#  @risk3sixty risk3sixty risk3sixty posts on YouTube about ai, how to, business, director the most. They currently have [------] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours. ### Engagements: [------] [#](/creator/youtube::UCjcD3Vc3Z1FSncd2BvRp9vQ/interactions)  - [--] Week [------] +297% - [--] Month [-------] -62% - [--] Months [---------] +7,707% - [--] Year [---------] +8,836% ### Mentions: [--] [#](/creator/youtube::UCjcD3Vc3Z1FSncd2BvRp9vQ/posts_active)  - [--] Week [--] +178% - [--] Month [--] +44% - [--] Months [--] -3.50% - [--] Year [--] +161% ### Followers: [------] [#](/creator/youtube::UCjcD3Vc3Z1FSncd2BvRp9vQ/followers)  - [--] Week [------] +1.30% - [--] Month [------] +4.10% - [--] Months [------] +18% - [--] Year [------] +35% ### CreatorRank: [---------] [#](/creator/youtube::UCjcD3Vc3Z1FSncd2BvRp9vQ/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) [finance](/list/finance) [social networks](/list/social-networks) [stocks](/list/stocks) [countries](/list/countries) [cryptocurrencies](/list/cryptocurrencies) [exchanges](/list/exchanges) **Social topic influence** [ai](/topic/ai), [how to](/topic/how-to), [business](/topic/business), [director](/topic/director), [watch](/topic/watch), [agentic](/topic/agentic), [youtube](/topic/youtube), [ceo](/topic/ceo), [build](/topic/build), [break](/topic/break) **Top assets mentioned** [Microsoft Corp. (MSFT)](/topic/microsoft) [Alphabet Inc Class A (GOOGL)](/topic/$googl) [Ethereum (ETH)](/topic/ethereum) ### Top Social Posts Top posts by engagements in the last [--] hours "SOC [--] Simplified: Full Framework Review in Plain English In this video we explain all of the requirements of SOC [--] in plain English. We walk through every SOC [--] category discuss the controls most companies put into place to meet the requirements and what is often required during an audit. Sign up for a free SOC [--] readiness assessment here: www.phalanxgrc.com" [YouTube Link](https://youtube.com/watch?v=2rAz9VohEdE) 2022-06-28T18:07Z 15.1K followers, 23.7K engagements "ISO [-----] Basics: Everything You Need to Get Certified This video will cover the basics of ISO [-----] including the implementation and certification processes. Learn everything you need to know to get certified and ensure compliance with this crucial information security standard. Download the whitepaper: https://risk3sixty.com/iso-27001-path-to-certification-part-2/ #ISO27001 #cybersecurity #risk3sixty 0:00 Introduction 1:08 ISO [-----] Background 6:06 ISO [-----] Overview 8:22 ISMS: Clauses 4-10 11:34 Annex A: [---] Controls 23:54 Implementation Process 28:34 Certification Process 33:28 Typical" [YouTube Link](https://youtube.com/watch?v=AJbK3jH677k) 2020-05-28T14:03Z 15.1K followers, 123K engagements "ISO [-----] Basics: What It Is and How to Get Certified Fast Learn more about the process for becoming ISO [-----] certified: https://risk3sixty.com/iso-42001 Download the ISO [-----] Overview for Business Leaders here: https://risk3sixty.com/whitepaper/iso-42001-overview-business-leaders Are you building AI products or integrating AI into your organization Then ISO [-----] should be on your radar. In this webinar Christian Hyatt CEO and Co-Founder of risk3sixty breaks down what ISO [-----] is why it matters for your business and how to build a certification roadmap. Learn how to align ISO [-----] with" [YouTube Link](https://youtube.com/watch?v=_wPkgeamFSk) 2025-08-13T18:13Z 15.1K followers, [----] engagements "#46: Building a GRC Program (w/ Jewel Hefner) SOC [--] PCI DSS ISO [-----] FedRAMP GDPR the list goes on. In this episode Jewel and Christian discuss how to build a global security and compliance program poised to support multiple frameworks. Jewel is an expert in governance risk and compliance with experience building teams and navigating the complexities of global compliance initiatives. Having forged a non-traditional route to a GRC leadership position Jewel is passionate about helping others do the same. In this episode of Tuesday Morning Grind Jewel and Christian discuss how to get into" [YouTube Link](https://youtube.com/watch?v=-QdGtCPTxgg) 2021-10-26T10:00Z 14.8K followers, [----] engagements "PCI DSS: How to Get PCI Certified This is everything you need to know to get PCI DSS certified in [----]. Chris Donaldson is a PCI Expert and the PCI Practice Leader at risk3sixty. Chris has helped organizations from start-ups to Fortune [--] achieve PCI certification. In this episode of Tuesday Morning Grind Chris and Christian talk through everything a company needs to know to begin its PCI certification journey. Free Whitepaper Download: PCI DSS Process Overview https://risk3sixty.com/pci-dss-process-overview/ Free Whitepaper Download: PCI Compliance of Business Growth" [YouTube Link](https://youtube.com/watch?v=1_nw9Br_by4) 2022-01-18T11:00Z 14.8K followers, [----] engagements "Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore ISO [-----] resources:" [YouTube Link](https://youtube.com/watch?v=3GzoNR6EsaA) 2025-10-21T17:51Z 15.1K followers, 208.4K engagements "Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats" [YouTube Link](https://youtube.com/watch?v=3WtHA0J_cco) 2025-10-21T14:30Z 15.1K followers, 191.7K engagements "How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk" [YouTube Link](https://youtube.com/watch?v=3d-uZZHBbug) 2025-10-21T17:49Z 15.1K followers, 367.8K engagements "#29: How Privacy Will Shape Society and Business (w/ Daniel Solove) Christian speaks with world renounced privacy researcher Daniel Solove about the current and future implications of privacy on society and business. About Daniel Solove: Daniel is a research professor at George Washington University Law School CEO of TeachPrivacy.com and holds a JD from Yale Law School. Daniel is one of the most respected and frequently sited privacy professionals on earth with over [--] research publications and over 1Mfollowers on social media. About risk3sixty: risk3sixty is a security privacy and compliance" [YouTube Link](https://youtube.com/watch?v=4Ch3hAzxOSk) 2021-06-29T10:00Z 14.9K followers, [---] engagements "What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or" [YouTube Link](https://youtube.com/watch?v=EdeDKPghvBw) 2025-10-21T14:29Z 15.1K followers, 157.5K engagements "PCI DSS: A Simple Intro to PCI DSS for Companies Getting Certified for the First Time Chris Donaldson is the leader of the PCI DSS practice at risk3sixty and an expert QSA. A qualified security assessor or QSA for short is an individual that helps companies identify gaps in their cybersecurity and their cyber security awareness training for the credit card industry. In this webinar Chris provides useful information on: 00:00 Into 04:05 An overview of PCI and the overall framework 16:36 PCI DSS v3.2.1 19:06 PCI DSS Compliance Applicability 23:10 The business case for PCI 28:24 Steps to achieve" [YouTube Link](https://youtube.com/watch?v=HKGRib3EYwE) 2022-08-15T14:23Z 15.1K followers, 12.6K engagements "CMMC Series Part 1: Everything You Need to Get Certified (Levels 1-3 Scoping & Audit Process) The Cybersecurity Maturity Model Certification (CMMC) is now live and every organization in the DoD supply chain will need to comply. In this deep-dive session risk3sixty experts break down exactly what you need to know to prepare for CMMC Levels 1-3 scope your environment understand timelines and navigate the new phased rollout through [----]. Whether you're a prime contractor or a subcontractor this walkthrough will help you understand your requirements avoid common pitfalls and confidently prepare" [YouTube Link](https://youtube.com/watch?v=Keg3IN970dY) 2025-11-24T16:09Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: FBI Warns of AI CFPB Targets Data Brokers CISA Urges Encryption FBI Issues PSA on Threat Actor Generative AI Use The FBI has issued a public service announcement warning that criminals are increasingly leveraging generative artificial intelligence (AI) to enhance the effectiveness and scale of financial fraud schemes. By utilizing AI-generated text images audio and video these actors can create more convincing social engineering tactics such as spear phishing and romance scams thereby deceiving a larger number of victims with greater efficiency. The FBI advises the" [YouTube Link](https://youtube.com/watch?v=OMn1a5ANKgU) 2024-12-05T19:50Z 14.7K followers, [---] engagements "PCI 4.0: A Simple Checklist of the PCI DSS [---] Requirements In this video we discuss the new version of PCI v4.0 and what cloud-native/SaaS service providers need to know about the new requirements timelines and what organizations should focus on over the next two years for the new version of PCI DSS. 00:00 Intro 06:26 PCI Service Provider Types 08:36 Summary of Changes with PCI [---] 15:52 Medium and High Impact Changes in PCI [---] 24:21 Rapid PCI [---] Gap Assessment 29:09 Before you start solutioning 34:26 Priority Action Items for PCI [---] 40:50 Q&A #pci #pcidss #fintech #saas" [YouTube Link](https://youtube.com/watch?v=QpMYUbOZnrs) 2022-07-13T13:16Z 14.9K followers, [----] engagements "How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk" [YouTube Link](https://youtube.com/watch?v=T-b4FAOw-n0) 2025-10-21T17:52Z 15.1K followers, 168.5K engagements "How Seriously Should GRC Teams Take AI AI is everywhere but how much of it really matters for GRC In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=_KiSFBIDCo8) 2025-10-21T18:40Z 15.1K followers, 247.6K engagements "What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or" [YouTube Link](https://youtube.com/watch?v=_xwqd6Ue_p8) 2025-08-18T14:00Z 15.1K followers, 187.4K engagements "Asset Management: ISO [-----] [----] Updates Explore the newest updates on Asset Management for ISO [-----] and ISO [-----] compliance in the [----] updates. Gain insights into key changes implementation strategies and real-world examples to fortify your organization's security program. Don't miss outwatch now Introducing the "ISO Byte" video series led by Sawyer Miller Director of Audit & Implementation Practice at risk3sixty. Join us to learn about essential insights updates and strategies for ISO [-----] and [-----] compliance. Subscribe and stay up to date on future videos. For a detailed look at the" [YouTube Link](https://youtube.com/watch?v=aN3f2QU3ENM) 2024-03-14T13:00Z 15.1K followers, [----] engagements "PCI DSS: How to Get Ready for a PCI Certification Audit This video teaches you everything you will need to prepare for a PCI DSS audit from an expert QSA Chris Donaldson. We cover: 00:00 Intro 02:56 PCI Scoping Strategies 12:52 Before the Audit 27:38 During the Audit 30:59 After the Audit 33:40 Q&A For additional information on how to choose a QSA for your PCI needs please download our whitepaper - PCI Compliance of Business Growth https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/" [YouTube Link](https://youtube.com/watch?v=amRbOVgMTKQ) 2022-09-16T18:25Z 14.8K followers, [----] engagements "Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of Risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore more ISO [-----] resources:" [YouTube Link](https://youtube.com/watch?v=bhDPF9gBsuE) 2025-10-21T17:48Z 15.1K followers, 140.8K engagements "PCI as a Service: Advantages of Outsourcing PCI Compliance Outsourcing PCI Compliance can provide several benefits to companies. In this video will explore some key advantages of outsourcing PCI compliance and how outsourcing can support your security and compliance program. Overview: 00:00 Intro 00:52 The Reality of PCI 03:21 Bottom Line Upfront 06:20 Advantages of Outsourcing PCI Compliance 20:30 Options for Managing PCI 24:23 Head-to-Head Comparison - In-house vs Outsourced 30:47 How we can help 34:15 Q&A" [YouTube Link](https://youtube.com/watch?v=cH3G-Gf_jFM) 2023-02-27T14:15Z 15.1K followers, [---] engagements "Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats" [YouTube Link](https://youtube.com/watch?v=c_oHmxDbMTg) 2025-10-15T19:05Z 15.1K followers, 194.6K engagements "SOC 2: A Simple Intro to SOC [--] Certification for Companies Getting Certified for the First Time Are you considering SOC [--] certification for your company but feeling overwhelmed by the process Look no further In this comprehensive introduction to SOC [--] we break down the essentials for companies venturing into certification for the first time. In this video we cover the following: 00:00 Intro 01:20 An overview of the SOC [--] framework 04:11 The business case for SOC [--] 07:38 Steps to achieving SOC [--] compliance 09:40 The typical timeline to set up SOC [--] 14:35 Effort estimates 17:11 Framework" [YouTube Link](https://youtube.com/watch?v=k_wmrEiyqZA) 2022-08-24T19:02Z 15K followers, 17.1K engagements "PCI DSS Basics: Everything You Need to Get PCI DSS Certified In this episode of Tuesday Morning Grind Christian White and Christian Hyatt discuss and address many of the common questions associated with PCI DSS the process to become certified how to prepare a budget and how long it takes. Free resource: PCI Compliance of Business Growth - Whitepaper https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/ About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high-growth technology organizations build manage and assess security and" [YouTube Link](https://youtube.com/watch?v=kx6pToRUjVY) 2021-06-04T16:05Z 14.9K followers, 32.5K engagements "Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=qN_39vCPLAU) 2025-10-21T18:37Z 15.1K followers, 56.6K engagements "A Practical Guide to CMMC Implementation and Certification (risk3sixty + Schellman) CMMC is here and certification requirements are starting to show up in DoD contracts. In this session hosted by risk3sixty (advisory) and Schellman (assessment) you will learn - The CMMC rollout timeline and what to expect through [----] - How the certification process works (including the 4-phase C3PAO assessment flow) - Why scoping CUI/FCI correctly is one of the biggest drivers of cost effort and audit success. The session wraps with a live panel Q&A covering common readiness pitfalls assessor availability" [YouTube Link](https://youtube.com/watch?v=tXZpKw_bRS8) 2026-01-29T17:24Z 15.1K followers, [--] engagements "The GRC Agentic AI Roadmap: How to Implement Agentic AI in Your GRC Program (Part 1) Welcome to Part [--] of the GRC Agentic AI Roadmap Series. In this session we cut through the hype around AI and Agentic AI to deliver a clear actionable roadmap for GRC leaders who want to leverage AI to transform how their teams operate. This isn't theory it's built from real-world experience. Our team at risk3sixty has helped organizations ranging from high-growth tech companies to Fortune 10s implement AI into their governance risk and compliance functions and we've built our own GRC platform powered by" [YouTube Link](https://youtube.com/watch?v=ux37Xw0YKUY) 2025-09-04T19:30Z 15.1K followers, [----] engagements "Annex 3: Structuring AI Roles in ISO [-----] In this video learn about Annex A.3 Internal Organization of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. This video covers the following: See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 A.3.2 AI roles and responsibilities Roles and responsibilities for AI shall be defined and allocated according to the needs of the organization. A.3.3 Reporting of concerns The organization shall define and put in place a process to report concerns about the organizations role with" [YouTube Link](https://youtube.com/watch?v=0QqjPIIYEF8) 2024-06-25T14:09Z 14K followers, [----] engagements "Annex 9: Use of AI Systems in ISO [-----] In this video learn about Annex A.9 Use of AI Systems of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 Learn more about ISO [-----] with our online course: https://risk3sixty.com/landing/iso-42001-course Objective: To ensure that the organization uses AI systems responsibly and per organizational policies A.9.2 Processes for responsible use of AI systems The organization shall define and document the processes for the" [YouTube Link](https://youtube.com/watch?v=24qdjTvPNBo) 2024-08-20T14:46Z 14K followers, [---] engagements "Overview of ISO [-----] Clauses 4-10 In this video learn about Clauses 4-10 of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director From understanding organizational needs to fostering leadership commitment and driving continual improvement Sawyer expertly navigates each clause. Whether you're a seasoned pro or just starting your cybersecurity journey buckle up and join us as we unravel the mysteries of ISO [-----]. Get ready to level up your infosec game and emerge as a true cybersecurity champion See how risk3sixty can help your business with ISO [-----] contact us:" [YouTube Link](https://youtube.com/watch?v=3FD2FPXObyo) 2024-06-13T14:03Z 14K followers, [----] engagements "The CISO Role: How to Design Security Leadership Custom Fit to for Your Organization We discuss the CISO role's common pitfalls and provide a framework for designing a CISO role that makes sense for your organization emphasizing security leadership. Free resource: Security Team Operating System - workbook https://risk3sixty.com/whitepaper/security-team-operating-system-ebook/ Podcast Here: https://anchor.fm/risk3sixty #security #cybersecurity #CISO #compliance 0:00 Introduction 1:54 Why This Matters 3:59 Framework: Define Business Problems 7:35 Framework: Priorities Roles and Responsibilities" [YouTube Link](https://youtube.com/watch?v=46dYkYzENgo) 2020-07-24T15:34Z 13.9K followers, [----] engagements "Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=4iZV--2q9ls) 2025-10-21T18:36Z 15.1K followers, 497.5K engagements "How to Add ISO [-----] to Your ISO [-----] Program with risk3sixty + Schellman In this expert session risk3sixty and Schellman team up to walk through the business case implementation strategy and certification process for ISO 42001designed specifically for organizations already managing an ISO [-----] program. Speakers: Christian Hyatt CEO & Co-Founder risk3sixty Danny Manimbo Principal & ISO AI Services Leader Schellman What Youll Learn: - How ISO [-----] builds on ISO [-----] for AI governance - Key differences overlaps and integration strategies - A 3-step implementation model used by top companies" [YouTube Link](https://youtube.com/watch?v=5fTlhFCs7r8) 2025-09-25T15:32Z 15.1K followers, [----] engagements "Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our" [YouTube Link](https://youtube.com/watch?v=6INwXkJD4Cs) 2025-10-21T14:32Z 15.1K followers, [--] engagements "Harmonizing & Scaling Compliance Part 2: How to Implement Streamlined Controls Welcome to Part [--] of the Scaling Compliance series: How to Implement Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Alex Sullivan (Advisory & Assurance Associate) share practical tactics for building a scalable compliance program that harmonizes multiple frameworks into one integrated structure. Youll learn: - How to harmonize governance and eliminate siloed frameworks - Why harmonized policies and processes reduce duplication and confusion - A step-by-step" [YouTube Link](https://youtube.com/watch?v=93nU5ZMROcQ) 2025-10-29T16:39Z 15.1K followers, [--] engagements "GRC Agentic AI Roadmap: Lets Build a GRC AI Agent Together (Part 3) Agentic AI is here and GRC teams are already putting it to work. In Part [--] of The GRC Agentic AI Roadmap we move from concept to construction. Youve seen the business case and real-world examples. Now its time to build your first GRC AI agent. What Youll Learn: - Why building an agent is the next critical step in the GRC AI journey - How to apply a repeatable build framework to your program - A real-world build from idea to measurable impact - How to get started quickly even with limited internal AI expertise Part 1: Building" [YouTube Link](https://youtube.com/watch?v=C60x2J44D_g) 2025-10-31T14:20Z 15.1K followers, [---] engagements "SOC [--] + AI: How to Report on Artificial Intelligence Risk and Compliance With AI use accelerating security leaders are asking "how do we prove we're using AI responsibly" In