Risk Grustlers / Episode #11

The upshot of (un)continuous compliance

featuring Todd Dekkinga

With a dynamic personality and over 25 years of IT management and security expertise, Todd Dekkinga steps into the spotlight as the new host of Risk Grustlers. As the CISO at Scrut Automation and Zluri, and advisor to startups like Box and Zoom, Todd is the perfect guide to help you navigate the complexities of risk and compliance.

Todd and our CEO and Co-Founder, Aayush Ghosh Choudhury, share an undeniable passion for security and startups, which shines through in this lively episode. They share actionable advice and deep insights, including trade secrets you wouldn’t hear elsewhere. You don’t wanna miss this!

"The dot-com crash of 2001 was a turning point for me, leading me to focus on IT efforts in regulated industries like biotech. Working in highly controlled environments laid the foundation for my understanding of compliance and risk."

"One common mistake among startups is neglecting to maintain compliance post-certification. Many overlook the continuous monitoring required, leading to frantic efforts to catch up during surveillance audits."

"Automation plays a crucial role in simplifying compliance tasks, particularly for smaller companies with limited resources. Automated tools like Scrut streamline processes, reduce manual effort, and ensure consistency in meeting regulatory requirements."

Listen on
Your favourite platforms


In this episode, we explore Todd’s unorthodox path to compliance, GRC, and risk management – a testament to the diverse paths that can lead to a career in risk management.

 He highlights the pivotal moments that shaped his expertise, including the dot-com crash of 2001 and his work in highly controlled environments like biotech.

Todd discusses the common mistakes startups make during the SOC 2 compliance process and offers practical advice on maintaining compliance post-certification. 

He also elaborates on the role of automation in GRC, particularly in optimizing compliance efforts for companies of different sizes.

Todd’s insights will provide valuable perspectives on navigating the complexities of compliance and risk management. Tune in to uncover the true upshot of continuous and non-continuous compliance!

Highlights from the episode

More Episodes

Derek Kalles & Glen Willis
Kalles Group
Episode #1
Strategies to Master Cloud Security
Davis Hake
Co-Founder of Resilience
Episode #1
Fancy some acronym soup, mate?
Vignesh Kumar
Manager of Security and Privacy at Microsoft
Episode #2
Do Auditors Have Horns?
Walter Haydock
CEO of StackAware
Episode #3
AI With a Pinch of Responsibility
Gary Hunter
Cybersecurity at The Walt Disney Company
Episode #4
Back to Basics: A Crash Course for Experts!
Ross Haleliuk
Head of Product at LimaCharlie
Episode #5
De*Romanticizing the Cybersecurity Complexity
Satya Nayak
Head of Security Engineering & Operations at Outreach
Episode #6
Are You YAFing, Bud?
Renae Martin
Senior Technical Program Manager
Episode #7
The Process of Setting Up A Process To Set Up A Process
Jason Leuenberger
Team Coach
Episode #8
A Scoop of Risk, Squishy Not Crunchy!
Akshay Ahuja
Principal - Information Security
Episode #9
The Art of Breaking Into the Security Space
Shashank Karincheti
Senior Manager - Razorpay
Episode #10
The Perks of Automating Audits
Joshua Zweig
Zip Security
Episode #2
Cracking the Cyber Code with Evolving Perspectives of Cybersecurity
Beau Butaud
Risk and Compliance Manager at Moss Adams
Episode #3
Compliance Beyond the Checkbox: A Fresh Perspective on Auditors and Risk
Farshad Abasi
Founder and CEO of Forward Security
Episode #4
Cyber Roulette: Playing with Digital Risks
Aaron Worthman
CIO & CSO at Spire One
Episode #12
Security: Building a Business Within a business
Kevin Qiu
Security Expert at Tech Startups
Episode #13
Security on a shoestring budget

See Scrut in action!