CISO Insights: Navigating the GRC Landscape

On-Demand Webcast|1 hour

A robust GRC program fosters the ability to manage key risks and protect sensitive data, aligning security initiatives with organizational objectives; and ultimately allows the CISO to establish trust and confidence with key stakeholders. However, the constantly evolving regulatory landscape is resource intensive to manage and requires striking a delicate balance of security controls that won’t stifle productivity or innovation. In this panel discussion, CISOs from diverse industries share insights on:

  • Determining and implementing appropriate policies and security controls
  • Addressing challenges to integrate GRC practices into organizational operations
  • Securing adequate resources to implement and maintain a GRC program


Steven Fox
Director, Information Security & Regulatory Compliance
Educational Testing Service

Steven Fox directs the GRC strategy for Educational Testing Services, the world’s largest private educational testing and assessment organization. He brings a cross-disciplinary, international perspective to the practice of information security; combining his experience as a Deputy CISO, security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges.

Shannon Culp
Director Global Information & Cyber Security Governance & Awareness
a Midwest health care organization

Shannon Culp is currently the Director Global Information & Cyber Security Governance & Awareness for Archer Daniels Midland Company. She has over 29 years of Business Continuity and Information Security and Risk Management experience, as well as consulting experience, Management in “Big 4” environment and large private industry management experience. She has designed general computer controls for SOX and defined a PCI program for level 2 Merchant. Shannon helped lead the development of E&Y’s Security Architecture Methodology, and helped developed Governance Programs, Identity and Access Management Programs, Risk Management Programs and Vulnerability Management Programs.

Dale Hoak
Director of Information Security

Dale is a seasoned cybersecurity and technical operations leader with a distinguished career in the U.S. Navy, where he designed secure, mission-critical systems.  Currently the Director of Information Security at RegScale, Dale built RegScale’s security program from the ground up, enhancing compliance, risk management, and operational effectiveness.  Recognized for his excellence in building Security Operations Centers and Threat Intelligence programs, Dale’s tactical leadership has led to significant achievements, including disaster recovery and business continuity planning for the DoD, rapid deployment of communication packages for Navy Seal Teams, and the creation of training programs for system administrators.  His hands-on approach and commitment to efficiency have made regulatory compliance faster and more accessible.

Dustin Sachs
Chief Technologist and Senior Director of Programs
CyberRisk Alliance

Dr. Dustin Sachs is the Chief Technologist and Sr. Director of Programs at CyberRisk Alliance.  He is a highly accomplished cybersecurity professional with a proven track record in risk management, compliance, incident response, and threat mitigation.  He is CISSP-certified and holds a Doctor of Computer Science (DCS) degree in Cybersecurity and Information Assurance.  Dr. Sachs has worked in various industries, including public utilities, food distribution, and oil and gas.  He is a respected thought leader in the cybersecurity community.