this video Christian Hyatt (CEO risk3sixty) and Phil Brudney (Director of Privacy and Quality Assurance risk3sixty) walk through how companies can incorporate AI risk management into their existing SOC [--] report. You'll learn what criteria to include how to structure a defensible program and what a SOC [--] + AI audit looks like in practice. What Youll Learn: 00:00 Why add AI to your SOC [--] report 02:25 Business case: risk" [YouTube Link](https://youtube.com/watch?v=CqcBFnMqOQo) 2025-07-16T17:30Z 15.1K followers, [---] engagements "Attack Surface Management (ASM) Part 2: Why Continuous ASM Beats Traditional Penetration Testing In Part [--] of our Attack Surface Management (ASM) Field Guide Series Cory Wolff breaks down the real differences between penetration testing and ASM and why point-in-time assessments alone cant keep up with todays threat landscape. Youll Learn - Why continuous always-on ASM matters as environments change daily (new assets new SaaS apps new exposures) - How modern breaches often start with stolen credentials and rapid vulnerability exploitation not just known assets on a scan list. - How ASM helps" [YouTube Link](https://youtube.com/watch?v=FW-W3kZdWw0) 2025-12-18T18:45Z 15.1K followers, [--] engagements "Cybersecurity Exec Brief: Device Code Phishing US Treasury Zero-Day Thailand Pulls Scammer Plug Exec Brief: Cybercriminals are evolving their tactics from device code phishing campaigns to zero-day exploits targeting critical infrastructure. Meanwhile entire scam hubs are being dismantled as governments crack down on cyber fraud. [----] Cybersecurity Year in Review: https://risk3sixty.com/webinars/2024-cybersecurity-year-review Threat Actors Utilize Device Code Phishing On February [--] [----] Microsoft reported that the threat actor group Storm-2372 has been conducting a sophisticated phishing" [YouTube Link](https://youtube.com/watch?v=JAwigoLDJ08) 2025-02-20T18:04Z 11.3K followers, [---] engagements "How Juvare Became an ISO [-----] Early Adopter with risk3sixty Juvare a global leader in emergency management and resilience technology is among the first organizations pursuing ISO [-----] to responsibly govern AI across both operations and product innovation. Ed Jones Information Security Manager at Juvare shares how his team partnered with risk3sixty to integrate AI governance into an already mature compliance program spanning ISO [-----] SOC [--] FedRAMP and more. Youll learn: - Why Juvare proactively embraced AI governance before customers began asking - How ISO [-----] builds on an integrated" [YouTube Link](https://youtube.com/watch?v=JrsuKHVrtCo) 2025-11-05T21:20Z 15.1K followers, [---] engagements "An In-Depth Look at Attack Surface Management (ASM) with risk3sixty Your attack surface is bigger and changing faster than you think. Annual security testing doesnt cut it anymore. In this video risk3sixtys President Christian White and Director of Offensive Security Cory Wolff break down modern Attack Surface Management (ASM): What it is how it works and why leading organizations are adopting continuous security. Through real-world examples and even a military base defense analogy well show how ASM helps teams: - Continuously discover unknown assets and exposures - Detect threats like" [YouTube Link](https://youtube.com/watch?v=NJp34TNiMAk) 2025-10-31T14:27Z 15.1K followers, [--] engagements "PCI DSS: A Simplified Review of PCI DSS In Plain English (Full Framework Review) This installment will break down the PCI DSS framework in plain English. This webinar will closely examine the framework itself and spell out the complex requirements in a way that's easier to understand. Topics We'll Cover Include: - PCI DSS v3.2.1 vs. PCI DSS v4.0 - An easy-to-understand look at the requirements in the current version of the framework and the version that will be mandatory in [----] - Common gaps clients often see when trying to meet PCI's requirements Overview: 00:00 Intro 03:09 Summary of PCI" [YouTube Link](https://youtube.com/watch?v=OIRrDbuRfO8) 2022-12-12T14:10Z 13.9K followers, [----] engagements "AI Security Concepts: Machine Learning AI and Cybersecurity Join Cory Wolff Director of Offensive Security at risk3sixty as he explores the evolution of AI and Machine Learning. Cory traces AI's journey from its origins in the 1940s to today. Discover key milestones such as the first neural network and IBM's Deep Blue defeating a human in chess. Learn about the transformative breakthroughs of [----] including introducing transformers and self-attention mechanisms. Cory challenges viewers to experience the power of modern AI models like ChatGPT and Google Gemini firsthand" [YouTube Link](https://youtube.com/watch?v=Od7ANox9nFU) 2024-06-17T17:52Z 13.8K followers, [----] engagements "ISO 27001: A Simplified Review of ISO [-----] In Plain English (Full Framework Review) In this video we provide an easy-to-follow review of ISO [-----] and the upcoming changes for [----]. Sawyer Miller completed his [--] part series on ISO [-----] with a plain English overview of the framework. Overview: 00:00 Intro 01:48 Framework Overview 07:30 ISMS - Information Security Management System 18:55 ISO/IEC 27001:2013 Annex A 26:15 ISO.IEC 27001:2022 Annex A 28:31 Common Gaps 40:34 How to get Started with ISO [-----] 42:00 Q&A" [YouTube Link](https://youtube.com/watch?v=Ou8cFdjMYWw) 2022-11-02T13:26Z 14.6K followers, 20.3K engagements "How to Harmonize Compliance Across Business Units Managing ISO SOC [--] PCI HITRUST and Others In this webinar risk3sixty's Kevin Ketts (CTO) and Carlin Cole (Product Manager) guide you through a controlcentric GRC approach to streamline compliance across multiple frameworks and business units; no more duplicate audits or lastminute scrambles. Learn: 00:00 Why harmonization matters 01:45 Top GRC team challenges: time expertise tools 04:20 The multiframework dilemma explained 07:10 How fullCircles platform harmonizes controls & evidence 12:30 Continuous compliance: spread work over time 17:00" [YouTube Link](https://youtube.com/watch?v=QAHjOO3DHws) 2025-07-17T15:03Z 15.1K followers, [---] engagements "Introducing Framework Deployment for fullCircle Managing multiple compliance frameworks across a growing business can get messy fast. Duplicate controls endless spreadsheets and constant remapping are just some of the challenges GRC professionals face just to keep everything aligned. How do you solve this Introduce Framework Deployment in fullCircle: A smarter way to add and manage frameworks like ISO [-----] ISO [-----] CMMC PCI DSS and more without multiplying the workload. Built by the compliance experts at risk3sixty Framework Deployment gives you: - Pre-configured control libraries designed" [YouTube Link](https://youtube.com/watch?v=QsEgFpYKB90) 2025-12-15T19:17Z 15.1K followers, [--] engagements "CMMC Part 2: How to Add CMMC to an Existing SOC [--] or ISO [-----] Program In Part [--] of our CMMC webinar series risk3sixtys Christian White (President & Co-Founder) and Andrew Parks (Manager Advisory and Assurance) walk through how to layer CMMC onto an existing SOC [--] or ISO [-----] program without creating duplicate work bloated scope or audit fatigue. Learn how to use what youve already built to meet CMMC requirements where the frameworks overlap and where youll need to make net-new investments especially around scoping and technical rigor. What Youll Learn: - Why CMMC scope is narrower and more" [YouTube Link](https://youtube.com/watch?v=S1Lg-reFy-w) 2025-12-11T15:47Z 15.1K followers, [--] engagements "The AI-Powered Assistant Built for GRC Teams fullCircle AI Assist Panel Meet the Assist Panel your always-on consultant in fullCircle AI Chat. The Assist Panel brings instant context-aware insights right where you work. See related tasks risks and evidence without leaving your flow. When you switch controls it updates automatically. With the Assist Panel you can: - Save time and eliminate context-switching - Understand connections faster - Act confidently with AI-powered insights Available now in fullCircle AI. Select the Assist tab to get started" [YouTube Link](https://youtube.com/watch?v=TBiuv8AMVgg) 2025-10-27T18:58Z 15.1K followers, [--] engagements "Cybersecurity Brief: Ransomhub Keeps Busy BEC hits $55B and Who's to Blame for CrowdStrike Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Ransomhub Crew Keeps Busy After being burned by ALPHV this summer the ransomware crew Ransomhub has been on an absolute tear. Since they were forced to double extort Change Healthcare after not receiving the original payment via ALPHV Ransomhub has created their own Ransomware-as-a-Service with a 90% affiliate rate making them one of" [YouTube Link](https://youtube.com/watch?v=TKTkaHCYXl8) 2024-09-18T14:10Z 14.6K followers, [---] engagements "New in fullCircle GRC: Risk and Task Linking in Framework Controls Track and manage your compliance program more efficiently with fullCircle GRCs Risk and Task Linking in Framework Controls feature. This update allows users to: - View and manage risks and tasks directly within any framework control - Link or unlink items with two-way visibility across the platform - Maintain traceability for better audit readiness and gap remediation - Use a consistent interface across organizational and framework controls This enhancement improves oversight and streamlines your GRC workflows. Learn more at:" [YouTube Link](https://youtube.com/watch?v=UPR71Tl-Z80) 2025-08-11T19:26Z 15.1K followers, [---] engagements "Attack Surface Management (ASM) Part 1: Getting Started With Enterprise ASM Every organization has an external attack surface but few have full visibility into it. In Part [--] of our Attack Surface Management (ASM) series the risk3sixty Armada team breaks down what it takes to stand up an enterprise-grade ASM program that continuously identifies and mitigates exposure across your digital footprint. Youll learn: - What ASM is and how it differs from traditional penetration testing - Key components of an enterprise ASM program from asset discovery to continuous monitoring - Common blind spots and" [YouTube Link](https://youtube.com/watch?v=Vp523FGE6dg) 2025-11-17T16:26Z 15.1K followers, [---] engagements "How Seriously Should GRC Teams Take AI In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=Wt1kTjEi9gY) 2025-10-21T18:41Z 15.1K followers, 50.6K engagements "Harmonizing & Scaling Compliance Part 3: Advancing Maturity and Continuous Improvement In the final installment of the Scaling Compliance series Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) discuss how to take your compliance program beyond the basics and drive continuous improvement. This session is designed for teams who have already harmonized frameworks and want to strengthen long-term resilience. Youll learn: - How to advance from reactive compliance to proactive data-driven program management - The role of KPIs" [YouTube Link](https://youtube.com/watch?v=XYbfksYQpho) 2025-10-29T16:39Z 15.1K followers, [--] engagements "Annex 6: AI Systems Lifecycle of ISO [-----] In this video learn about Annex A.6 AI Systems Lifecycle of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 Learn more about ISO [-----] with our online course: https://risk3sixty.com/landing/iso-42001-course This video covers the following: A.6.1 Management guidance for AI system development Objective: To ensure that the organization identifies and documents objectives and implements processes for the responsible design and" [YouTube Link](https://youtube.com/watch?v=dHxPcYrnIAY) 2024-07-25T15:59Z 14.1K followers, [---] engagements "Harmonizing & Scaling Compliance Part 1: Establishing the Foundation for Streamlined Controls Welcome to Part [--] of our Scaling Compliance series: Establishing the Foundation for Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) explain why compliance leaders should prioritize scaling and streamlining control sets before growth and complexity take over. Youll learn: - Why managing multiple frameworks in Excel or SharePoint quickly becomes unmanageable - How client sector and regulatory" [YouTube Link](https://youtube.com/watch?v=intQlxByNtg) 2025-10-29T16:39Z 15.1K followers, [--] engagements "ISO [-----] Course - Internal Audit Requirement ISO [-----] clause [---] requires that companies performs internal audits as part of program monitoring. In this section we will cover what an internal audit looks like why it is required and how companies practically implement an internal audit program to meet the ISO [-----] requirement" [YouTube Link](https://youtube.com/watch?v=jXZPeFornjU) 2024-11-09T14:34Z 14K followers, [----] engagements "Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty" [YouTube Link](https://youtube.com/watch?v=mEr8FE507QU) 2025-10-21T14:20Z 15.1K followers, [--] engagements "ISO [-----] Course Introduction Welcome to the first ever ISO [-----] training course from risk3sixty. In it we want to give you everything you need to get certified. In this lesson we will give you a preview of what to expect in this course on Artificial Intelligence system management" [YouTube Link](https://youtube.com/watch?v=nX4Vy1Y4lEk) 2024-11-09T14:32Z 14.1K followers, [----] engagements "Cybersecurity Exec Brief: DeepSeek Hacked in Multiple Ways Medical Device Backdoor Discovered 🔹 DeepSeek Gets Owned Multiple Ways Wiz Research recently identified a significant security lapse in DeepSeek a Chinese AI startup renowned for its DeepSeek-R1 reasoning model. A publicly accessible ClickHouse database was found exposed containing over a million log entries with sensitive information such as chat histories API keys and backend details. This vulnerability allowed unauthorized users full control over database operations posing substantial risks to both DeepSeek and its users. Upon" [YouTube Link](https://youtube.com/watch?v=oMU-BTjKHFU) 2025-02-05T21:39Z 11.2K followers, [---] engagements "Cyber War Breaches and Human Emotion (w/ Raj Samani) We are seeing the highest volume of cyber attacks we have ever seen. Raj has briefed heads of state CEOs and politicians on cybersecurity. During his time a chief scientist at McAfee he was responsible for understanding the thread landscape researching emerging threats and perhaps most importantly mastering the human side of cybersecurity emotion self-interests fear and geo-politics. In this episode of Tuesday Morning Grind Raj and Christian discuss the current state of cybersecurity emerging trends and the human side of cybersecurity." [YouTube Link](https://youtube.com/watch?v=sXcPsW6mI5s) 2022-02-15T11:00Z 13.8K followers, [---] engagements "GRC Agentic AI Roadmap: Security & Governance Considerations for Your Agentic AI Program (Part 4) As AI systems evolve from simple automation to agentic decision-making strong governance and security become non-negotiable. In Part [--] of our GRC Agentic AI Roadmap series the experts at risk3sixty break down how to establish the right guardrails controls and monitoring to ensure your Agentic AI program remains secure compliant and aligned with organizational risk appetite. Youll learn: - How to align AI initiatives with ISO [-----] and emerging governance frameworks - Security best practices to" [YouTube Link](https://youtube.com/watch?v=t5bRCn0Wd0E) 2025-11-17T16:13Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: CVE Database in Jeopardy China Admits to Hacking Hertz Suffers Breach MITREs funding to operate the CVE Program and the CWE Program is set to officially expire. The CVE database is a critical backbone for vulnerability management threat research and global cyber defense efforts. MITRE has confirmed that the expiration is real and stems from a contract managed through the DHS typically renewed each April. With no immediate renewal in place the future of the CVE program is uncertain. Whats next For now historical CVE records will remain available via GitHub. But this" [YouTube Link](https://youtube.com/watch?v=wmWALooruQc) 2025-04-16T14:20Z 13.9K followers, [---] engagements "ISO [-----] [----] Updates: Everything You Need to Get Certified (Part 1) In this video we discuss the ISO [-----] [----] updates you need to know and the implications they have for organizations seeking to attain or maintain certification. Agenda: 00:00 Intro 03:19 What is ISO [-----] What is changing in [----] 08:04 ISMS [----] vs. [----] 15:14 What are the changes - ISO 27002:2022 18:47 ISO 27002:2022 Annex A 30:40 Implications for Customers 36:24 What is a Transition Audit 42:11 Next Steps 46:00 Q&A Sign Up for Phalanx GRC here: phalanxgrc.com" [YouTube Link](https://youtube.com/watch?v=yxafWFriPaw) 2023-01-23T19:06Z 12.9K followers, 13K engagements "Simplify Multi-Framework Compliance (ISO SOC PCI) with fullCircle GRC Management Platform : https://risk3sixty.com/fullcircle-grc : https://risk3sixty.com/contact Our Controls module integrates ISO [-----] SOC [--] and PCI DSS requirements into one streamlined strategy reducing redundancies and saving time. Expert security compliance professionals ensure seamless alignment and efficient documentation management centralizing audit evidence to minimize confusion and redundant requests. Discover the power of real-time dashboarding for instant compliance status visibility across frameworks. Make" [YouTube Link](https://youtube.com/watch?v=-9eWOHjNJaY) 2024-07-15T18:25Z 12.6K followers, [---] engagements "ISO 27001: A Simple Intro to ISO [-----] for Companies Getting Certified for the First Time In this video you will learn about ISO [-----] from Sawyer Miller the ISO leader at risk3sixty. Sawyer has worked with companies of all sizes to implement ISO [-----] into their business. ISO [-----] is the only auditable international standard that defines the requirements of an ISMS (information security management system). An ISMS is a set of policies procedures processes and systems that manage information security risks such as cyber-attacks hacks data leaks or theft. In this video you'll obtain the" [YouTube Link](https://youtube.com/watch?v=-oqciOCBG-I) 2022-08-09T19:11Z 10.1K followers, 43.2K engagements "Cybersecurity Exec Brief: KeePass Deploys Cobalt Strike Infostealers Ransomware Crew Chats Leaked Search the internal chats of Blackbasta here: https://bastachats.armada-ops.com Fake KeePass Password Manager Leads to ESXi Ransomware Attack Cybercriminals have been distributing trojanized versions of the KeePass password manager for at least eight months aiming to infiltrate enterprise networks. These malicious versions install Cobalt Strike beacons steal credentials and ultimately deploy ransomware on compromised systems. The attackers target VMware ESXi servers exploiting their" [YouTube Link](https://youtube.com/watch?v=0xvOgCcM0Y8) 2025-05-21T18:14Z 12.3K followers, [--] engagements "Cybersecurity News: AWS S3 Buckets Denial of Wallet Lockbit Leader New VPN Issues Join Cory in today's quick Weekly Cybersecurity Executive Brief as he updates on the AWS S3 Buckets Denial of Wallet the Lockbit leader identity released by UK and US authorities new issue found in virtually all VPNs and more. FREE Template: Penetration Testing ROI Calculator https://risk3sixty.com/whitepaper/penetration-testing-roi-calculator Week of April [--] Ransomware Stats: https://www.linkedin.com/feed/update/urn:li:activity:7193227620132495362/ 00:00 Introduction 00:28 AWS Denial S3 Bucket 02:11 Ransomware" [YouTube Link](https://youtube.com/watch?v=2l-U3GlmXAY) 2024-05-09T13:00Z 12.4K followers, [--] engagements "Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty" [YouTube Link](https://youtube.com/watch?v=5fe_xz6V3GI) 2025-08-27T19:45Z 15.1K followers, [---] engagements "New in fullCircle GRC: Evidence Object Scoping in Controls Module Get more precision and filtering power in fullCircle GRC with the new Evidence Object Scoping feature. This update allows users to: - Add and manage scopes directly on evidence objects - Mirror familiar scoping functionality used in controls - Automatically apply scopes to existing linked evidence - Filter dashboards and reports by evidence scope This enhancement improves reporting accuracy and streamlines evidence tracking across your GRC program. