good” segment, where both hosts highlight small wins, personal growth moments, and what’s next for the podcast. Takeaways Holiday workloads hit differently — especially in consulting and startup life. Cultural norms shape how people view time off, holiday expectations, and urgency. Boundaries aren’t just healthy; they’re essential for preventing burnout. “Follow the Sun” can be a superpower for global teams when used intentionally. Remote teams require clarity — communication styles vary wildly across regions. Emojis and tone markers can humanize digital communication. Planning ahead (even lightly) reduces Q4 chaos. Ending on positive stories helps reset mindset and reinforces purpose. Respecting global holidays builds connection and psychological safety. Sustainable work-life balance is a long game, not a seasonal fix. Chapters 00:00 — Intro & Life Catch-Up 05:11 — How Different Cultures Treat the Holidays 10:45 — Global Work Culture in December: The Pressure Cooker 16:27 — Boundaries, Burnout & Real-Life Strategies 22:12 — Tell Me Something Good: Work Wins & What’s Next

In this episode of Socializing Security, Brian and Milou discuss the evolving nature of workspaces, particularly in the context of small businesses and remote work. They explore the importance of physical spaces, confidentiality, and creating environments that foster productivity and well-being. The conversation delves into thoughtful office design, accommodating different work styles, and the future of workspaces, emphasizing the need for personalization and flexibility in the workplace. Chapters 00:00 Introduction 01:22 Exploring Physical Spaces and Security 04:28 The Balance of Remote Work and Office Dynamics 09:29 Creating a Productive Work Environment 14:58 Thoughtful Office Design and Employee Well-being 19:40 Personalizing Workspaces for Individual Needs 28:15 Wrap-up 30:47 Outro

In this episode of Socializing Security, hosts Brian and Milou discuss the implications of Spotify's new instant messaging feature, the risks associated with shadow IT, and the integration of ChatGPT with Spotify. They explore privacy and security concerns, particularly for users who may not be aware of the changes in the platform's functionality. The conversation emphasizes the importance of being cautious with new technology and understanding the potential risks involved. To see where this conversations started, check out our previous episode: https://youtu.be/pu0ycyc15Mc | https://www.socializingsecurity.com/e/e074-two-perfectionists-walk-into-a-podcast-part-2  Chapters 00:00 Introduction to Current Events in Security 02:29 Introduction to New Spotify Security Concerns 05:41 Managing Corporate Applications and Shadow IT 11:28 Privacy and Security Risks of Social Media 20:53 Integration of ChatGPT with Spotify 25:32 The Future of AI and Privacy Concerns 34:48 Ending on a Positive note

In the latest episode of Socializing Security, Milou Meier and Brian Knudtson embrace SYFI energy — Senior Year F-It — as they reflect on how far the podcast has come, from early audio hiccups to finding their flow as co-hosts. With their signature mix of humor and real-world insight, they explore the art of showing up consistently, balancing prep with authenticity, and how even Spotify’s new messaging feature could quietly create a shadow IT risk in the workplace. 🎧 Real talk on creativity, security, and showing up — even when it’s not perfect. Chapters: 00:00 – Welcome Back to Chaos (and Comfort) 04:12 – Finding Flow in the Format 10:37 – Consistency, Community, and Connection 17:25 – Guest Goals and Growing Pains 25:14 – Security in Everyday Life 31:42 – Looking Ahead: AI, Regulation, and Real Talk

This episode provides a comprehensive overview of ransomware, detailing its definition, methods of delivery, and the various impacts it has on individuals and organizations. Brian Knudtson discusses the evolution of ransomware attacks, the types of targets, and the significant consequences that can arise from such incidents. He emphasizes the importance of prevention strategies, including strong passwords and regular backups, and highlights notorious ransomware gangs and their tactics. The discussion concludes with real-world examples of ransomware attacks and their far-reaching effects on businesses and public services. Chapters 00:00 Understanding Ransomware Basics 06:31 Targeting and Impact of Ransomware 13:03 Consequences of Ransomware Attacks 16:13 Protecting Against Ransomware 22:24 Ransomware Gangs and Their Tactics 27:22 Real-World Examples of Ransomware Attacks

In this episode, Brian speaks with Justin Keck, Director of Security at Inspire Security Solutions, about the evolving role of the CISO, the importance of business acumen in security, and the need for effective communication across departments. They discuss the significance of building a security culture, the role of security champions, and the emerging BISO role as a liaison between security and business needs. As always, the conversation ends on the ongoing battle for privacy in the face of data breaches and the necessity for collaboration within organizations to enhance security. Chapters 00:00 Introduction to Security and the CISO Role 04:13 The Evolving Role of the CISO 09:50 Communication and Business Acumen in Security 14:26 The Importance of Security Culture 21:57 The Role of Security Champions 30:29 The BISO Role and Its Significance 35:32 The Ongoing Battle for Privacy 39:26 Closing Thoughts and Contact Information

