See how top teams stay future-ready for audits. 🚀
Go back to all podcasts
Published on

The security poverty line

In this episode of Risk Grustlers, Nicholas Muy, CISO at Scrut Automation, sits down with Wendy Nather, Senior Research Initiatives Director at 1Password, to talk about a reality most people don’t want to admit: small organizations can’t implement the security controls everyone says they should have. This conversation digs into the “security poverty line,” why compliance feels impossible for lean teams, and what actually matters when you can’t do it all.

Featuring
Wendy Nather
Senior Research Initiatives Director, 1Password
Nicholas Muy
CISO, Scrut Automation
Wendy Nather
and
Senior Research Initiatives Director, 1Password
and
00:00 / 00:00

Read full transcript here

Listen on Your favourite platforms

Description

In this episode of Risk Grustlers, Wendy Nather joins Nicholas Muy to challenge how we think about compliance, affordability, and security maturity.

Wendy introduces the idea of the “security poverty line,” the invisible boundary keeping small organizations from achieving the same security outcomes as large enterprises. She breaks down why frameworks like PCI DSS work only when risks are narrowly defined, and how unclear scoping, hidden vendor pricing, and talent scarcity widen the gap.

Tune in as Wendy and Nick dismantle the “back to basics” advice, and explain why fundamentals like asset inventory, change control, and threat prioritization are anything but simple in a cloud-first world. Wendy also shares her practical prioritization pyramid, i.e., where to start when you can’t do everything, and it starts with a step most teams skip.

Highlights from the episode

  • Why the “security poverty line” explains more about small team struggles than any budget conversation ever will.
  • The research finding that should make every CISO uncomfortable: how much securing a company actually costs, and why the answer is more uncertain than you think.
  • Wendy’s pyramid framework for what to focus on first when you can’t do everything, and why it deliberately doesn’t start with buying tools.
Subscribe to our newsletter
Get monthly updates and curated industry insights
Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Join the Unlimited

Get that doubles sales or startups is send a performance

Book a Demo

Share on

Join our community and be the first to know about updates!

Subscribe
I agree to receive marketing insights and other communications from Scrut Automation.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Resources

No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.
No items found.

Ready to see what security-first GRC really looks like?

The Scrut Platform helps you move fast, stay compliant, and build securely from the start.

Book a Demo
Book a Demo
Platform
Why ScrutExplore the PlatformSimplify ComplianceStreamline AuditsEmpower Your EmployeesMonitor Cyber RiskAssess Third-Party RiskValidate User PrivilegesManage Asset InventoryDemonstrate TrustAI-Powered GRCIntegrate Your Tech Stack
Frameworks
SOC 2ISO 27001GDPRPCI DSSHIPAANIST AI RMFCustom FrameworksAll Frameworks
Company Stages
StartupGrowthEnterprise
Industry
Enterprise SoftwareFinancial ServicesHealthcareTravel and TourismEducation
Resources
BlogEbooksPodcastSuccess StoriesWebinarsEventsGlossaryFAQs
Hubs
SOC 2 HubISO 27001 HubHIPAA HubExplore All Hubs
Partners
Become a PartnerFind a Partner
Company
CustomersAboutCareersNewsroomSecurity
TrustTerms of UsePrivacy PolicyCookies Policy
© 2024 Scrut Automation. All Rights Reserved.