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #Compliance" [YouTube Link](https://youtube.com/watch?v=6JAT-0O-NHo) 2025-08-11T19:24Z 15.1K followers, [--] engagements "Cybersecurity Brief: [--] Critical Vulnerabilities in Palo Alto Firewalls T-Mobile Breached with AI How Red Teaming Could Have Prevented these incidents: https://www.youtube.com/watchv=ZuUzonE2uT0 Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 [--] Critical Vulnerabilities in Palo Alto Firewalls Palo Alto Networks (PAN) issued a security advisory highlighting a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2024-0012 CVSS 9.3) actively exploited in its" [YouTube Link](https://youtube.com/watch?v=8A4LbXE44BQ) 2024-11-21T15:15Z 12.2K followers, [---] engagements "EU AI Act: Everything You Need to Be Compliant FREE EU AI Act Compliance Pack: https://risk3sixty.com/whitepaper/eu-ai-act Join us as we break down the EU AI Act and what it means for your business. In this webinar experts Christian Hyatt and Phil Brudney from risk3sixty provide an overview of the regulation its structure and key compliance requirements. Learn practical steps to integrate the EU AI Act into your existing compliance program prove compliance and leverage free resources like marked-up notes and executive summaries to navigate the regulation with ease. 00:00 Introduction 01:36 EU" [YouTube Link](https://youtube.com/watch?v=987r7SFMMdY) 2024-12-04T17:12Z 12.1K followers, [----] engagements "HITRUST i1 vs SOC [--] : What's the Difference between SOC [--] and HITRUST HITRUST i1 or SOC2 (or both) Which makes the most sense for your business This video will give you everything you need to know to help you decide. The business drivers for obtaining a SOC [--] report or a HITRUST i1 certification may be similar. Still important distinctions between the two should be considered to make the best possible decision. Agenda: 00:00 Intro 01:00 Overview and comparison of the HITRUST and SOC [--] 14:11 HITRUST i1 Readiness and Assessment Process 18:59 HITRUST i1 Typical Timeline 22:52 SOC [--] Readiness and" [YouTube Link](https://youtube.com/watch?v=9qHXcM3pXWY) 2023-01-30T18:00Z 13.2K followers, [----] engagements "SOC 2: How to Get Ready for a SOC [--] Audit In this video we cover Everything You Need to Get Ready for a SOC [--] Audit: 00:00 Intro 01:18 Before the audit 06:49 During the audit 13:21 After the audit For more information please download our free whitepaper: Simple Guide to SOC for Cybersecurity - https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/" [YouTube Link](https://youtube.com/watch?v=CS5WuwrxILs) 2022-09-09T13:05Z 12.7K followers, [----] engagements "Cybersecurity Exec Brief: M365 Exploit NK Fraud Scattered Spider Resurfaces Microsoft [---] Direct Send Exploited in Phishing Campaigns Attackers are abusing Microsoft 365s Direct Send feature to send spoofed internal emailsbypassing filters and tricking users with fake voicemail alerts and QR code phishing links. The technique relies on smart-host addresses and unauthenticated PowerShell commands to deliver payloads that appear trusted. Admins should disable Direct Send enforce hard-fail SPF/DMARC and educate users on quishing. More reading:" [YouTube Link](https://youtube.com/watch?v=ChvDdWiK0v0) 2025-07-02T15:07Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: DOJ Nabs Snowflake Hacker FTC Demands GoDaddy Boost InfoSec Practices Register for the upcoming [----] Cybersecurity Year in Review: https://hubs.ly/Q032ZPH50 DOJ Arrests Hacker Behind Snowflake Breaches U.S. prosecutors have formally connected the arrest of U.S. Army communications specialist Cameron John Wagenius to last years massive theft of phone records from AT&T and Verizon stemming from cyberattacks on cloud computing provider Snowflake. Wagenius arrested in Texas on December [--] faces charges of unlawfully transferring confidential phone records and is linked" [YouTube Link](https://youtube.com/watch?v=FbS43JNRq3E) 2025-01-22T18:42Z 11.1K followers, [--] engagements "Cybersecurity & Compliance: How RxLink Navigated SOC [--] with risk3sixty Joseph Jackson co-founder of RxLink and serial entrepreneur shares how his team tackled compliance challenges with the help of risk3sixty while selling into Fortune [--] healthcare companies. He talks about how risk3sixty helped them choose SOC [--] and build a right-sized program during a tight six-month audit timeline. In this conversation Joe explains how compliance with the right partner can support growth instead of slowing it down why cultural buy-in matters more than checkboxes and what companies need to know when" [YouTube Link](https://youtube.com/watch?v=FimmosFyrhc) 2025-06-30T14:49Z 15.1K followers, [---] engagements "Cybersecurity Brief: Microsoft Patches 3rd Update Vulnerability in a Month Malvertising Hits Lowes Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Zero Day in Windows Update Microsoft issued an urgent warning about active exploitation of a critical vulnerability in Windows Update identified as CVE-2024-43491 which allows attackers to roll back security fixes on certain versions of Windows. The flaw rated with a CVSS score of 9.8/10 impacts Windows [--] version [----] and has" [YouTube Link](https://youtube.com/watch?v=Fjn9XoxkhX8) 2024-09-17T20:10Z 10K followers, [---] engagements "How Fullstory Scaled Compliance Across [--] Frameworks (ISO SOC PCI & Others) with fullCircle What does it take to operationalize compliance across ISO [-----] SOC [--] PCI and morewhile keeping security a business enabler Fullstorys Head of Security GRC Anne Turner shares how they built a harmonized compliance program leveraged risk3sixtys fullCircle platform and positioned security as a competitive advantage. Key Successes: - Achieved ISO [-----] certification for AI governance - Managed [--] compliance frameworks in one harmonized workstream - Enabled proactive risk management and a strong security" [YouTube Link](https://youtube.com/watch?v=Gnb8RNP5Zms) 2025-02-12T19:15Z 12K followers, [---] engagements "Master Healthcare Compliance: Save 1000s of Hours by Harmonizing HITRUST SOC [--] ISO [-----] & More Download our Single Framework Strategy whitepaper to learn how multi-framework harmonization works: https://risk3sixty.com/whitepaper/single-framework-for-multiple-certifications Learn how Cloud Service Group and Platform.sh saved big on resources through multi-framework harmonization: http://risk3sixty.com/resources#casestudies Get in touch. We'd love to learn more about your cybersecurity needs: https://risk3sixty.com/contact Is your healthcare organization struggling to keep up with the heavy" [YouTube Link](https://youtube.com/watch?v=Hpigogx9ETY) 2024-10-22T21:14Z 13.5K followers, [---] engagements "Inside Infostealers: Evasion Exploitation and Lessons from Change Healthcare and Snowflake Infostealers have become one of the fastest-growing threats in cybersecurity fueling major breaches and enabling attackers to quietly steal credentials financial data and sensitive IP. In this technical session Cory Wolff (Director of Offensive Security) and Nick Swink (Senior Security Consultant) from risk3sixty break down the full lifecycle of infostealers including: - What infostealers are and how attackers use them - Delivery methods like malvertising and Telegram-based C2 - Technical deep dive into" [YouTube Link](https://youtube.com/watch?v=IGqfLaHLuvk) 2025-08-26T19:02Z 15.1K followers, [---] engagements "Cybersecurity Brief: Coalition for Secure AI and AMD Chips Vulnerable to SMM Bypass Learn more about how we can help your business prevent attacks like this https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator: https://hubs.ly/Q02wBB5d0 The Coalition for Secure AI (CoSAI) is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. Learn more here: https://www.coalitionforsecureai.org/ 0.0.0.0 Day A newly discovered critical vulnerability dubbed" [YouTube Link](https://youtube.com/watch?v=LSgFV3io3CE) 2024-08-14T15:26Z 11.4K followers, [---] engagements "Armada Ransomware Series: How Much Money Do Ransomware Crews Make Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends How much do ransomware crews make The answer is.a lot. See a detailed breakdown of a Profit and Loss (P&L) sheet for a real ransomware crew. [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense: https://youtu.be/wW2jDHvevtg [--]. Double Extortion: When One Ransomware Attack Isn't Enough: https://youtu.be/nDeSG7Q4g_Q [--]. Interesting Finds From Leaked Ransomware Crew Chat Logs:" [YouTube Link](https://youtube.com/watch?v=NF1Wjk_pLlA) 2025-05-19T14:17Z 12.3K followers, [--] engagements "ISO 27701: Everything you need to prepare for ISO [-----] certification In this webinar we discuss everything you need to prepare for an ISO [-----] certification including the link between ISO [-----] and ISO [-----]. We also discuss the implementation and certification process. Download our ISO [-----] whitepaper: https://risk3sixty.com/iso-27701-path-to-privacy-part-2/ #ISO27001 #ISO27701 #Privacy #Security 0:00 Introduction 1:32 Where We're Going 2:16 ISO [-----] Background 5:32 ISO [-----] Structure 10:40 PIMS: Clause [--] 15:30 ISO [-----] Implementation 21:58 ISO [-----] Certification Process 25:25 Typical" [YouTube Link](https://youtube.com/watch?v=OInOVF3k_uI) 2020-06-12T13:40Z 12.6K followers, [----] engagements "Introducing fullCircle AI: In-Platform Compliance & Security Assistance Meet fullCircle AI your always on assistant for security and compliance. Now built directly into the fullCircle platform this AI-powered tool helps you: - Get instant answers to compliance and security questions - Draft summarize and clarify information without leaving your session - Receive responses tailored specifically to cybersecurity and compliance contexts Example uses: Risk management guidance Security awareness training best practices and lots more Whether youre preparing for an audit or managing daily compliance" [YouTube Link](https://youtube.com/watch?v=QVnT2UyZlTg) 2025-08-11T17:29Z 15.1K followers, [---] engagements "Executive Cybersecurity Brief: Change Healthcare Incident Costs $700M New Novel Phishing Lure How Red Teaming Could Have Prevented the Change Healthcare incident: https://www.youtube.com/watchv=ZuUzonE2uT0 Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Satya Nadella Acknowledges Cybersecurity Issues by Asking for a Pay Cut In a rare move Microsoft CEO Satya Nadella requested a 50% cut to his own incentive payout citing accountability for recent cybersecurity lapses" [YouTube Link](https://youtube.com/watch?v=R49zRPinhas) 2024-10-30T15:18Z 13.5K followers, [---] engagements "Cybersecurity Exec Brief: Malware Uses GPU Autonomous Robot Takeover Oracle Health Data Breach Malware Uses GPU for Payload Processing Zscaler ThreatLabz has identified a sophisticated malware family named CoffeeLoader first observed around September [----]. Designed to download and execute second-stage payloads while evading detection CoffeeLoader employs advanced techniques such as GPU-based code execution call stack spoofing sleep obfuscation and the use of Windows fibers. Notably it utilizes a specialized packer called Armoury which executes code on a system's GPU to complicate analysis in" [YouTube Link](https://youtube.com/watch?v=SCUpeWkcWSY) 2025-04-02T14:22Z 11.9K followers, [--] engagements "Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending" [YouTube Link](https://youtube.com/watch?v=SZszMo17hZo) 2025-07-16T19:40Z 12.5K followers, [--] engagements "Cybersecurity Exec Brief: Lazarus Group Nabs $1.5B Ransomware Crew Exposed AUS Blocks Kaspersky ➡ Unprecedented Crypto Heist Targets Bybit Exchange In a record-breaking cyberattack cryptocurrency exchange Bybit suffered a loss exceeding $1.5 billion in Ethereum assets. The sophisticated breach involved manipulation of a routine transfer from a cold wallet to a warm wallet allowing attackers to reroute funds to an unknown address. Blockchain analysis firms have attributed this heist to the notorious Lazarus Group a North Korean state-sponsored hacking collective. Bybit has assured users that" [YouTube Link](https://youtube.com/watch?v=U4h_98UtnJI) 2025-02-26T20:30Z 11.4K followers, [---] engagements "Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending" [YouTube Link](https://youtube.com/watch?v=W0dlK1vTXBM) 2025-07-17T14:25Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: Critical M365 Copilot Issue GCP Breaks Internet Possible T-Mobile Breach EchoLeak vulnerability in Microsoft [---] Copilot Cybersecurity research firm Aim Labs has disclosed EchoLeak a critical zeroclick vulnerability (CVE202532711) in Microsoft [---] Copilot a generative AI assistant powered by RetrievalAugmented Generation (RAG). The flaw exploits promptinjection and LLMscope violationsattackers can send an innocuous email that triggers Copilot to silently exfiltrate confidential organizational data without any user action. Although Aim Labs reports no known customer" [YouTube Link](https://youtube.com/watch?v=W9yWtXXPJ6Y) 2025-06-18T14:14Z 15.1K followers, [---] engagements "Armada Ransomware Series: Interesting Finds From Leaked Ransomware Crew Chat Logs Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Learn what ransomware crews talk about in private based on recently leaked chat logs. Discussion points include: - Where their offices are based (yes offices like a business) - How they use ChatGPT for phishing attempts - Possible connections to corrupt government officials See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective" [YouTube Link](https://youtube.com/watch?v=Y96UkfSTDi4) 2025-05-19T14:17Z 12.3K followers, [--] engagements "CPRA: A Simple Intro to California Privacy Rights Act (CPRA) for Companies Trying to Comply In this webinar we will discuss the California Privacy Rights Act which takes effect on January [--] [----]. Specifically we will talk through where it came from who it applies to and how to begin your compliance journey: First we will talk about the Background What is the CPRA Who needs to comply Who is exempt Second we will talk about key compliance requirements Items such as disclosures data subject rights vendor contracts Third we will talk about immediate steps to get ready for CPRA Privacy notice" [YouTube Link](https://youtube.com/watch?v=aPHanDaRHp4) 2022-11-21T21:37Z 11.1K followers, [----] engagements "Cybersecurity Exec Brief: China Bad Actors Target the Top Supply Chain Attack Hits gluestack Download our [----] Cybersecurity Trends report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends China Nexus Threat Actors Hammer at the Doors of Top-Tier Targets A fresh report from SentinelLabs reveals a sharp escalation in cyber-espionage operations attributed to Chinese state-linked actors. Two threat groups including the known BackdoorDiplomacy and an as-yet unnamed cluster wielding a novel backdoor dubbed TAMECAT have launched targeted attacks against top-tier organizations in" [YouTube Link](https://youtube.com/watch?v=bX_ZmkTT4Q8) 2025-06-11T15:27Z 12.4K followers, [--] engagements "California Privacy Rights Act (CPRA): Top [--] Tips for CPR Compliance IAPP Privacy Fellow Philip Brudney speaks with Christian Hyatt about the most critical elements of California's Privacy Rights Act CPRA compliance and how organizations can best prepare for the coming requirements. #cybersecurity #privacy #CPRA #risk3sixty" [YouTube Link](https://youtube.com/watch?v=bqC8kSSSV-A) 2020-11-06T16:39Z 11K followers, [----] engagements "ISO [-----] Explained: A.5.1 Information Security Policy This video covers ISO [-----] Control Object A.5.1 Information Security Policy and the controls within. About this Series: The "ISO [-----] Explained" Series is a free learning series to help individual understand the ISO [-----] framework the controls and implementation guidance as well as typical audit evidence required during a certification audit. About risk3sixty: About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high growth technology organizations build manage and assess security and privacy" [YouTube Link](https://youtube.com/watch?v=dFflYfZ5Llw) 2021-04-23T16:48Z 11.4K followers, [----] engagements "Armada Ransomware Series: Insider Details and Stats on How Ransomware Crews Operate Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Get an insider look (with numbers) at how ransomware crews operate including how: - Easy it is to start - Much has been paid out in ransomware demands - Ransomware crews operate like a business See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense: https://youtu.be/wW2jDHvevtg [--]. Double Extortion: When One" [YouTube Link](https://youtube.com/watch?v=eIPagYRDJOA) 2025-05-19T14:17Z 12.3K followers, [--] engagements "Cybersecurity Exec Brief: DeepSeek Hacked Google Revamps Chrome Store Russian Hackers Strike Again Exec Brief: DeepSeek suffers malicious cyber attack Google Launches Chrome Web Store Russian Hackers use Social Engineering for Initial Access 👉 Stay ahead of the latest cybersecurity threatsRegister for our [----] Cybersecurity Year in Review webinar: 🔗 https://hubs.ly/Q032ZPH50 🔹 Chinese AI App Under Attack DeepSeek the AI chatbot that recently overtook ChatGPT as the top free app on Apple's App Store has been hit with a massive cyberattack. While existing users remain unaffected this raises" [YouTube Link](https://youtube.com/watch?v=eOoDilrh3jE) 2025-01-29T17:27Z 12.3K followers, [---] engagements "Cybersecurity Exec Brief: Biden Blocks China Telecom Amazon Rejects M365 EPA Warns on Water HMIs Learn how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Biden Administration Moves to Block China Telecom Over National Security Threats In response to Chinas extensive hacking of U.S. telecommunications firms the Biden administration has initiated its first retaliatory measure by targeting the operations of China Telecom Americas a U.S. subsidiary of one of Chinas largest telecom firms. The" [YouTube Link](https://youtube.com/watch?v=edJ3kprEq-U) 2024-12-20T17:12Z 11K followers, [---] engagements "Cybersecurity Exec Brief: SharePoint Under Active Exploitation & Replit AI Gets a Mind of Its Own Critical SharePoint Vulnerabilities Under Active Exploitation Organizations running on-premises SharePointespecially [----] [----] and Subscription Editionneed to patch immediately. Threat actors are actively exploiting a deserialization vulnerability initially disclosed during Pwn2Own and later reverse engineered after Microsofts July Patch Tuesday updates. GreyNoise reports dozens of suspicious IPs scanning and attacking vulnerable instances with activity targeting the U.S. U.K. Germany and Spain." [YouTube Link](https://youtube.com/watch?v=g7VPw5cHA2w) 2025-07-23T18:56Z 15.1K followers, [---] engagements "Introducing fullCircle's Insight Capable AI Chat Meet the future of compliance management. With fullCircles Insight Capable AI Chat you can ask complex questions about your program and get instant intelligent answers. Unlike generic AI fullCircles chat knows the ins and outs of your program your controls and your risks. That means faster answers smarter insights and compliance that actually works better. Learn more about fullCircle: https://risk3sixty.com/fullcircle-grc #GRC #AI #Compliance #Cybersecurity #Governance" [YouTube Link](https://youtube.com/watch?v=gr-p-4mKE4g) 2025-10-13T16:46Z 15.1K followers, [---] engagements "How Much Does SOC [--] Cost (Example Business Case Review) Competitive Advantages of Obtaining a SOC [--] Report Why do companies choose to obtain a SOC [--] Report In this video we explore how those seeking to streamline their sales process and reduce barriers to doing business can leverage a SOC [--] report to communicate their security program to the market. Overview: 00:00 Intro 01:02 Introduction to SOC [--] 06:23 Market Drivers 09:28 The Business Case for SOC [--] 21:36 Communicating with the Executive Team 25:02 Maximizing your ROI 27:38 Other Considerations 29:41 Additional Resources 30:54 Q&A Download" [YouTube