In this episode, Brian and the host discuss the evolution of technology and its impact on daily life, particularly focusing on the ideal tech stack for 2025, frustrations with current technology, the need for standardization, and goals for 2026. They also touch on the intersection of pop culture and technology, exploring how past media has predicted current trends and the implications of smart devices and IoT on privacy and user experience. The conversation wraps up with reflections on the challenges of maintaining a frictionless IT environment and the importance of collaboration in navigating these issues. Chapters 00:00 Introduction and Episode Setup 01:44 Imagining a Frictionless Tech Environment 08:13 The Frustrations of Modern Technology 12:43 The Need for Standardization in Tech 16:39 Goals for IT in 2026 20:41 Pop Culture and Technology 25:07 Closing Thoughts on IT and Automation 29:55 Outro

In this episode of Socializing Security, host Milou Meier shares her personal experiences and frustrations as a compliance officer and small business owner in the IT sector. She discusses the challenges of navigating technology, the importance of a frictionless IT environment, and the need for connection in a tech-heavy world. Milou reflects on her own technology struggles and emphasizes the significance of making IT systems work seamlessly to enhance productivity and reduce frustration. Chapters 00:00 Introduction to the Conversation 00:01 Exploring Key Themes in Security 00:37 Introduction and Personal Reflections 02:44 The Challenges of IT and Compliance 05:18 Navigating Technology Frustrations 07:18 The Importance of Frictionless IT 09:46 Community and Connection in Technology 12:21 Personal Experiences with IT Systems 15:18 Reflections on 2025 and Looking Ahead to 2026

In this conversation, Patrick Kovalik discusses the critical role of data in the healthcare industry, emphasizing the importance of data strategy, protection, and governance. He highlights the complexities of managing healthcare data, the shift towards synthetic data, and the challenges posed by unstructured data. The discussion also touches on the balance between privacy and security, particularly in the context of healthcare, and the need for organizations to adapt their data strategies to meet evolving demands. Chapters 00:00 Introduction to Data in Healthcare 04:15 Understanding Data Strategy 06:56 The Importance of Protecting Health Data 11:41 Governance vs. Strategy in Data Management 14:56 The Role of Synthetic Data for Development and Sharing 23:09 Partnerships and Sharing Data 30:22 The Challenges of Unstructured Data 33:36 Privacy in the Healthcare Data Space 38:52 Closing Thoughts on Data Strategy

In this episode of Socializing Security, Milou and Brian delve into the complexities of compliance programs, focusing on the importance of selecting the right audit firms, the role of GRC software, and the common controls necessary for effective compliance. They discuss the significance of access control, incident response, risk management, data protection, vendor management, security awareness training, audit logging, business continuity, and vulnerability management. The conversation emphasizes the mutual relationship between security and compliance, providing insights for organizations looking to enhance their compliance efforts. Chapters 00:00 Exploring Compliance Programs 02:45 Partnering with Audit Firms 05:32 Choosing the Right Audit Firm 08:25 The Role of GRC Software 11:03 Managing Compliance Documentation 14:07 Common Security Controls 21:46 Access Control Challenges 23:33 Incident Response Essentials 26:07 Risk Management Practices 27:49 Data Protection and Privacy 30:25 Vendor Management Strategies 32:23 Security Awareness Training Importance 34:10 Audit Logging and Monitoring 36:29 Business Continuity and Disaster Recovery 38:29 Vulnerability Management Overview

In this episode of Socializing Security, the hosts delve into the essential topic of compliance within the cybersecurity landscape. They explore various compliance frameworks such as SOC 2, ISO 27001, HIPAA, and FedRAMP, discussing their significance, requirements, and the implications for organizations. The conversation highlights the importance of compliance in demonstrating security controls to customers and the challenges faced by companies in achieving and maintaining these standards. The hosts also touch on emerging standards related to AI and the evolving landscape of compliance requirements. Chapters 00:00 Introduction to Compliance in Security 02:03 Understanding Compliance and Its Importance 06:29 Diving into SOC 2 Compliance 10:52 Exploring ISO 27001 Compliance 14:42 AI and Emerging Standards 16:39 Overview of CSA STAR Compliance 20:09 Understanding CMMC for Defense Contractors 22:57 Navigating FedRAMP Compliance 28:53 HIPAA and Healthcare Compliance 31:41 HITRUST Certification in Healthcare 34:31 SOX Compliance for Public Companies 36:19 PCI DSS for Payment Processing 38:52 GDPR? 39:49 Structuring Audits 42:05 Preparing for a Second Part 43:55 Outro