In this episode of the GRC Podcast, we sit down with Chris Honda, a seasoned Senior Security Analyst at Whistic, who walks us through the multifaceted world of Governance, Risk, and Compliance (GRC). With his unique journey into the world of Security, Chris sheds light on the transformative nature of cultivating GRC expertise and the value those skills can bring to the business and security landscapes.
GRC Unpacked: More Than Acronyms
Chris starts by demystifying GRC, breaking it down into its core components: Governance, Risk, and Compliance. He shares an accessible approach to explaining these concepts to non-experts, using relatable analogies like the Rosetta Stone, underscoring the importance of GRC as the lingua franca that bridges the gap between business operations and security imperatives.
The Human Element in InfoSec
Delving into the art of presenting at conferences, Chris emphasizes the need to bring one's personality into play. By humanizing InfoSec, he advocates for presentations that resonate on a personal level, which in turn fosters a more resilient and relatable security culture within organizations.
Career Trajectories in GRC
Reflecting on his own path, Chris discusses how asking the critical question "why" catalyzed his move from finance to security, highlighting the role of curiosity in driving career progression within GRC. He reassures listeners that a background in IT is not a prerequisite for a successful career in GRC, as the field welcomes diverse professional experiences.
”Technical” Redefined
Chris challenges the misconception that one must be highly technical to succeed in security. He argues that problem-solving, communication, and understanding technology as a means to exceptional outcomes are just as crucial. This broader definition of 'technical' opens doors for GRC professionals to be recognized for their strategic and enabling contributions. (but also they should strive to have developer empathy and recognize stagnation in learning will significantly limit upward mobility, salary and future employability.)
The Convergence of Security and Privacy
Exploring the nuanced relationship between security and privacy, the discussion pivots to how these disciplines intersect within GRC frameworks. Chris provides insights into how evolving privacy laws create new opportunities for those passionate about privacy and compliance, demonstrating the dynamic nature of the GRC field.
The Specialist vs. Generalist Debate
Chris shares his experiences as a GRC generalist in a smaller company, weighing in on the benefits of wearing multiple hats against the deep focus of specialists in larger firms. He advocates for the value of generalist roles, highlighting their ability to manage a broad spectrum of GRC challenges and drive comprehensive security strategies.
Giving Back and Building Community
The episode wraps up with Chris reflecting on the importance of giving back to the GRC community. By volunteering and engaging in acts of kindness, professionals can cultivate a supportive network that not only fosters personal fulfillment but also strengthens the collective knowledge and resilience of the GRC industry.
Join us in this enriching discussion that promises to inspire both personal and professional growth, whether you're new to GRC or a veteran looking to reinvigorate your career with a fresh perspective.

For show notes, please visit The GRC Podcast website.
Sign up for our Bi-Weekly Newsletter