Link](https://youtube.com/watch?v=hxlnus_zdoY) 2023-03-15T18:47Z 13.6K followers, [----] engagements "Cybersecurity Exec Brief: Ethereum Dev Compromised ChatGPT-5 Jailbroken Threat Groups Unite Ethereum Developer Compromised via Malicious VS Code Extension An Ethereum developer was recently compromised after installing a third-party extensioncontractshark/solidity-langin Cursor a modified version of Visual Studio Code. The extension silently exfiltrated environment variables (.env file) exposing sensitive API keys and wallet credentials. The attack led to a wallet drain within days. With over [-----] downloads the malicious extension represents a successful supply chain attack. Fortunately the" [YouTube Link](https://youtube.com/watch?v=iE4kzc-G9m4) 2025-08-13T18:54Z 15.1K followers, [--] engagements "The GRC Agentic AI Roadmap: Real-World Use Cases for Agentic AI in Your GRC Program (Part 2) Agentic AI isnt just hype its already transforming how GRC teams operate. In Part [--] of our four-part series we go beyond strategy and theory to show you real-world Agentic AI use cases being implemented inside complex GRC programs today. What Youll Learn in This Session: - How GRC leaders are applying Agentic AI across frameworks like SOC [--] ISO [-----] and PCI - A walkthrough of the GRC AI Maturity Model and where most teams are starting - Live demos of the Evidence Processing Agent and Control Testing" [YouTube Link](https://youtube.com/watch?v=jBdg8Fondpw) 2025-09-24T02:31Z 15.1K followers, [---] engagements "Armada Ransomware Series: How Do Ransomware Crews Attack Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends How do ransomware crews attack Initial access known tactics techniques and procedures (TTPs) include: - Social engineering: For remote access or credentials - Credential stuffing: From stealer logs or purchased - Public-facing vulnerabilities: CVEs custom research purchased [--] days See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense:" [YouTube Link](https://youtube.com/watch?v=jNK2XrmTOLE) 2025-05-19T14:17Z 12.3K followers, [--] engagements "New in fullCircle GRC: Control-Specific Findings Management Gain real-time visibility into control health with fullCircle GRCs new Control-Specific Findings Management feature. This update allows users to: - View all findings tied directly to a control - Quickly add or link issues for streamlined audits - Prioritize and track findings by severity and due date - Strengthen your overall security and compliance posture Whether you're preparing for an audit or improving your control monitoring workflows this feature gives you the transparency and efficiency your GRC program needs. Learn more at:" [YouTube Link](https://youtube.com/watch?v=jnfxEkI7PdA) 2025-08-11T19:27Z 15.1K followers, [---] engagements "#51: How to Use Compliance to Manage Security Risks (w/ John Bordwine) John Bordwine AVP Product & Cloud Compliance at Hyland shares his insight on leveraging security compliance to manage risk. John Bordwine is the AVP Product & Cloud Compliance at Hyland. Prior to Hyland John held leadership positions at Citrix and Symantec. In this episode of Tuesday Morning Grind John and Christian discuss how building a security compliance program isnt about check the box activities its about helping the organization manage risk. John shares his insight on building teams navigating compliance programs" [YouTube Link](https://youtube.com/watch?v=k0PPygxy7xQ) 2021-11-30T11:00Z 11.5K followers, [---] engagements "Cybersecurity Exec Brief: Backdoor in Programmable Chips Akira Ransomware $1.5B Bybit Theft Get the [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Possible Backdoor Found in Millions of Programmable Chips Researchers from Tarlogic Security have uncovered undocumented commands within Espressif's widely-used ESP32 microcontroller which facilitates Wi-Fi and Bluetooth connectivity in over a billion IoT devices. These hidden commands could enable attackers to spoof trusted devices gain unauthorized data access infiltrate other networked devices and" [YouTube Link](https://youtube.com/watch?v=kQj30hWiOtw) 2025-03-12T14:09Z 11.4K followers, [---] engagements "AI Security Concepts: Building vs. Using Pre-Trained AI Models in Cybersecurity In Episode [--] of the A.I. & Cybersecurity Series we dive into simplified deployment phase of AI models. Discover the pros and cons of training a model from scratch versus using pre-trained models like ChatGPT Llama and BERT and the resource impact of each choice. While these models are powerful theyre hosted on traditional software infrastructures like JavaScript and APIs which leaves them vulnerable to common software attacks. https://risk3sixty.com/offensive-security-team" [YouTube Link](https://youtube.com/watch?v=lDBTuAImUg0) 2024-10-25T17:43Z 13.5K followers, [---] engagements "SOC 2: Everything You Need to Get a SOC [--] Report This webinar covers the basics of a SOC [--] report what to expect during a SOC [--] audit and why a SOC [--] report may make sense for your organization. #SOC2 #cybersecurity #Compliance Download our Free Whitepaper - The Business Case for a SOC [--] Report: https://risk3sixty.com/whitepaper/business-case-for-soc-2/ 0:00 Introduction 1:05 SOC [--] Background and History 5:05 SOC [--] Scoping 8:25 SOC [--] Readiness and Audit Process 12:50 Typical Readiness and Audit Timeline 16:25 Typical Effort Breakdown by Resource 18:35 SOC [--] Tips and Commonly Asked Questions" [YouTube Link](https://youtube.com/watch?v=lZ3YWsmTvT4) 2020-06-19T16:35Z 13.6K followers, 42.7K engagements "Armada Ransomware Series: Double Extortion - When One Ransomware Attack Isn't Enough Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends You think one ransomware attack is bad Imagine getting hit again once you've met the initial ransomware demands. Ransomware crews are known for executing double extortion attempts and this video provides a glimpse on how they pull it off. See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense:" [YouTube Link](https://youtube.com/watch?v=nDeSG7Q4g_Q) 2025-05-19T14:17Z 12.3K followers, [--] engagements "Cybersecurity Executive Brief: Microsoft mandatory MFA for Azure National Public Data breach Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Microsoft has announced that Multi-Factor Authentication (MFA) will become mandatory for all users of Azure. This move aims to bolster security by reducing the risks associated with password-only logins which are vulnerable to password spraying and other attacks. The mandatory MFA rollout will begin in September [----] with Microsoft" [YouTube Link](https://youtube.com/watch?v=nplwLdkQIto) 2024-08-21T14:26Z 10K followers, [---] engagements "Privacy Shield was Invalidated - Now What In this video we will discuss the recent Privacy Shield invalidation and the relevant implications for companies. #privacy #PrivacyShield #Security" [YouTube Link](https://youtube.com/watch?v=oWkOcWwHxog) 2020-07-29T23:29Z 12.3K followers, [---] engagements "Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our" [YouTube Link](https://youtube.com/watch?v=op5z58LAcZs) 2025-10-15T19:05Z 15.1K followers, [---] engagements "PCI DSS: How to Maintain Your PCI DSS Program Between Audits Please join risk3sixty for part [--] of our PCI DSS webinar series. So far we've discussed what you should do to ensure you get certified successfully. Now we'll dive into how you can effectively maintain your PCI program after certification is achieved Discover: 00:00 Intro 02:26 Why Organizations fall out of compliance 08:49 Maintaining Compliance 14:01 Best Practices for maintaining PCI compliance 37:21 Accelerator" [YouTube Link](https://youtube.com/watch?v=oz7J8_InLX0) 2022-10-20T14:07Z 11.8K followers, [----] engagements "Why MapLarge Chose Attack Surface Management With risk3sixty In this client conversation Cory Wolff Director of Offensive Security at risk3sixty sits down with Marvell Summerow Senior Security Program Manager at MapLarge to talk about Attack Surface Management (ASM). They cover: Why ASM uncovers risks traditional penetration tests miss How monthly ASM reports provide visibility into hidden assets and exposures The positive surprises MapLarge discovered early in their ASM journey The value of 24/7 monitoring compared to annual point-in-time tests Hear how MapLarge uses ASM as a critical layer" [YouTube Link](https://youtube.com/watch?v=pDoPH65kdjI) 2025-09-04T19:33Z 15.1K followers, [--] engagements "Stop Managing Controls Risk Registers and Security Gaps In Excel - Phalanx GRC Walkthrough Managing your GRC Program in Excel creates a lot of extra work for your team. Phalanx gets you out of tedious spreadsheets to make your team more resilient and efficient. Join risk3sixty CEO & Co-founder Christian Hyatt as he explores how Phalanx can help you take your GRC program to the next level. Agenda: 00:00 Intro 07:07 Roles & Responsibilities 10:35 Standard Operating Procedures 13:27 Technology (Get Out of Excel) 44:01 The Outcome 46:12 Q&A Download the Security Team Operating System here:" [YouTube Link](https://youtube.com/watch?v=sRP98Su-SNs) 2023-01-09T22:22Z 11.9K followers, [----] engagements "SOC [--] Explained - Series Introduction The "SOC [--] Explained" Series is a free learning series to help individuals understand the SOC [--] framework the controls and implementation guidance and the typical audit evidence required during a certification audit. Download our free Simple Guide to SOC for Cybersecurity here: https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/ About risk3sixty: About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high growth technology organizations build manage and assess security and privacy programs." [YouTube Link](https://youtube.com/watch?v=t-nbdbJRA5E) 2021-08-19T20:27Z 13.6K followers, [----] engagements "Cybersecurity Exec Brief: Pentagon Stops Russian Offensive Ops 284M Accounts Stolen Cisco Targeted Learn more about Armada: https://risk3sixty.com/armada 📗 Defense Secretary Pete Hegseth has halted U.S. Cyber Command's offensive cyber operations against Russia to improve Kremlin relations and push for peace in Ukraine. The move confirmed Monday does not affect other agencies like the CIA or CISA. Coming ahead of Trumps meeting with Zelenskyy it raises concerns about national security. Critics fear it emboldens Russian cyber threats while supporters see a chance for diplomacy highlighting the" [YouTube Link](https://youtube.com/watch?v=uHqRJ_RISBM) 2025-03-05T17:13Z 11.3K followers, [--] engagements "Cybersecurity Exec Brief: FBI Removes Chinese Malware Location Data Aggregator Breach Exposed Register for the [----] Cybersecurity Year in Review Webinar here: https://risk3sixty.com/webinars/2024-cybersecurity-year-review FBI Mass Deletes Chinese Malware from Thousands of US Computers U.S. authorities have successfully disrupted the operations of the Chinese state-backed hacking group "Twill Typhoon" (also known as "Mustang Panda") responsible for a years-long espionage campaign targeting millions of computers worldwide. In a court-authorized operation in August [----] U.S. law enforcement in" [YouTube Link](https://youtube.com/watch?v=upDzC_AsTus) 2025-01-17T19:46Z 11.1K followers, [---] engagements "New in fullCircle GRC: Homepage Dashboard Report Export Save time and deliver executive-ready insights with fullCircle GRCs Homepage Dashboard Report Export feature. This update allows users to: - Instantly generate a professional PDF from your real-time dashboard - Share key metrics charts and widgets with stakeholders - Improve data accuracy and reduce manual reporting efforts - Deliver clear updates to leadership auditors or board members Streamline compliance reporting and make informed decisions faster. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #ComplianceReporting" [YouTube Link](https://youtube.com/watch?v=wSr1erMhb0I) 2025-08-11T19:22Z 15.1K followers, [--] engagements "Cybersecurity Exec Brief: Google Acquires Wiz Rippling Sues Deel Medusa Ransomware Hits [---] Orgs Google Acquires Wiz In a historic move Google has agreed to acquire cloud security firm Wiz for $32 billion marking its largest acquisition to date. This development follows Wiz's previous decision to decline a $23 billion offer from Google opting instead to pursue an initial public offering. Wiz founded in [----] has rapidly become a leader in cloud security serving 40% of Fortune [---] companies. The acquisition aims to bolster Google's cloud security offerings while allowing Wiz to maintain its" [YouTube Link](https://youtube.com/watch?v=xJe9Riqt79g) 2025-03-19T18:44Z 11.4K followers, [---] engagements "2024 Cybersecurity Year in Review: Lessons Trends and What's Next The cybersecurity landscape is shiftingare you ready In this exclusive webinar risk3sixty uncovers critical lesser-known trends and threats that will define cybersecurity in [----]. If you're looking for insights beyond the usual industry buzz this is for you. What Youll Learn: ✅ Top [--] lesser-known trends re-shaping cybersecurity in [----] ✅ Industry-specific insights for healthcare finance tech government SaaS & more ✅ Can't-miss breach takeaways and brand-new attack methods emerging right now ✅ Specific and actionable strategies" [YouTube Link](https://youtube.com/watch?v=yy2WOttjew0) 2025-03-03T19:46Z 11.3K followers, [---] engagements "ISO 27701: Everything You Need to Get Certified for the ISO [-----] Privacy Framework ISO [-----] has quickly become a globally recognized mark of a company's commitment to its privacy program. Over the past [--] years risk3sixty has helped dozens of organizations prepare for and pass their ISO [-----] certification audits. Join us for this intro on everything you need to know. Overview: 00:00 Intro 00:30 What is ISO [-----] 04:19 The Business Case for ISO [-----] 08:51 The ISO Ecosystem 11:02 ISMS/PIMS 15:28 Annex A ISO [-----] 18:46 Annex B ISO [-----] 21:56 Processes and Timelines 30:57 Q&A For more" [YouTube Link](https://youtube.com/watch?v=zBj8yBhJy7M) 2023-02-09T19:56Z 13K followers, [----] engagements "A Practical Guide to CMMC Implementation and Certification (risk3sixty + Schellman) CMMC is here and certification requirements are starting to show up in DoD contracts. In this session hosted by risk3sixty (advisory) and Schellman (assessment) you will learn - The CMMC rollout timeline and what to expect through [----] - How the certification process works (including the 4-phase C3PAO assessment flow) - Why scoping CUI/FCI correctly is one of the biggest drivers of cost effort and audit success. The session wraps with a live panel Q&A covering common readiness pitfalls assessor availability" [YouTube Link](https://youtube.com/watch?v=tXZpKw_bRS8) 2026-01-29T17:24Z 15.1K followers, [--] engagements "Attack Surface Management (ASM) Part 2: Why Continuous ASM Beats Traditional Penetration Testing In Part [--] of our Attack Surface Management (ASM) Field Guide Series Cory Wolff breaks down the real differences between penetration testing and ASM and why point-in-time assessments alone cant keep up with todays threat landscape. Youll Learn - Why continuous always-on ASM matters as environments change daily (new assets new SaaS apps new exposures) - How modern breaches often start with stolen credentials and rapid vulnerability exploitation not just known assets on a scan list. - How ASM helps" [YouTube Link](https://youtube.com/watch?v=FW-W3kZdWw0) 2025-12-18T18:45Z 15.1K followers, [--] engagements "Introducing Framework Deployment for fullCircle Managing multiple compliance frameworks across a growing business can get messy fast. Duplicate controls endless spreadsheets and constant remapping are just some of the challenges GRC professionals face just to keep everything aligned. How do you solve this Introduce Framework Deployment in fullCircle: A smarter way to add and manage frameworks like ISO [-----] ISO [-----] CMMC PCI DSS and more without multiplying the workload. Built by the compliance experts at risk3sixty Framework Deployment gives you: - Pre-configured control libraries designed" [YouTube Link](https://youtube.com/watch?v=QsEgFpYKB90) 2025-12-15T19:17Z 15.1K followers, [--] engagements "CMMC Part 2: How to Add CMMC to an Existing SOC [--] or ISO [-----] Program In Part [--] of our CMMC webinar series risk3sixtys Christian White (President & Co-Founder) and Andrew Parks (Manager Advisory and Assurance) walk through how to layer CMMC onto an existing SOC [--] or ISO [-----] program without creating duplicate work bloated scope or audit fatigue. Learn how to use what youve already built to meet CMMC requirements where the frameworks overlap and where youll need to make net-new investments especially around scoping and technical rigor. What Youll Learn: - Why CMMC scope is narrower and more" [YouTube Link](https://youtube.com/watch?v=S1Lg-reFy-w) 2025-12-11T15:47Z 15.1K followers, [--] engagements "CMMC Series Part 1: Everything You Need to Get Certified (Levels 1-3 Scoping & Audit Process) The Cybersecurity Maturity Model Certification (CMMC) is now live and every organization in the DoD supply chain will need to comply. In this deep-dive session risk3sixty experts break down exactly what you need to know to prepare for CMMC Levels 1-3 scope your environment understand timelines and navigate the new phased rollout through [----]. Whether you're a prime contractor or a subcontractor this walkthrough will help you understand your requirements avoid common pitfalls and confidently prepare" [YouTube Link](https://youtube.com/watch?v=Keg3IN970dY) 2025-11-24T16:09Z 15.1K followers, [---] engagements "Attack Surface Management (ASM) Part 1: Getting Started With Enterprise ASM Every organization has an external attack surface but few have full visibility into it. In Part [--] of our Attack Surface Management (ASM) series the risk3sixty Armada team breaks down what it takes to stand up an enterprise-grade ASM program that continuously identifies and mitigates exposure across your digital footprint. Youll learn: - What ASM is and how it differs from traditional penetration testing - Key components of an enterprise ASM program from asset discovery to continuous monitoring - Common blind spots and" [YouTube Link](https://youtube.com/watch?v=Vp523FGE6dg) 2025-11-17T16:26Z 15.1K followers, [---] engagements "GRC Agentic AI Roadmap: Security & Governance Considerations for Your Agentic AI Program (Part 4) As AI systems evolve from simple automation to agentic decision-making strong governance and security become non-negotiable. In Part [--] of our GRC Agentic AI Roadmap series the experts at risk3sixty break down how to establish the right guardrails controls and monitoring to ensure your Agentic AI program remains secure compliant and aligned with organizational risk appetite. Youll learn: - How to align AI initiatives with ISO [-----] and emerging governance frameworks - Security best practices to" [YouTube Link](https://youtube.com/watch?v=t5bRCn0Wd0E) 2025-11-17T16:13Z 15.1K followers, [---] engagements "How Juvare Became an ISO [-----] Early Adopter with risk3sixty Juvare a global leader in emergency management and resilience technology is among the first organizations pursuing ISO [-----] to responsibly govern AI across both operations and product innovation. Ed Jones Information Security Manager at Juvare shares how his team partnered with risk3sixty to integrate AI governance into an already mature compliance program spanning ISO [-----] SOC [--] FedRAMP and more. Youll learn: - Why Juvare proactively embraced AI governance before customers began asking - How ISO [-----] builds on an integrated" [YouTube Link](https://youtube.com/watch?v=JrsuKHVrtCo) 2025-11-05T21:20Z 15.1K followers, [---] engagements "An In-Depth Look at Attack Surface Management (ASM) with risk3sixty Your attack surface is bigger and changing faster than you think. Annual security testing doesnt cut it anymore. In this video risk3sixtys President Christian White and Director of Offensive Security Cory Wolff break down modern Attack Surface Management (ASM): What it is how it works and why leading organizations are adopting continuous security. Through real-world examples and even a military base defense analogy well show how ASM helps teams: - Continuously discover unknown assets and exposures - Detect threats like" [YouTube Link](https://youtube.com/watch?v=NJp34TNiMAk) 2025-10-31T14:27Z 15.1K followers, [--] engagements "GRC Agentic AI Roadmap: Lets Build a GRC AI Agent Together (Part 3) Agentic AI is here and GRC teams are already putting it to work. In Part [--] of The GRC Agentic AI Roadmap we move from concept to construction. Youve seen the business case and real-world examples. Now its time to build your first GRC AI agent. What Youll Learn: - Why building an agent is the next critical step in the GRC AI journey - How to apply a repeatable build framework to your program - A real-world build from idea to measurable impact - How to get started quickly even with limited internal AI expertise Part 1: Building" [YouTube Link](https://youtube.com/watch?v=C60x2J44D_g) 2025-10-31T14:20Z 15.1K followers, [---] engagements "Harmonizing & Scaling Compliance Part 1: Establishing the Foundation for Streamlined Controls Welcome to Part [--] of our Scaling Compliance series: Establishing the Foundation for Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) explain why compliance leaders should prioritize scaling and streamlining control sets before growth and complexity take over. Youll learn: - Why managing multiple frameworks in Excel or SharePoint quickly becomes unmanageable - How client sector and regulatory" [YouTube Link](https://youtube.com/watch?v=intQlxByNtg) 2025-10-29T16:39Z 15.1K followers, [--] engagements "Harmonizing & Scaling Compliance Part 2: How to Implement Streamlined Controls Welcome to Part [--] of the Scaling Compliance series: How to Implement Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Alex Sullivan (Advisory & Assurance Associate) share practical tactics for building a scalable compliance program that harmonizes multiple frameworks into one integrated structure. Youll learn: - How to harmonize governance and eliminate siloed frameworks - Why harmonized policies and processes reduce duplication and confusion - A step-by-step" [YouTube Link](https://youtube.com/watch?v=93nU5ZMROcQ) 2025-10-29T16:39Z 15.1K followers, [--] engagements "Harmonizing & Scaling Compliance Part 3: Advancing Maturity and Continuous Improvement In the final installment of the Scaling Compliance series Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) discuss how to take your compliance program beyond the basics and drive continuous improvement. This session is designed for teams who have already harmonized frameworks and want to strengthen long-term resilience. Youll learn: - How to advance from reactive compliance to proactive data-driven program management - The role of KPIs" [YouTube Link](https://youtube.com/watch?v=XYbfksYQpho) 2025-10-29T16:39Z 15.1K followers, [--] engagements "The AI-Powered Assistant Built for GRC Teams fullCircle AI Assist Panel Meet the Assist Panel your always-on consultant in fullCircle AI Chat. The Assist Panel brings instant context-aware insights right where you work. See related tasks risks and evidence without leaving your flow. When you switch controls it updates automatically. With the Assist Panel you can: - Save time and eliminate context-switching - Understand connections faster - Act confidently with AI-powered insights Available now in fullCircle AI. Select the Assist tab to get started" [YouTube Link](https://youtube.com/watch?v=TBiuv8AMVgg) 2025-10-27T18:58Z 15.1K followers, [--] engagements "How Seriously Should GRC Teams Take AI In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=Wt1kTjEi9gY) 2025-10-21T18:41Z 15.1K followers, 50.6K engagements "How Seriously Should GRC Teams Take AI AI is everywhere but how much of it really matters for GRC In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=_KiSFBIDCo8) 2025-10-21T18:40Z 15.1K followers, 247.6K engagements "Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=qN_39vCPLAU) 2025-10-21T18:37Z 15.1K followers, 56.6K engagements "Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai" [YouTube Link](https://youtube.com/watch?v=4iZV--2q9ls) 2025-10-21T18:36Z 15.1K followers, 497.5K engagements "How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk" [YouTube Link](https://youtube.com/watch?v=T-b4FAOw-n0) 2025-10-21T17:52Z 15.1K followers, 168.5K engagements "Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore ISO [-----] resources:" [YouTube Link](https://youtube.com/watch?v=3GzoNR6EsaA) 2025-10-21T17:51Z 15.1K followers, 208.4K engagements "How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk" [YouTube Link](https://youtube.com/watch?v=3d-uZZHBbug) 2025-10-21T17:49Z 15.1K followers, 367.8K engagements "Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of Risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore more ISO [-----] resources:" [YouTube Link](https://youtube.com/watch?v=bhDPF9gBsuE) 2025-10-21T17:48Z 15.1K followers, 140.8K engagements "Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our" [YouTube Link](https://youtube.com/watch?v=6INwXkJD4Cs) 2025-10-21T14:32Z 15.1K followers, [--] engagements "Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats" [YouTube Link](https://youtube.com/watch?v=3WtHA0J_cco) 2025-10-21T14:30Z 15.1K followers, 191.7K engagements "What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or" [YouTube Link](https://youtube.com/watch?v=EdeDKPghvBw) 2025-10-21T14:29Z 15.1K followers, 157.5K engagements "Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty" [YouTube Link](https://youtube.com/watch?v=mEr8FE507QU) 2025-10-21T14:20Z 15.1K followers, [--] engagements "Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our" [YouTube Link](https://youtube.com/watch?v=op5z58LAcZs) 2025-10-15T19:05Z 15.1K followers, [---] engagements "Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats" [YouTube Link](https://youtube.com/watch?v=c_oHmxDbMTg) 2025-10-15T19:05Z 15.1K followers, 194.6K engagements "Introducing fullCircle's Insight Capable AI Chat Meet the future of compliance management. With fullCircles Insight Capable AI Chat you can ask complex questions about your program and get instant intelligent answers. Unlike generic AI fullCircles chat knows the ins and outs of your program your controls and your risks. That means faster answers smarter insights and compliance that actually works better. Learn more about fullCircle: https://risk3sixty.com/fullcircle-grc #GRC #AI #Compliance #Cybersecurity #Governance" [YouTube Link](https://youtube.com/watch?v=gr-p-4mKE4g) 2025-10-13T16:46Z 15.1K followers, [---] engagements "How to Add ISO [-----] to Your ISO [-----] Program with risk3sixty + Schellman In this expert session risk3sixty and Schellman team up to walk through the business case implementation strategy and certification process for ISO 42001designed specifically for organizations already managing an ISO [-----] program. Speakers: Christian Hyatt CEO & Co-Founder risk3sixty Danny Manimbo Principal & ISO AI Services Leader Schellman What Youll Learn: - How ISO [-----] builds on ISO [-----] for AI governance - Key differences overlaps and integration strategies - A 3-step implementation model used by top companies" [YouTube Link](https://youtube.com/watch?v=5fTlhFCs7r8) 2025-09-25T15:32Z 15.1K followers, [----] engagements "The GRC Agentic AI Roadmap: Real-World Use Cases for Agentic AI in Your GRC Program (Part 2) Agentic AI isnt just hype its already transforming how GRC teams operate. In Part [--] of our four-part series we go beyond strategy and theory to show you real-world Agentic AI use cases being implemented inside complex GRC programs today. What Youll Learn in This Session: - How GRC leaders are applying Agentic AI across frameworks like SOC [--] ISO [-----] and PCI - A walkthrough of the GRC AI Maturity Model and where most teams are starting - Live demos of the Evidence Processing Agent and Control Testing" [YouTube Link](https://youtube.com/watch?v=jBdg8Fondpw) 2025-09-24T02:31Z 15.1K followers, [---] engagements "Why MapLarge Chose Attack Surface Management With risk3sixty In this client conversation Cory Wolff Director of Offensive Security at risk3sixty sits down with Marvell Summerow Senior Security Program Manager at MapLarge to talk about Attack Surface Management (ASM). They cover: Why ASM uncovers risks traditional penetration tests miss How monthly ASM reports provide visibility into hidden assets and exposures The positive surprises MapLarge discovered early in their ASM journey The value of 24/7 monitoring compared to annual point-in-time tests Hear how MapLarge uses ASM as a critical layer" [YouTube Link](https://youtube.com/watch?v=pDoPH65kdjI) 2025-09-04T19:33Z 15.1K followers, [--] engagements "The GRC Agentic AI Roadmap: How to Implement Agentic AI in Your GRC Program (Part 1) Welcome to Part [--] of the GRC Agentic AI Roadmap Series. In this session we cut through the hype around AI and Agentic AI to deliver a clear actionable roadmap for GRC leaders who want to leverage AI to transform how their teams operate. This isn't theory it's built from real-world experience. Our team at risk3sixty has helped organizations ranging from high-growth tech companies to Fortune 10s implement AI into their governance risk and compliance functions and we've built our own GRC platform powered by" [YouTube Link](https://youtube.com/watch?v=ux37Xw0YKUY) 2025-09-04T19:30Z 15.1K followers, [----] engagements "Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty" [YouTube Link](https://youtube.com/watch?v=5fe_xz6V3GI) 2025-08-27T19:45Z 15.1K followers, [---] engagements "Inside Infostealers: Evasion Exploitation and Lessons from Change Healthcare and Snowflake Infostealers have become one of the fastest-growing threats in cybersecurity fueling major breaches and enabling attackers to quietly steal credentials financial data and sensitive IP. In this technical session Cory Wolff (Director of Offensive Security) and Nick Swink (Senior Security Consultant) from risk3sixty break down the full lifecycle of infostealers including: - What infostealers are and how attackers use them - Delivery methods like malvertising and Telegram-based C2 - Technical deep dive into" [YouTube Link](https://youtube.com/watch?v=IGqfLaHLuvk) 2025-08-26T19:02Z 15.1K followers, [---] engagements "What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or" [YouTube Link](https://youtube.com/watch?v=_xwqd6Ue_p8) 2025-08-18T14:00Z 15.1K followers, 187.4K engagements "Cybersecurity Exec Brief: Ethereum Dev Compromised ChatGPT-5 Jailbroken Threat Groups Unite Ethereum Developer Compromised via Malicious VS Code Extension An Ethereum developer was recently compromised after installing a third-party extensioncontractshark/solidity-langin Cursor a modified version of Visual Studio Code. The extension silently exfiltrated environment variables (.env file) exposing sensitive API keys and wallet credentials. The attack led to a wallet drain within days. With over [-----] downloads the malicious extension represents a successful supply chain attack. Fortunately the" [YouTube Link](https://youtube.com/watch?v=iE4kzc-G9m4) 2025-08-13T18:54Z 15.1K followers, [--] engagements "ISO [-----] Basics: What It Is and How to Get Certified Fast Learn more about the process for becoming ISO [-----] certified: https://risk3sixty.com/iso-42001 Download the ISO [-----] Overview for Business Leaders here: https://risk3sixty.com/whitepaper/iso-42001-overview-business-leaders Are you building AI products or integrating AI into your organization Then ISO [-----] should be on your radar. In this webinar Christian Hyatt CEO and Co-Founder of risk3sixty breaks down what ISO [-----] is why it matters for your business and how to build a certification roadmap. Learn how to align ISO [-----] with" [YouTube Link](https://youtube.com/watch?v=_wPkgeamFSk) 2025-08-13T18:13Z 15.1K followers, [----] engagements "New in fullCircle GRC: Control-Specific Findings Management Gain real-time visibility into control health with fullCircle GRCs new Control-Specific Findings Management feature. This update allows users to: - View all findings tied directly to a control - Quickly add or link issues for streamlined audits - Prioritize and track findings by severity and due date - Strengthen your overall security and compliance posture Whether you're preparing for an audit or improving your control monitoring workflows this feature gives you the transparency and efficiency your GRC program needs. Learn more at:" [YouTube Link](https://youtube.com/watch?v=jnfxEkI7PdA) 2025-08-11T19:27Z 15.1K followers, [---] engagements "New in fullCircle GRC: Risk and Task Linking in Framework Controls Track and manage your compliance program more efficiently with fullCircle GRCs Risk and Task Linking in Framework Controls feature. This update allows users to: - View and manage risks and tasks directly within any framework control - Link or unlink items with two-way visibility across the platform - Maintain traceability for better audit readiness and gap remediation - Use a consistent interface across organizational and framework controls This enhancement improves oversight and streamlines your GRC workflows. Learn more at:" [YouTube Link](https://youtube.com/watch?v=UPR71Tl-Z80) 2025-08-11T19:26Z 15.1K followers, [---] engagements "New in fullCircle GRC: Evidence Object Scoping in Controls Module Get more precision and filtering power in fullCircle GRC with the new Evidence Object Scoping feature. This update allows users to: - Add and manage scopes directly on evidence objects - Mirror familiar scoping functionality used in controls - Automatically apply scopes to existing linked evidence - Filter dashboards and reports by evidence scope This enhancement improves reporting accuracy and streamlines evidence tracking across your GRC program. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #Compliance" [YouTube Link](https://youtube.com/watch?v=6JAT-0O-NHo) 2025-08-11T19:24Z 15.1K followers, [--] engagements "New in fullCircle GRC: Homepage Dashboard Report Export Save time and deliver executive-ready insights with fullCircle GRCs Homepage Dashboard Report Export feature. This update allows users to: - Instantly generate a professional PDF from your real-time dashboard - Share key metrics charts and widgets with stakeholders - Improve data accuracy and reduce manual reporting efforts - Deliver clear updates to leadership auditors or board members Streamline compliance reporting and make informed decisions faster. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #ComplianceReporting" [YouTube Link](https://youtube.com/watch?v=wSr1erMhb0I) 2025-08-11T19:22Z 15.1K followers, [--] engagements "Introducing fullCircle AI: In-Platform Compliance & Security Assistance Meet fullCircle AI your always on assistant for security and compliance. Now built directly into the fullCircle platform this AI-powered tool helps you: - Get instant answers to compliance and security questions - Draft summarize and clarify information without leaving your session - Receive responses tailored specifically to cybersecurity and compliance contexts Example uses: Risk management guidance Security awareness training best practices and lots more Whether youre preparing for an audit or managing daily compliance" [YouTube Link](https://youtube.com/watch?v=QVnT2UyZlTg) 2025-08-11T17:29Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: SharePoint Under Active Exploitation & Replit AI Gets a Mind of Its Own Critical SharePoint Vulnerabilities Under Active Exploitation Organizations running on-premises SharePointespecially [----] [----] and Subscription Editionneed to patch immediately. Threat actors are actively exploiting a deserialization vulnerability initially disclosed during Pwn2Own and later reverse engineered after Microsofts July Patch Tuesday updates. GreyNoise reports dozens of suspicious IPs scanning and attacking vulnerable instances with activity targeting the U.S. U.K. Germany and Spain." [YouTube Link](https://youtube.com/watch?v=g7VPw5cHA2w) 2025-07-23T18:56Z 15.1K followers, [---] engagements "How to Harmonize Compliance Across Business Units Managing ISO SOC [--] PCI HITRUST and Others In this webinar risk3sixty's Kevin Ketts (CTO) and Carlin Cole (Product Manager) guide you through a controlcentric GRC approach to streamline compliance across multiple frameworks and business units; no more duplicate audits or lastminute scrambles. Learn: 00:00 Why harmonization matters 01:45 Top GRC team challenges: time expertise tools 04:20 The multiframework dilemma explained 07:10 How fullCircles platform harmonizes controls & evidence 12:30 Continuous compliance: spread work over time 17:00" [YouTube Link](https://youtube.com/watch?v=QAHjOO3DHws) 2025-07-17T15:03Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending" [YouTube Link](https://youtube.com/watch?v=W0dlK1vTXBM) 2025-07-17T14:25Z 15.1K followers, [---] engagements "SOC [--] + AI: How to Report on Artificial Intelligence Risk and Compliance With AI use accelerating security leaders are asking "how do we prove we're using AI responsibly" In this video Christian Hyatt (CEO risk3sixty) and Phil Brudney (Director of Privacy and Quality Assurance risk3sixty) walk through how companies can incorporate AI risk management into their existing SOC [--] report. You'll learn what criteria to include how to structure a defensible program and what a SOC [--] + AI audit looks like in practice. What Youll Learn: 00:00 Why add AI to your SOC [--] report 02:25 Business case: risk" [YouTube Link](https://youtube.com/watch?v=CqcBFnMqOQo) 2025-07-16T17:30Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: M365 Exploit NK Fraud Scattered Spider Resurfaces Microsoft [---] Direct Send Exploited in Phishing Campaigns Attackers are abusing Microsoft 365s Direct Send feature to send spoofed internal emailsbypassing filters and tricking users with fake voicemail alerts and QR code phishing links. The technique relies on smart-host addresses and unauthenticated PowerShell commands to deliver payloads that appear trusted. Admins should disable Direct Send enforce hard-fail SPF/DMARC and educate users on quishing. More reading:" [YouTube Link](https://youtube.com/watch?v=ChvDdWiK0v0) 2025-07-02T15:07Z 15.1K followers, [---] engagements "Cybersecurity & Compliance: How RxLink Navigated SOC [--] with risk3sixty Joseph Jackson co-founder of RxLink and serial entrepreneur shares how his team tackled compliance challenges with the help of risk3sixty while selling into Fortune [--] healthcare companies. He talks about how risk3sixty helped them choose SOC [--] and build a right-sized program during a tight six-month audit timeline. In this conversation Joe explains how compliance with the right partner can support growth instead of slowing it down why cultural buy-in matters more than checkboxes and what companies need to know when" [YouTube Link](https://youtube.com/watch?v=FimmosFyrhc) 2025-06-30T14:49Z 15.1K followers, [---] engagements "Cybersecurity Exec Brief: Critical M365 Copilot Issue GCP Breaks Internet Possible T-Mobile Breach EchoLeak vulnerability in Microsoft [---] Copilot Cybersecurity research firm Aim Labs has disclosed EchoLeak a critical zeroclick vulnerability (CVE202532711) in Microsoft [---] Copilot a generative AI assistant powered by RetrievalAugmented Generation (RAG). The flaw exploits promptinjection and LLMscope violationsattackers can send an innocuous email that triggers Copilot to silently exfiltrate confidential organizational data without any user action. Although Aim Labs reports no known customer" [YouTube Link](https://youtube.com/watch?v=W9yWtXXPJ6Y) 2025-06-18T14:14Z 15.1K followers, [---] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@risk3sixty risk3sixty
risk3sixty posts on YouTube about ai, how to, business, director the most. They currently have [------] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.
Engagements: [------] #
- [--] Week [------] +297%
- [--] Month [-------] -62%
- [--] Months [---------] +7,707%
- [--] Year [---------] +8,836%
Mentions: [--] #
- [--] Week [--] +178%
- [--] Month [--] +44%
- [--] Months [--] -3.50%
- [--] Year [--] +161%
Followers: [------] #
- [--] Week [------] +1.30%
- [--] Month [------] +4.10%
- [--] Months [------] +18%
- [--] Year [------] +35%
CreatorRank: [---------] #
Social Influence
Social category influence technology brands finance social networks stocks countries cryptocurrencies exchanges
Social topic influence ai, how to, business, director, watch, agentic, youtube, ceo, build, break
Top assets mentioned Microsoft Corp. (MSFT) Alphabet Inc Class A (GOOGL) Ethereum (ETH)
Top Social Posts
Top posts by engagements in the last [--] hours
"SOC [--] Simplified: Full Framework Review in Plain English In this video we explain all of the requirements of SOC [--] in plain English. We walk through every SOC [--] category discuss the controls most companies put into place to meet the requirements and what is often required during an audit. Sign up for a free SOC [--] readiness assessment here: www.phalanxgrc.com"
YouTube Link 2022-06-28T18:07Z 15.1K followers, 23.7K engagements
"ISO [-----] Basics: Everything You Need to Get Certified This video will cover the basics of ISO [-----] including the implementation and certification processes. Learn everything you need to know to get certified and ensure compliance with this crucial information security standard. Download the whitepaper: https://risk3sixty.com/iso-27001-path-to-certification-part-2/ #ISO27001 #cybersecurity #risk3sixty 0:00 Introduction 1:08 ISO [-----] Background 6:06 ISO [-----] Overview 8:22 ISMS: Clauses 4-10 11:34 Annex A: [---] Controls 23:54 Implementation Process 28:34 Certification Process 33:28 Typical"
YouTube Link 2020-05-28T14:03Z 15.1K followers, 123K engagements
"ISO [-----] Basics: What It Is and How to Get Certified Fast Learn more about the process for becoming ISO [-----] certified: https://risk3sixty.com/iso-42001 Download the ISO [-----] Overview for Business Leaders here: https://risk3sixty.com/whitepaper/iso-42001-overview-business-leaders Are you building AI products or integrating AI into your organization Then ISO [-----] should be on your radar. In this webinar Christian Hyatt CEO and Co-Founder of risk3sixty breaks down what ISO [-----] is why it matters for your business and how to build a certification roadmap. Learn how to align ISO [-----] with"
YouTube Link 2025-08-13T18:13Z 15.1K followers, [----] engagements
"#46: Building a GRC Program (w/ Jewel Hefner) SOC [--] PCI DSS ISO [-----] FedRAMP GDPR the list goes on. In this episode Jewel and Christian discuss how to build a global security and compliance program poised to support multiple frameworks. Jewel is an expert in governance risk and compliance with experience building teams and navigating the complexities of global compliance initiatives. Having forged a non-traditional route to a GRC leadership position Jewel is passionate about helping others do the same. In this episode of Tuesday Morning Grind Jewel and Christian discuss how to get into"
YouTube Link 2021-10-26T10:00Z 14.8K followers, [----] engagements
"PCI DSS: How to Get PCI Certified This is everything you need to know to get PCI DSS certified in [----]. Chris Donaldson is a PCI Expert and the PCI Practice Leader at risk3sixty. Chris has helped organizations from start-ups to Fortune [--] achieve PCI certification. In this episode of Tuesday Morning Grind Chris and Christian talk through everything a company needs to know to begin its PCI certification journey. Free Whitepaper Download: PCI DSS Process Overview https://risk3sixty.com/pci-dss-process-overview/ Free Whitepaper Download: PCI Compliance of Business Growth"
YouTube Link 2022-01-18T11:00Z 14.8K followers, [----] engagements
"Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore ISO [-----] resources:"
YouTube Link 2025-10-21T17:51Z 15.1K followers, 208.4K engagements
"Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats"
YouTube Link 2025-10-21T14:30Z 15.1K followers, 191.7K engagements
"How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk"
YouTube Link 2025-10-21T17:49Z 15.1K followers, 367.8K engagements
"#29: How Privacy Will Shape Society and Business (w/ Daniel Solove) Christian speaks with world renounced privacy researcher Daniel Solove about the current and future implications of privacy on society and business. About Daniel Solove: Daniel is a research professor at George Washington University Law School CEO of TeachPrivacy.com and holds a JD from Yale Law School. Daniel is one of the most respected and frequently sited privacy professionals on earth with over [--] research publications and over 1Mfollowers on social media. About risk3sixty: risk3sixty is a security privacy and compliance"
YouTube Link 2021-06-29T10:00Z 14.9K followers, [---] engagements
"What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or"
YouTube Link 2025-10-21T14:29Z 15.1K followers, 157.5K engagements
"PCI DSS: A Simple Intro to PCI DSS for Companies Getting Certified for the First Time Chris Donaldson is the leader of the PCI DSS practice at risk3sixty and an expert QSA. A qualified security assessor or QSA for short is an individual that helps companies identify gaps in their cybersecurity and their cyber security awareness training for the credit card industry. In this webinar Chris provides useful information on: 00:00 Into 04:05 An overview of PCI and the overall framework 16:36 PCI DSS v3.2.1 19:06 PCI DSS Compliance Applicability 23:10 The business case for PCI 28:24 Steps to achieve"
YouTube Link 2022-08-15T14:23Z 15.1K followers, 12.6K engagements
"CMMC Series Part 1: Everything You Need to Get Certified (Levels 1-3 Scoping & Audit Process) The Cybersecurity Maturity Model Certification (CMMC) is now live and every organization in the DoD supply chain will need to comply. In this deep-dive session risk3sixty experts break down exactly what you need to know to prepare for CMMC Levels 1-3 scope your environment understand timelines and navigate the new phased rollout through [----]. Whether you're a prime contractor or a subcontractor this walkthrough will help you understand your requirements avoid common pitfalls and confidently prepare"
YouTube Link 2025-11-24T16:09Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: FBI Warns of AI CFPB Targets Data Brokers CISA Urges Encryption FBI Issues PSA on Threat Actor Generative AI Use The FBI has issued a public service announcement warning that criminals are increasingly leveraging generative artificial intelligence (AI) to enhance the effectiveness and scale of financial fraud schemes. By utilizing AI-generated text images audio and video these actors can create more convincing social engineering tactics such as spear phishing and romance scams thereby deceiving a larger number of victims with greater efficiency. The FBI advises the"
YouTube Link 2024-12-05T19:50Z 14.7K followers, [---] engagements
"PCI 4.0: A Simple Checklist of the PCI DSS [---] Requirements In this video we discuss the new version of PCI v4.0 and what cloud-native/SaaS service providers need to know about the new requirements timelines and what organizations should focus on over the next two years for the new version of PCI DSS. 00:00 Intro 06:26 PCI Service Provider Types 08:36 Summary of Changes with PCI [---] 15:52 Medium and High Impact Changes in PCI [---] 24:21 Rapid PCI [---] Gap Assessment 29:09 Before you start solutioning 34:26 Priority Action Items for PCI [---] 40:50 Q&A #pci #pcidss #fintech #saas"
YouTube Link 2022-07-13T13:16Z 14.9K followers, [----] engagements
"How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk"
YouTube Link 2025-10-21T17:52Z 15.1K followers, 168.5K engagements
"How Seriously Should GRC Teams Take AI AI is everywhere but how much of it really matters for GRC In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:40Z 15.1K followers, 247.6K engagements
"What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or"
YouTube Link 2025-08-18T14:00Z 15.1K followers, 187.4K engagements
"Asset Management: ISO [-----] [----] Updates Explore the newest updates on Asset Management for ISO [-----] and ISO [-----] compliance in the [----] updates. Gain insights into key changes implementation strategies and real-world examples to fortify your organization's security program. Don't miss outwatch now Introducing the "ISO Byte" video series led by Sawyer Miller Director of Audit & Implementation Practice at risk3sixty. Join us to learn about essential insights updates and strategies for ISO [-----] and [-----] compliance. Subscribe and stay up to date on future videos. For a detailed look at the"
YouTube Link 2024-03-14T13:00Z 15.1K followers, [----] engagements
"PCI DSS: How to Get Ready for a PCI Certification Audit This video teaches you everything you will need to prepare for a PCI DSS audit from an expert QSA Chris Donaldson. We cover: 00:00 Intro 02:56 PCI Scoping Strategies 12:52 Before the Audit 27:38 During the Audit 30:59 After the Audit 33:40 Q&A For additional information on how to choose a QSA for your PCI needs please download our whitepaper - PCI Compliance of Business Growth https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/"
YouTube Link 2022-09-16T18:25Z 14.8K followers, [----] engagements
"Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of Risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore more ISO [-----] resources:"
YouTube Link 2025-10-21T17:48Z 15.1K followers, 140.8K engagements
"PCI as a Service: Advantages of Outsourcing PCI Compliance Outsourcing PCI Compliance can provide several benefits to companies. In this video will explore some key advantages of outsourcing PCI compliance and how outsourcing can support your security and compliance program. Overview: 00:00 Intro 00:52 The Reality of PCI 03:21 Bottom Line Upfront 06:20 Advantages of Outsourcing PCI Compliance 20:30 Options for Managing PCI 24:23 Head-to-Head Comparison - In-house vs Outsourced 30:47 How we can help 34:15 Q&A"
YouTube Link 2023-02-27T14:15Z 15.1K followers, [---] engagements
"Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats"
YouTube Link 2025-10-15T19:05Z 15.1K followers, 194.6K engagements
"SOC 2: A Simple Intro to SOC [--] Certification for Companies Getting Certified for the First Time Are you considering SOC [--] certification for your company but feeling overwhelmed by the process Look no further In this comprehensive introduction to SOC [--] we break down the essentials for companies venturing into certification for the first time. In this video we cover the following: 00:00 Intro 01:20 An overview of the SOC [--] framework 04:11 The business case for SOC [--] 07:38 Steps to achieving SOC [--] compliance 09:40 The typical timeline to set up SOC [--] 14:35 Effort estimates 17:11 Framework"
YouTube Link 2022-08-24T19:02Z 15K followers, 17.1K engagements
"PCI DSS Basics: Everything You Need to Get PCI DSS Certified In this episode of Tuesday Morning Grind Christian White and Christian Hyatt discuss and address many of the common questions associated with PCI DSS the process to become certified how to prepare a budget and how long it takes. Free resource: PCI Compliance of Business Growth - Whitepaper https://risk3sixty.com/whitepaper/pci-compliance-for-business-growth-whitepaper/ About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high-growth technology organizations build manage and assess security and"
YouTube Link 2021-06-04T16:05Z 14.9K followers, 32.5K engagements
"Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:37Z 15.1K followers, 56.6K engagements
"A Practical Guide to CMMC Implementation and Certification (risk3sixty + Schellman) CMMC is here and certification requirements are starting to show up in DoD contracts. In this session hosted by risk3sixty (advisory) and Schellman (assessment) you will learn - The CMMC rollout timeline and what to expect through [----] - How the certification process works (including the 4-phase C3PAO assessment flow) - Why scoping CUI/FCI correctly is one of the biggest drivers of cost effort and audit success. The session wraps with a live panel Q&A covering common readiness pitfalls assessor availability"
YouTube Link 2026-01-29T17:24Z 15.1K followers, [--] engagements
"The GRC Agentic AI Roadmap: How to Implement Agentic AI in Your GRC Program (Part 1) Welcome to Part [--] of the GRC Agentic AI Roadmap Series. In this session we cut through the hype around AI and Agentic AI to deliver a clear actionable roadmap for GRC leaders who want to leverage AI to transform how their teams operate. This isn't theory it's built from real-world experience. Our team at risk3sixty has helped organizations ranging from high-growth tech companies to Fortune 10s implement AI into their governance risk and compliance functions and we've built our own GRC platform powered by"
YouTube Link 2025-09-04T19:30Z 15.1K followers, [----] engagements
"Annex 3: Structuring AI Roles in ISO [-----] In this video learn about Annex A.3 Internal Organization of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. This video covers the following: See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 A.3.2 AI roles and responsibilities Roles and responsibilities for AI shall be defined and allocated according to the needs of the organization. A.3.3 Reporting of concerns The organization shall define and put in place a process to report concerns about the organizations role with"
YouTube Link 2024-06-25T14:09Z 14K followers, [----] engagements
"Annex 9: Use of AI Systems in ISO [-----] In this video learn about Annex A.9 Use of AI Systems of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 Learn more about ISO [-----] with our online course: https://risk3sixty.com/landing/iso-42001-course Objective: To ensure that the organization uses AI systems responsibly and per organizational policies A.9.2 Processes for responsible use of AI systems The organization shall define and document the processes for the"
YouTube Link 2024-08-20T14:46Z 14K followers, [---] engagements
"Overview of ISO [-----] Clauses 4-10 In this video learn about Clauses 4-10 of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director From understanding organizational needs to fostering leadership commitment and driving continual improvement Sawyer expertly navigates each clause. Whether you're a seasoned pro or just starting your cybersecurity journey buckle up and join us as we unravel the mysteries of ISO [-----]. Get ready to level up your infosec game and emerge as a true cybersecurity champion See how risk3sixty can help your business with ISO [-----] contact us:"
YouTube Link 2024-06-13T14:03Z 14K followers, [----] engagements
"The CISO Role: How to Design Security Leadership Custom Fit to for Your Organization We discuss the CISO role's common pitfalls and provide a framework for designing a CISO role that makes sense for your organization emphasizing security leadership. Free resource: Security Team Operating System - workbook https://risk3sixty.com/whitepaper/security-team-operating-system-ebook/ Podcast Here: https://anchor.fm/risk3sixty #security #cybersecurity #CISO #compliance 0:00 Introduction 1:54 Why This Matters 3:59 Framework: Define Business Problems 7:35 Framework: Priorities Roles and Responsibilities"
YouTube Link 2020-07-24T15:34Z 13.9K followers, [----] engagements
"Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:36Z 15.1K followers, 497.5K engagements
"How to Add ISO [-----] to Your ISO [-----] Program with risk3sixty + Schellman In this expert session risk3sixty and Schellman team up to walk through the business case implementation strategy and certification process for ISO 42001designed specifically for organizations already managing an ISO [-----] program. Speakers: Christian Hyatt CEO & Co-Founder risk3sixty Danny Manimbo Principal & ISO AI Services Leader Schellman What Youll Learn: - How ISO [-----] builds on ISO [-----] for AI governance - Key differences overlaps and integration strategies - A 3-step implementation model used by top companies"
YouTube Link 2025-09-25T15:32Z 15.1K followers, [----] engagements
"Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our"
YouTube Link 2025-10-21T14:32Z 15.1K followers, [--] engagements
"Harmonizing & Scaling Compliance Part 2: How to Implement Streamlined Controls Welcome to Part [--] of the Scaling Compliance series: How to Implement Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Alex Sullivan (Advisory & Assurance Associate) share practical tactics for building a scalable compliance program that harmonizes multiple frameworks into one integrated structure. Youll learn: - How to harmonize governance and eliminate siloed frameworks - Why harmonized policies and processes reduce duplication and confusion - A step-by-step"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"GRC Agentic AI Roadmap: Lets Build a GRC AI Agent Together (Part 3) Agentic AI is here and GRC teams are already putting it to work. In Part [--] of The GRC Agentic AI Roadmap we move from concept to construction. Youve seen the business case and real-world examples. Now its time to build your first GRC AI agent. What Youll Learn: - Why building an agent is the next critical step in the GRC AI journey - How to apply a repeatable build framework to your program - A real-world build from idea to measurable impact - How to get started quickly even with limited internal AI expertise Part 1: Building"
YouTube Link 2025-10-31T14:20Z 15.1K followers, [---] engagements
"SOC [--] + AI: How to Report on Artificial Intelligence Risk and Compliance With AI use accelerating security leaders are asking "how do we prove we're using AI responsibly" In this video Christian Hyatt (CEO risk3sixty) and Phil Brudney (Director of Privacy and Quality Assurance risk3sixty) walk through how companies can incorporate AI risk management into their existing SOC [--] report. You'll learn what criteria to include how to structure a defensible program and what a SOC [--] + AI audit looks like in practice. What Youll Learn: 00:00 Why add AI to your SOC [--] report 02:25 Business case: risk"
YouTube Link 2025-07-16T17:30Z 15.1K followers, [---] engagements
"Attack Surface Management (ASM) Part 2: Why Continuous ASM Beats Traditional Penetration Testing In Part [--] of our Attack Surface Management (ASM) Field Guide Series Cory Wolff breaks down the real differences between penetration testing and ASM and why point-in-time assessments alone cant keep up with todays threat landscape. Youll Learn - Why continuous always-on ASM matters as environments change daily (new assets new SaaS apps new exposures) - How modern breaches often start with stolen credentials and rapid vulnerability exploitation not just known assets on a scan list. - How ASM helps"
YouTube Link 2025-12-18T18:45Z 15.1K followers, [--] engagements
"Cybersecurity Exec Brief: Device Code Phishing US Treasury Zero-Day Thailand Pulls Scammer Plug Exec Brief: Cybercriminals are evolving their tactics from device code phishing campaigns to zero-day exploits targeting critical infrastructure. Meanwhile entire scam hubs are being dismantled as governments crack down on cyber fraud. [----] Cybersecurity Year in Review: https://risk3sixty.com/webinars/2024-cybersecurity-year-review Threat Actors Utilize Device Code Phishing On February [--] [----] Microsoft reported that the threat actor group Storm-2372 has been conducting a sophisticated phishing"
YouTube Link 2025-02-20T18:04Z 11.3K followers, [---] engagements
"How Juvare Became an ISO [-----] Early Adopter with risk3sixty Juvare a global leader in emergency management and resilience technology is among the first organizations pursuing ISO [-----] to responsibly govern AI across both operations and product innovation. Ed Jones Information Security Manager at Juvare shares how his team partnered with risk3sixty to integrate AI governance into an already mature compliance program spanning ISO [-----] SOC [--] FedRAMP and more. Youll learn: - Why Juvare proactively embraced AI governance before customers began asking - How ISO [-----] builds on an integrated"
YouTube Link 2025-11-05T21:20Z 15.1K followers, [---] engagements
"An In-Depth Look at Attack Surface Management (ASM) with risk3sixty Your attack surface is bigger and changing faster than you think. Annual security testing doesnt cut it anymore. In this video risk3sixtys President Christian White and Director of Offensive Security Cory Wolff break down modern Attack Surface Management (ASM): What it is how it works and why leading organizations are adopting continuous security. Through real-world examples and even a military base defense analogy well show how ASM helps teams: - Continuously discover unknown assets and exposures - Detect threats like"
YouTube Link 2025-10-31T14:27Z 15.1K followers, [--] engagements
"PCI DSS: A Simplified Review of PCI DSS In Plain English (Full Framework Review) This installment will break down the PCI DSS framework in plain English. This webinar will closely examine the framework itself and spell out the complex requirements in a way that's easier to understand. Topics We'll Cover Include: - PCI DSS v3.2.1 vs. PCI DSS v4.0 - An easy-to-understand look at the requirements in the current version of the framework and the version that will be mandatory in [----] - Common gaps clients often see when trying to meet PCI's requirements Overview: 00:00 Intro 03:09 Summary of PCI"
YouTube Link 2022-12-12T14:10Z 13.9K followers, [----] engagements
"AI Security Concepts: Machine Learning AI and Cybersecurity Join Cory Wolff Director of Offensive Security at risk3sixty as he explores the evolution of AI and Machine Learning. Cory traces AI's journey from its origins in the 1940s to today. Discover key milestones such as the first neural network and IBM's Deep Blue defeating a human in chess. Learn about the transformative breakthroughs of [----] including introducing transformers and self-attention mechanisms. Cory challenges viewers to experience the power of modern AI models like ChatGPT and Google Gemini firsthand"
YouTube Link 2024-06-17T17:52Z 13.8K followers, [----] engagements
"ISO 27001: A Simplified Review of ISO [-----] In Plain English (Full Framework Review) In this video we provide an easy-to-follow review of ISO [-----] and the upcoming changes for [----]. Sawyer Miller completed his [--] part series on ISO [-----] with a plain English overview of the framework. Overview: 00:00 Intro 01:48 Framework Overview 07:30 ISMS - Information Security Management System 18:55 ISO/IEC 27001:2013 Annex A 26:15 ISO.IEC 27001:2022 Annex A 28:31 Common Gaps 40:34 How to get Started with ISO [-----] 42:00 Q&A"
YouTube Link 2022-11-02T13:26Z 14.6K followers, 20.3K engagements
"How to Harmonize Compliance Across Business Units Managing ISO SOC [--] PCI HITRUST and Others In this webinar risk3sixty's Kevin Ketts (CTO) and Carlin Cole (Product Manager) guide you through a controlcentric GRC approach to streamline compliance across multiple frameworks and business units; no more duplicate audits or lastminute scrambles. Learn: 00:00 Why harmonization matters 01:45 Top GRC team challenges: time expertise tools 04:20 The multiframework dilemma explained 07:10 How fullCircles platform harmonizes controls & evidence 12:30 Continuous compliance: spread work over time 17:00"
YouTube Link 2025-07-17T15:03Z 15.1K followers, [---] engagements
"Introducing Framework Deployment for fullCircle Managing multiple compliance frameworks across a growing business can get messy fast. Duplicate controls endless spreadsheets and constant remapping are just some of the challenges GRC professionals face just to keep everything aligned. How do you solve this Introduce Framework Deployment in fullCircle: A smarter way to add and manage frameworks like ISO [-----] ISO [-----] CMMC PCI DSS and more without multiplying the workload. Built by the compliance experts at risk3sixty Framework Deployment gives you: - Pre-configured control libraries designed"
YouTube Link 2025-12-15T19:17Z 15.1K followers, [--] engagements
"CMMC Part 2: How to Add CMMC to an Existing SOC [--] or ISO [-----] Program In Part [--] of our CMMC webinar series risk3sixtys Christian White (President & Co-Founder) and Andrew Parks (Manager Advisory and Assurance) walk through how to layer CMMC onto an existing SOC [--] or ISO [-----] program without creating duplicate work bloated scope or audit fatigue. Learn how to use what youve already built to meet CMMC requirements where the frameworks overlap and where youll need to make net-new investments especially around scoping and technical rigor. What Youll Learn: - Why CMMC scope is narrower and more"
YouTube Link 2025-12-11T15:47Z 15.1K followers, [--] engagements
"The AI-Powered Assistant Built for GRC Teams fullCircle AI Assist Panel Meet the Assist Panel your always-on consultant in fullCircle AI Chat. The Assist Panel brings instant context-aware insights right where you work. See related tasks risks and evidence without leaving your flow. When you switch controls it updates automatically. With the Assist Panel you can: - Save time and eliminate context-switching - Understand connections faster - Act confidently with AI-powered insights Available now in fullCircle AI. Select the Assist tab to get started"
YouTube Link 2025-10-27T18:58Z 15.1K followers, [--] engagements
"Cybersecurity Brief: Ransomhub Keeps Busy BEC hits $55B and Who's to Blame for CrowdStrike Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Ransomhub Crew Keeps Busy After being burned by ALPHV this summer the ransomware crew Ransomhub has been on an absolute tear. Since they were forced to double extort Change Healthcare after not receiving the original payment via ALPHV Ransomhub has created their own Ransomware-as-a-Service with a 90% affiliate rate making them one of"
YouTube Link 2024-09-18T14:10Z 14.6K followers, [---] engagements
"New in fullCircle GRC: Risk and Task Linking in Framework Controls Track and manage your compliance program more efficiently with fullCircle GRCs Risk and Task Linking in Framework Controls feature. This update allows users to: - View and manage risks and tasks directly within any framework control - Link or unlink items with two-way visibility across the platform - Maintain traceability for better audit readiness and gap remediation - Use a consistent interface across organizational and framework controls This enhancement improves oversight and streamlines your GRC workflows. Learn more at:"
YouTube Link 2025-08-11T19:26Z 15.1K followers, [---] engagements
"Attack Surface Management (ASM) Part 1: Getting Started With Enterprise ASM Every organization has an external attack surface but few have full visibility into it. In Part [--] of our Attack Surface Management (ASM) series the risk3sixty Armada team breaks down what it takes to stand up an enterprise-grade ASM program that continuously identifies and mitigates exposure across your digital footprint. Youll learn: - What ASM is and how it differs from traditional penetration testing - Key components of an enterprise ASM program from asset discovery to continuous monitoring - Common blind spots and"
YouTube Link 2025-11-17T16:26Z 15.1K followers, [---] engagements
"How Seriously Should GRC Teams Take AI In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:41Z 15.1K followers, 50.6K engagements
"Harmonizing & Scaling Compliance Part 3: Advancing Maturity and Continuous Improvement In the final installment of the Scaling Compliance series Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) discuss how to take your compliance program beyond the basics and drive continuous improvement. This session is designed for teams who have already harmonized frameworks and want to strengthen long-term resilience. Youll learn: - How to advance from reactive compliance to proactive data-driven program management - The role of KPIs"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"Annex 6: AI Systems Lifecycle of ISO [-----] In this video learn about Annex A.6 AI Systems Lifecycle of ISO [-----] alongside Sawyer Miller risk3sixty's Audit and Implementations Director. See how risk3sixty can help your business with ISO [-----] contact us: https://hubs.ly/Q02JyH5Q0 Learn more about ISO [-----] with our online course: https://risk3sixty.com/landing/iso-42001-course This video covers the following: A.6.1 Management guidance for AI system development Objective: To ensure that the organization identifies and documents objectives and implements processes for the responsible design and"
YouTube Link 2024-07-25T15:59Z 14.1K followers, [---] engagements
"Harmonizing & Scaling Compliance Part 1: Establishing the Foundation for Streamlined Controls Welcome to Part [--] of our Scaling Compliance series: Establishing the Foundation for Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) explain why compliance leaders should prioritize scaling and streamlining control sets before growth and complexity take over. Youll learn: - Why managing multiple frameworks in Excel or SharePoint quickly becomes unmanageable - How client sector and regulatory"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"ISO [-----] Course - Internal Audit Requirement ISO [-----] clause [---] requires that companies performs internal audits as part of program monitoring. In this section we will cover what an internal audit looks like why it is required and how companies practically implement an internal audit program to meet the ISO [-----] requirement"
YouTube Link 2024-11-09T14:34Z 14K followers, [----] engagements
"Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty"
YouTube Link 2025-10-21T14:20Z 15.1K followers, [--] engagements
"ISO [-----] Course Introduction Welcome to the first ever ISO [-----] training course from risk3sixty. In it we want to give you everything you need to get certified. In this lesson we will give you a preview of what to expect in this course on Artificial Intelligence system management"
YouTube Link 2024-11-09T14:32Z 14.1K followers, [----] engagements
"Cybersecurity Exec Brief: DeepSeek Hacked in Multiple Ways Medical Device Backdoor Discovered 🔹 DeepSeek Gets Owned Multiple Ways Wiz Research recently identified a significant security lapse in DeepSeek a Chinese AI startup renowned for its DeepSeek-R1 reasoning model. A publicly accessible ClickHouse database was found exposed containing over a million log entries with sensitive information such as chat histories API keys and backend details. This vulnerability allowed unauthorized users full control over database operations posing substantial risks to both DeepSeek and its users. Upon"
YouTube Link 2025-02-05T21:39Z 11.2K followers, [---] engagements
"Cyber War Breaches and Human Emotion (w/ Raj Samani) We are seeing the highest volume of cyber attacks we have ever seen. Raj has briefed heads of state CEOs and politicians on cybersecurity. During his time a chief scientist at McAfee he was responsible for understanding the thread landscape researching emerging threats and perhaps most importantly mastering the human side of cybersecurity emotion self-interests fear and geo-politics. In this episode of Tuesday Morning Grind Raj and Christian discuss the current state of cybersecurity emerging trends and the human side of cybersecurity."
YouTube Link 2022-02-15T11:00Z 13.8K followers, [---] engagements
"GRC Agentic AI Roadmap: Security & Governance Considerations for Your Agentic AI Program (Part 4) As AI systems evolve from simple automation to agentic decision-making strong governance and security become non-negotiable. In Part [--] of our GRC Agentic AI Roadmap series the experts at risk3sixty break down how to establish the right guardrails controls and monitoring to ensure your Agentic AI program remains secure compliant and aligned with organizational risk appetite. Youll learn: - How to align AI initiatives with ISO [-----] and emerging governance frameworks - Security best practices to"
YouTube Link 2025-11-17T16:13Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: CVE Database in Jeopardy China Admits to Hacking Hertz Suffers Breach MITREs funding to operate the CVE Program and the CWE Program is set to officially expire. The CVE database is a critical backbone for vulnerability management threat research and global cyber defense efforts. MITRE has confirmed that the expiration is real and stems from a contract managed through the DHS typically renewed each April. With no immediate renewal in place the future of the CVE program is uncertain. Whats next For now historical CVE records will remain available via GitHub. But this"
YouTube Link 2025-04-16T14:20Z 13.9K followers, [---] engagements
"ISO [-----] [----] Updates: Everything You Need to Get Certified (Part 1) In this video we discuss the ISO [-----] [----] updates you need to know and the implications they have for organizations seeking to attain or maintain certification. Agenda: 00:00 Intro 03:19 What is ISO [-----] What is changing in [----] 08:04 ISMS [----] vs. [----] 15:14 What are the changes - ISO 27002:2022 18:47 ISO 27002:2022 Annex A 30:40 Implications for Customers 36:24 What is a Transition Audit 42:11 Next Steps 46:00 Q&A Sign Up for Phalanx GRC here: phalanxgrc.com"
YouTube Link 2023-01-23T19:06Z 12.9K followers, 13K engagements
"Simplify Multi-Framework Compliance (ISO SOC PCI) with fullCircle GRC Management Platform : https://risk3sixty.com/fullcircle-grc : https://risk3sixty.com/contact Our Controls module integrates ISO [-----] SOC [--] and PCI DSS requirements into one streamlined strategy reducing redundancies and saving time. Expert security compliance professionals ensure seamless alignment and efficient documentation management centralizing audit evidence to minimize confusion and redundant requests. Discover the power of real-time dashboarding for instant compliance status visibility across frameworks. Make"
YouTube Link 2024-07-15T18:25Z 12.6K followers, [---] engagements
"ISO 27001: A Simple Intro to ISO [-----] for Companies Getting Certified for the First Time In this video you will learn about ISO [-----] from Sawyer Miller the ISO leader at risk3sixty. Sawyer has worked with companies of all sizes to implement ISO [-----] into their business. ISO [-----] is the only auditable international standard that defines the requirements of an ISMS (information security management system). An ISMS is a set of policies procedures processes and systems that manage information security risks such as cyber-attacks hacks data leaks or theft. In this video you'll obtain the"
YouTube Link 2022-08-09T19:11Z 10.1K followers, 43.2K engagements
"Cybersecurity Exec Brief: KeePass Deploys Cobalt Strike Infostealers Ransomware Crew Chats Leaked Search the internal chats of Blackbasta here: https://bastachats.armada-ops.com Fake KeePass Password Manager Leads to ESXi Ransomware Attack Cybercriminals have been distributing trojanized versions of the KeePass password manager for at least eight months aiming to infiltrate enterprise networks. These malicious versions install Cobalt Strike beacons steal credentials and ultimately deploy ransomware on compromised systems. The attackers target VMware ESXi servers exploiting their"
YouTube Link 2025-05-21T18:14Z 12.3K followers, [--] engagements
"Cybersecurity News: AWS S3 Buckets Denial of Wallet Lockbit Leader New VPN Issues Join Cory in today's quick Weekly Cybersecurity Executive Brief as he updates on the AWS S3 Buckets Denial of Wallet the Lockbit leader identity released by UK and US authorities new issue found in virtually all VPNs and more. FREE Template: Penetration Testing ROI Calculator https://risk3sixty.com/whitepaper/penetration-testing-roi-calculator Week of April [--] Ransomware Stats: https://www.linkedin.com/feed/update/urn:li:activity:7193227620132495362/ 00:00 Introduction 00:28 AWS Denial S3 Bucket 02:11 Ransomware"
YouTube Link 2024-05-09T13:00Z 12.4K followers, [--] engagements
"Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty"
YouTube Link 2025-08-27T19:45Z 15.1K followers, [---] engagements
"New in fullCircle GRC: Evidence Object Scoping in Controls Module Get more precision and filtering power in fullCircle GRC with the new Evidence Object Scoping feature. This update allows users to: - Add and manage scopes directly on evidence objects - Mirror familiar scoping functionality used in controls - Automatically apply scopes to existing linked evidence - Filter dashboards and reports by evidence scope This enhancement improves reporting accuracy and streamlines evidence tracking across your GRC program. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #Compliance"
YouTube Link 2025-08-11T19:24Z 15.1K followers, [--] engagements
"Cybersecurity Brief: [--] Critical Vulnerabilities in Palo Alto Firewalls T-Mobile Breached with AI How Red Teaming Could Have Prevented these incidents: https://www.youtube.com/watchv=ZuUzonE2uT0 Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 [--] Critical Vulnerabilities in Palo Alto Firewalls Palo Alto Networks (PAN) issued a security advisory highlighting a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2024-0012 CVSS 9.3) actively exploited in its"
YouTube Link 2024-11-21T15:15Z 12.2K followers, [---] engagements
"EU AI Act: Everything You Need to Be Compliant FREE EU AI Act Compliance Pack: https://risk3sixty.com/whitepaper/eu-ai-act Join us as we break down the EU AI Act and what it means for your business. In this webinar experts Christian Hyatt and Phil Brudney from risk3sixty provide an overview of the regulation its structure and key compliance requirements. Learn practical steps to integrate the EU AI Act into your existing compliance program prove compliance and leverage free resources like marked-up notes and executive summaries to navigate the regulation with ease. 00:00 Introduction 01:36 EU"
YouTube Link 2024-12-04T17:12Z 12.1K followers, [----] engagements
"HITRUST i1 vs SOC [--] : What's the Difference between SOC [--] and HITRUST HITRUST i1 or SOC2 (or both) Which makes the most sense for your business This video will give you everything you need to know to help you decide. The business drivers for obtaining a SOC [--] report or a HITRUST i1 certification may be similar. Still important distinctions between the two should be considered to make the best possible decision. Agenda: 00:00 Intro 01:00 Overview and comparison of the HITRUST and SOC [--] 14:11 HITRUST i1 Readiness and Assessment Process 18:59 HITRUST i1 Typical Timeline 22:52 SOC [--] Readiness and"
YouTube Link 2023-01-30T18:00Z 13.2K followers, [----] engagements
"SOC 2: How to Get Ready for a SOC [--] Audit In this video we cover Everything You Need to Get Ready for a SOC [--] Audit: 00:00 Intro 01:18 Before the audit 06:49 During the audit 13:21 After the audit For more information please download our free whitepaper: Simple Guide to SOC for Cybersecurity - https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/"
YouTube Link 2022-09-09T13:05Z 12.7K followers, [----] engagements
"Cybersecurity Exec Brief: M365 Exploit NK Fraud Scattered Spider Resurfaces Microsoft [---] Direct Send Exploited in Phishing Campaigns Attackers are abusing Microsoft 365s Direct Send feature to send spoofed internal emailsbypassing filters and tricking users with fake voicemail alerts and QR code phishing links. The technique relies on smart-host addresses and unauthenticated PowerShell commands to deliver payloads that appear trusted. Admins should disable Direct Send enforce hard-fail SPF/DMARC and educate users on quishing. More reading:"
YouTube Link 2025-07-02T15:07Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: DOJ Nabs Snowflake Hacker FTC Demands GoDaddy Boost InfoSec Practices Register for the upcoming [----] Cybersecurity Year in Review: https://hubs.ly/Q032ZPH50 DOJ Arrests Hacker Behind Snowflake Breaches U.S. prosecutors have formally connected the arrest of U.S. Army communications specialist Cameron John Wagenius to last years massive theft of phone records from AT&T and Verizon stemming from cyberattacks on cloud computing provider Snowflake. Wagenius arrested in Texas on December [--] faces charges of unlawfully transferring confidential phone records and is linked"
YouTube Link 2025-01-22T18:42Z 11.1K followers, [--] engagements
"Cybersecurity & Compliance: How RxLink Navigated SOC [--] with risk3sixty Joseph Jackson co-founder of RxLink and serial entrepreneur shares how his team tackled compliance challenges with the help of risk3sixty while selling into Fortune [--] healthcare companies. He talks about how risk3sixty helped them choose SOC [--] and build a right-sized program during a tight six-month audit timeline. In this conversation Joe explains how compliance with the right partner can support growth instead of slowing it down why cultural buy-in matters more than checkboxes and what companies need to know when"
YouTube Link 2025-06-30T14:49Z 15.1K followers, [---] engagements
"Cybersecurity Brief: Microsoft Patches 3rd Update Vulnerability in a Month Malvertising Hits Lowes Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Zero Day in Windows Update Microsoft issued an urgent warning about active exploitation of a critical vulnerability in Windows Update identified as CVE-2024-43491 which allows attackers to roll back security fixes on certain versions of Windows. The flaw rated with a CVSS score of 9.8/10 impacts Windows [--] version [----] and has"
YouTube Link 2024-09-17T20:10Z 10K followers, [---] engagements
"How Fullstory Scaled Compliance Across [--] Frameworks (ISO SOC PCI & Others) with fullCircle What does it take to operationalize compliance across ISO [-----] SOC [--] PCI and morewhile keeping security a business enabler Fullstorys Head of Security GRC Anne Turner shares how they built a harmonized compliance program leveraged risk3sixtys fullCircle platform and positioned security as a competitive advantage. Key Successes: - Achieved ISO [-----] certification for AI governance - Managed [--] compliance frameworks in one harmonized workstream - Enabled proactive risk management and a strong security"
YouTube Link 2025-02-12T19:15Z 12K followers, [---] engagements
"Master Healthcare Compliance: Save 1000s of Hours by Harmonizing HITRUST SOC [--] ISO [-----] & More Download our Single Framework Strategy whitepaper to learn how multi-framework harmonization works: https://risk3sixty.com/whitepaper/single-framework-for-multiple-certifications Learn how Cloud Service Group and Platform.sh saved big on resources through multi-framework harmonization: http://risk3sixty.com/resources#casestudies Get in touch. We'd love to learn more about your cybersecurity needs: https://risk3sixty.com/contact Is your healthcare organization struggling to keep up with the heavy"
YouTube Link 2024-10-22T21:14Z 13.5K followers, [---] engagements
"Inside Infostealers: Evasion Exploitation and Lessons from Change Healthcare and Snowflake Infostealers have become one of the fastest-growing threats in cybersecurity fueling major breaches and enabling attackers to quietly steal credentials financial data and sensitive IP. In this technical session Cory Wolff (Director of Offensive Security) and Nick Swink (Senior Security Consultant) from risk3sixty break down the full lifecycle of infostealers including: - What infostealers are and how attackers use them - Delivery methods like malvertising and Telegram-based C2 - Technical deep dive into"
YouTube Link 2025-08-26T19:02Z 15.1K followers, [---] engagements
"Cybersecurity Brief: Coalition for Secure AI and AMD Chips Vulnerable to SMM Bypass Learn more about how we can help your business prevent attacks like this https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator: https://hubs.ly/Q02wBB5d0 The Coalition for Secure AI (CoSAI) is an open ecosystem of AI and security experts from industry leading organizations dedicated to sharing best practices for secure AI deployment and collaborating on AI security research and product development. Learn more here: https://www.coalitionforsecureai.org/ 0.0.0.0 Day A newly discovered critical vulnerability dubbed"
YouTube Link 2024-08-14T15:26Z 11.4K followers, [---] engagements
"Armada Ransomware Series: How Much Money Do Ransomware Crews Make Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends How much do ransomware crews make The answer is.a lot. See a detailed breakdown of a Profit and Loss (P&L) sheet for a real ransomware crew. [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense: https://youtu.be/wW2jDHvevtg [--]. Double Extortion: When One Ransomware Attack Isn't Enough: https://youtu.be/nDeSG7Q4g_Q [--]. Interesting Finds From Leaked Ransomware Crew Chat Logs:"
YouTube Link 2025-05-19T14:17Z 12.3K followers, [--] engagements
"ISO 27701: Everything you need to prepare for ISO [-----] certification In this webinar we discuss everything you need to prepare for an ISO [-----] certification including the link between ISO [-----] and ISO [-----]. We also discuss the implementation and certification process. Download our ISO [-----] whitepaper: https://risk3sixty.com/iso-27701-path-to-privacy-part-2/ #ISO27001 #ISO27701 #Privacy #Security 0:00 Introduction 1:32 Where We're Going 2:16 ISO [-----] Background 5:32 ISO [-----] Structure 10:40 PIMS: Clause [--] 15:30 ISO [-----] Implementation 21:58 ISO [-----] Certification Process 25:25 Typical"
YouTube Link 2020-06-12T13:40Z 12.6K followers, [----] engagements
"Introducing fullCircle AI: In-Platform Compliance & Security Assistance Meet fullCircle AI your always on assistant for security and compliance. Now built directly into the fullCircle platform this AI-powered tool helps you: - Get instant answers to compliance and security questions - Draft summarize and clarify information without leaving your session - Receive responses tailored specifically to cybersecurity and compliance contexts Example uses: Risk management guidance Security awareness training best practices and lots more Whether youre preparing for an audit or managing daily compliance"
YouTube Link 2025-08-11T17:29Z 15.1K followers, [---] engagements
"Executive Cybersecurity Brief: Change Healthcare Incident Costs $700M New Novel Phishing Lure How Red Teaming Could Have Prevented the Change Healthcare incident: https://www.youtube.com/watchv=ZuUzonE2uT0 Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Satya Nadella Acknowledges Cybersecurity Issues by Asking for a Pay Cut In a rare move Microsoft CEO Satya Nadella requested a 50% cut to his own incentive payout citing accountability for recent cybersecurity lapses"
YouTube Link 2024-10-30T15:18Z 13.5K followers, [---] engagements
"Cybersecurity Exec Brief: Malware Uses GPU Autonomous Robot Takeover Oracle Health Data Breach Malware Uses GPU for Payload Processing Zscaler ThreatLabz has identified a sophisticated malware family named CoffeeLoader first observed around September [----]. Designed to download and execute second-stage payloads while evading detection CoffeeLoader employs advanced techniques such as GPU-based code execution call stack spoofing sleep obfuscation and the use of Windows fibers. Notably it utilizes a specialized packer called Armoury which executes code on a system's GPU to complicate analysis in"
YouTube Link 2025-04-02T14:22Z 11.9K followers, [--] engagements
"Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending"
YouTube Link 2025-07-16T19:40Z 12.5K followers, [--] engagements
"Cybersecurity Exec Brief: Lazarus Group Nabs $1.5B Ransomware Crew Exposed AUS Blocks Kaspersky âž¡ Unprecedented Crypto Heist Targets Bybit Exchange In a record-breaking cyberattack cryptocurrency exchange Bybit suffered a loss exceeding $1.5 billion in Ethereum assets. The sophisticated breach involved manipulation of a routine transfer from a cold wallet to a warm wallet allowing attackers to reroute funds to an unknown address. Blockchain analysis firms have attributed this heist to the notorious Lazarus Group a North Korean state-sponsored hacking collective. Bybit has assured users that"
YouTube Link 2025-02-26T20:30Z 11.4K followers, [---] engagements
"Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending"
YouTube Link 2025-07-17T14:25Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: Critical M365 Copilot Issue GCP Breaks Internet Possible T-Mobile Breach EchoLeak vulnerability in Microsoft [---] Copilot Cybersecurity research firm Aim Labs has disclosed EchoLeak a critical zeroclick vulnerability (CVE202532711) in Microsoft [---] Copilot a generative AI assistant powered by RetrievalAugmented Generation (RAG). The flaw exploits promptinjection and LLMscope violationsattackers can send an innocuous email that triggers Copilot to silently exfiltrate confidential organizational data without any user action. Although Aim Labs reports no known customer"
YouTube Link 2025-06-18T14:14Z 15.1K followers, [---] engagements
"Armada Ransomware Series: Interesting Finds From Leaked Ransomware Crew Chat Logs Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Learn what ransomware crews talk about in private based on recently leaked chat logs. Discussion points include: - Where their offices are based (yes offices like a business) - How they use ChatGPT for phishing attempts - Possible connections to corrupt government officials See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective"
YouTube Link 2025-05-19T14:17Z 12.3K followers, [--] engagements
"CPRA: A Simple Intro to California Privacy Rights Act (CPRA) for Companies Trying to Comply In this webinar we will discuss the California Privacy Rights Act which takes effect on January [--] [----]. Specifically we will talk through where it came from who it applies to and how to begin your compliance journey: First we will talk about the Background What is the CPRA Who needs to comply Who is exempt Second we will talk about key compliance requirements Items such as disclosures data subject rights vendor contracts Third we will talk about immediate steps to get ready for CPRA Privacy notice"
YouTube Link 2022-11-21T21:37Z 11.1K followers, [----] engagements
"Cybersecurity Exec Brief: China Bad Actors Target the Top Supply Chain Attack Hits gluestack Download our [----] Cybersecurity Trends report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends China Nexus Threat Actors Hammer at the Doors of Top-Tier Targets A fresh report from SentinelLabs reveals a sharp escalation in cyber-espionage operations attributed to Chinese state-linked actors. Two threat groups including the known BackdoorDiplomacy and an as-yet unnamed cluster wielding a novel backdoor dubbed TAMECAT have launched targeted attacks against top-tier organizations in"
YouTube Link 2025-06-11T15:27Z 12.4K followers, [--] engagements
"California Privacy Rights Act (CPRA): Top [--] Tips for CPR Compliance IAPP Privacy Fellow Philip Brudney speaks with Christian Hyatt about the most critical elements of California's Privacy Rights Act CPRA compliance and how organizations can best prepare for the coming requirements. #cybersecurity #privacy #CPRA #risk3sixty"
YouTube Link 2020-11-06T16:39Z 11K followers, [----] engagements
"ISO [-----] Explained: A.5.1 Information Security Policy This video covers ISO [-----] Control Object A.5.1 Information Security Policy and the controls within. About this Series: The "ISO [-----] Explained" Series is a free learning series to help individual understand the ISO [-----] framework the controls and implementation guidance as well as typical audit evidence required during a certification audit. About risk3sixty: About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high growth technology organizations build manage and assess security and privacy"
YouTube Link 2021-04-23T16:48Z 11.4K followers, [----] engagements
"Armada Ransomware Series: Insider Details and Stats on How Ransomware Crews Operate Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Get an insider look (with numbers) at how ransomware crews operate including how: - Easy it is to start - Much has been paid out in ransomware demands - Ransomware crews operate like a business See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense: https://youtu.be/wW2jDHvevtg [--]. Double Extortion: When One"
YouTube Link 2025-05-19T14:17Z 12.3K followers, [--] engagements
"Cybersecurity Exec Brief: DeepSeek Hacked Google Revamps Chrome Store Russian Hackers Strike Again Exec Brief: DeepSeek suffers malicious cyber attack Google Launches Chrome Web Store Russian Hackers use Social Engineering for Initial Access 👉 Stay ahead of the latest cybersecurity threatsRegister for our [----] Cybersecurity Year in Review webinar: 🔗 https://hubs.ly/Q032ZPH50 🔹 Chinese AI App Under Attack DeepSeek the AI chatbot that recently overtook ChatGPT as the top free app on Apple's App Store has been hit with a massive cyberattack. While existing users remain unaffected this raises"
YouTube Link 2025-01-29T17:27Z 12.3K followers, [---] engagements
"Cybersecurity Exec Brief: Biden Blocks China Telecom Amazon Rejects M365 EPA Warns on Water HMIs Learn how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Biden Administration Moves to Block China Telecom Over National Security Threats In response to Chinas extensive hacking of U.S. telecommunications firms the Biden administration has initiated its first retaliatory measure by targeting the operations of China Telecom Americas a U.S. subsidiary of one of Chinas largest telecom firms. The"
YouTube Link 2024-12-20T17:12Z 11K followers, [---] engagements
"Cybersecurity Exec Brief: SharePoint Under Active Exploitation & Replit AI Gets a Mind of Its Own Critical SharePoint Vulnerabilities Under Active Exploitation Organizations running on-premises SharePointespecially [----] [----] and Subscription Editionneed to patch immediately. Threat actors are actively exploiting a deserialization vulnerability initially disclosed during Pwn2Own and later reverse engineered after Microsofts July Patch Tuesday updates. GreyNoise reports dozens of suspicious IPs scanning and attacking vulnerable instances with activity targeting the U.S. U.K. Germany and Spain."
YouTube Link 2025-07-23T18:56Z 15.1K followers, [---] engagements
"Introducing fullCircle's Insight Capable AI Chat Meet the future of compliance management. With fullCircles Insight Capable AI Chat you can ask complex questions about your program and get instant intelligent answers. Unlike generic AI fullCircles chat knows the ins and outs of your program your controls and your risks. That means faster answers smarter insights and compliance that actually works better. Learn more about fullCircle: https://risk3sixty.com/fullcircle-grc #GRC #AI #Compliance #Cybersecurity #Governance"
YouTube Link 2025-10-13T16:46Z 15.1K followers, [---] engagements
"How Much Does SOC [--] Cost (Example Business Case Review) Competitive Advantages of Obtaining a SOC [--] Report Why do companies choose to obtain a SOC [--] Report In this video we explore how those seeking to streamline their sales process and reduce barriers to doing business can leverage a SOC [--] report to communicate their security program to the market. Overview: 00:00 Intro 01:02 Introduction to SOC [--] 06:23 Market Drivers 09:28 The Business Case for SOC [--] 21:36 Communicating with the Executive Team 25:02 Maximizing your ROI 27:38 Other Considerations 29:41 Additional Resources 30:54 Q&A Download"
YouTube Link 2023-03-15T18:47Z 13.6K followers, [----] engagements
"Cybersecurity Exec Brief: Ethereum Dev Compromised ChatGPT-5 Jailbroken Threat Groups Unite Ethereum Developer Compromised via Malicious VS Code Extension An Ethereum developer was recently compromised after installing a third-party extensioncontractshark/solidity-langin Cursor a modified version of Visual Studio Code. The extension silently exfiltrated environment variables (.env file) exposing sensitive API keys and wallet credentials. The attack led to a wallet drain within days. With over [-----] downloads the malicious extension represents a successful supply chain attack. Fortunately the"
YouTube Link 2025-08-13T18:54Z 15.1K followers, [--] engagements
"The GRC Agentic AI Roadmap: Real-World Use Cases for Agentic AI in Your GRC Program (Part 2) Agentic AI isnt just hype its already transforming how GRC teams operate. In Part [--] of our four-part series we go beyond strategy and theory to show you real-world Agentic AI use cases being implemented inside complex GRC programs today. What Youll Learn in This Session: - How GRC leaders are applying Agentic AI across frameworks like SOC [--] ISO [-----] and PCI - A walkthrough of the GRC AI Maturity Model and where most teams are starting - Live demos of the Evidence Processing Agent and Control Testing"
YouTube Link 2025-09-24T02:31Z 15.1K followers, [---] engagements
"Armada Ransomware Series: How Do Ransomware Crews Attack Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends How do ransomware crews attack Initial access known tactics techniques and procedures (TTPs) include: - Social engineering: For remote access or credentials - Credential stuffing: From stealer logs or purchased - Public-facing vulnerabilities: CVEs custom research purchased [--] days See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense:"
YouTube Link 2025-05-19T14:17Z 12.3K followers, [--] engagements
"New in fullCircle GRC: Control-Specific Findings Management Gain real-time visibility into control health with fullCircle GRCs new Control-Specific Findings Management feature. This update allows users to: - View all findings tied directly to a control - Quickly add or link issues for streamlined audits - Prioritize and track findings by severity and due date - Strengthen your overall security and compliance posture Whether you're preparing for an audit or improving your control monitoring workflows this feature gives you the transparency and efficiency your GRC program needs. Learn more at:"
YouTube Link 2025-08-11T19:27Z 15.1K followers, [---] engagements
"#51: How to Use Compliance to Manage Security Risks (w/ John Bordwine) John Bordwine AVP Product & Cloud Compliance at Hyland shares his insight on leveraging security compliance to manage risk. John Bordwine is the AVP Product & Cloud Compliance at Hyland. Prior to Hyland John held leadership positions at Citrix and Symantec. In this episode of Tuesday Morning Grind John and Christian discuss how building a security compliance program isnt about check the box activities its about helping the organization manage risk. John shares his insight on building teams navigating compliance programs"
YouTube Link 2021-11-30T11:00Z 11.5K followers, [---] engagements
"Cybersecurity Exec Brief: Backdoor in Programmable Chips Akira Ransomware $1.5B Bybit Theft Get the [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends Possible Backdoor Found in Millions of Programmable Chips Researchers from Tarlogic Security have uncovered undocumented commands within Espressif's widely-used ESP32 microcontroller which facilitates Wi-Fi and Bluetooth connectivity in over a billion IoT devices. These hidden commands could enable attackers to spoof trusted devices gain unauthorized data access infiltrate other networked devices and"
YouTube Link 2025-03-12T14:09Z 11.4K followers, [---] engagements
"AI Security Concepts: Building vs. Using Pre-Trained AI Models in Cybersecurity In Episode [--] of the A.I. & Cybersecurity Series we dive into simplified deployment phase of AI models. Discover the pros and cons of training a model from scratch versus using pre-trained models like ChatGPT Llama and BERT and the resource impact of each choice. While these models are powerful theyre hosted on traditional software infrastructures like JavaScript and APIs which leaves them vulnerable to common software attacks. https://risk3sixty.com/offensive-security-team"
YouTube Link 2024-10-25T17:43Z 13.5K followers, [---] engagements
"SOC 2: Everything You Need to Get a SOC [--] Report This webinar covers the basics of a SOC [--] report what to expect during a SOC [--] audit and why a SOC [--] report may make sense for your organization. #SOC2 #cybersecurity #Compliance Download our Free Whitepaper - The Business Case for a SOC [--] Report: https://risk3sixty.com/whitepaper/business-case-for-soc-2/ 0:00 Introduction 1:05 SOC [--] Background and History 5:05 SOC [--] Scoping 8:25 SOC [--] Readiness and Audit Process 12:50 Typical Readiness and Audit Timeline 16:25 Typical Effort Breakdown by Resource 18:35 SOC [--] Tips and Commonly Asked Questions"
YouTube Link 2020-06-19T16:35Z 13.6K followers, 42.7K engagements
"Armada Ransomware Series: Double Extortion - When One Ransomware Attack Isn't Enough Download your free copy of our [----] Cybersecurity Trends Report: https://risk3sixty.com/whitepaper/2025-cybersecurity-trends You think one ransomware attack is bad Imagine getting hit again once you've met the initial ransomware demands. Ransomware crews are known for executing double extortion attempts and this video provides a glimpse on how they pull it off. See the rest of the Armada Ransomware Series: [--]. Understanding Blackbasta Ransomware Crew Techniques & Effective Tactical Defense:"
YouTube Link 2025-05-19T14:17Z 12.3K followers, [--] engagements
"Cybersecurity Executive Brief: Microsoft mandatory MFA for Azure National Public Data breach Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 Microsoft has announced that Multi-Factor Authentication (MFA) will become mandatory for all users of Azure. This move aims to bolster security by reducing the risks associated with password-only logins which are vulnerable to password spraying and other attacks. The mandatory MFA rollout will begin in September [----] with Microsoft"
YouTube Link 2024-08-21T14:26Z 10K followers, [---] engagements
"Privacy Shield was Invalidated - Now What In this video we will discuss the recent Privacy Shield invalidation and the relevant implications for companies. #privacy #PrivacyShield #Security"
YouTube Link 2020-07-29T23:29Z 12.3K followers, [---] engagements
"Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our"
YouTube Link 2025-10-15T19:05Z 15.1K followers, [---] engagements
"PCI DSS: How to Maintain Your PCI DSS Program Between Audits Please join risk3sixty for part [--] of our PCI DSS webinar series. So far we've discussed what you should do to ensure you get certified successfully. Now we'll dive into how you can effectively maintain your PCI program after certification is achieved Discover: 00:00 Intro 02:26 Why Organizations fall out of compliance 08:49 Maintaining Compliance 14:01 Best Practices for maintaining PCI compliance 37:21 Accelerator"
YouTube Link 2022-10-20T14:07Z 11.8K followers, [----] engagements
"Why MapLarge Chose Attack Surface Management With risk3sixty In this client conversation Cory Wolff Director of Offensive Security at risk3sixty sits down with Marvell Summerow Senior Security Program Manager at MapLarge to talk about Attack Surface Management (ASM). They cover: Why ASM uncovers risks traditional penetration tests miss How monthly ASM reports provide visibility into hidden assets and exposures The positive surprises MapLarge discovered early in their ASM journey The value of 24/7 monitoring compared to annual point-in-time tests Hear how MapLarge uses ASM as a critical layer"
YouTube Link 2025-09-04T19:33Z 15.1K followers, [--] engagements
"Stop Managing Controls Risk Registers and Security Gaps In Excel - Phalanx GRC Walkthrough Managing your GRC Program in Excel creates a lot of extra work for your team. Phalanx gets you out of tedious spreadsheets to make your team more resilient and efficient. Join risk3sixty CEO & Co-founder Christian Hyatt as he explores how Phalanx can help you take your GRC program to the next level. Agenda: 00:00 Intro 07:07 Roles & Responsibilities 10:35 Standard Operating Procedures 13:27 Technology (Get Out of Excel) 44:01 The Outcome 46:12 Q&A Download the Security Team Operating System here:"
YouTube Link 2023-01-09T22:22Z 11.9K followers, [----] engagements
"SOC [--] Explained - Series Introduction The "SOC [--] Explained" Series is a free learning series to help individuals understand the SOC [--] framework the controls and implementation guidance and the typical audit evidence required during a certification audit. Download our free Simple Guide to SOC for Cybersecurity here: https://risk3sixty.com/whitepaper/simple-guide-to-soc-for-cybersecurity/ About risk3sixty: About risk3sixty: risk3sixty is a security privacy and compliance consulting firm that helps high growth technology organizations build manage and assess security and privacy programs."
YouTube Link 2021-08-19T20:27Z 13.6K followers, [----] engagements
"Cybersecurity Exec Brief: Pentagon Stops Russian Offensive Ops 284M Accounts Stolen Cisco Targeted Learn more about Armada: https://risk3sixty.com/armada 📗 Defense Secretary Pete Hegseth has halted U.S. Cyber Command's offensive cyber operations against Russia to improve Kremlin relations and push for peace in Ukraine. The move confirmed Monday does not affect other agencies like the CIA or CISA. Coming ahead of Trumps meeting with Zelenskyy it raises concerns about national security. Critics fear it emboldens Russian cyber threats while supporters see a chance for diplomacy highlighting the"
YouTube Link 2025-03-05T17:13Z 11.3K followers, [--] engagements
"Cybersecurity Exec Brief: FBI Removes Chinese Malware Location Data Aggregator Breach Exposed Register for the [----] Cybersecurity Year in Review Webinar here: https://risk3sixty.com/webinars/2024-cybersecurity-year-review FBI Mass Deletes Chinese Malware from Thousands of US Computers U.S. authorities have successfully disrupted the operations of the Chinese state-backed hacking group "Twill Typhoon" (also known as "Mustang Panda") responsible for a years-long espionage campaign targeting millions of computers worldwide. In a court-authorized operation in August [----] U.S. law enforcement in"
YouTube Link 2025-01-17T19:46Z 11.1K followers, [---] engagements
"New in fullCircle GRC: Homepage Dashboard Report Export Save time and deliver executive-ready insights with fullCircle GRCs Homepage Dashboard Report Export feature. This update allows users to: - Instantly generate a professional PDF from your real-time dashboard - Share key metrics charts and widgets with stakeholders - Improve data accuracy and reduce manual reporting efforts - Deliver clear updates to leadership auditors or board members Streamline compliance reporting and make informed decisions faster. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #ComplianceReporting"
YouTube Link 2025-08-11T19:22Z 15.1K followers, [--] engagements
"Cybersecurity Exec Brief: Google Acquires Wiz Rippling Sues Deel Medusa Ransomware Hits [---] Orgs Google Acquires Wiz In a historic move Google has agreed to acquire cloud security firm Wiz for $32 billion marking its largest acquisition to date. This development follows Wiz's previous decision to decline a $23 billion offer from Google opting instead to pursue an initial public offering. Wiz founded in [----] has rapidly become a leader in cloud security serving 40% of Fortune [---] companies. The acquisition aims to bolster Google's cloud security offerings while allowing Wiz to maintain its"
YouTube Link 2025-03-19T18:44Z 11.4K followers, [---] engagements
"2024 Cybersecurity Year in Review: Lessons Trends and What's Next The cybersecurity landscape is shiftingare you ready In this exclusive webinar risk3sixty uncovers critical lesser-known trends and threats that will define cybersecurity in [----]. If you're looking for insights beyond the usual industry buzz this is for you. What Youll Learn: ✅ Top [--] lesser-known trends re-shaping cybersecurity in [----] ✅ Industry-specific insights for healthcare finance tech government SaaS & more ✅ Can't-miss breach takeaways and brand-new attack methods emerging right now ✅ Specific and actionable strategies"
YouTube Link 2025-03-03T19:46Z 11.3K followers, [---] engagements
"ISO 27701: Everything You Need to Get Certified for the ISO [-----] Privacy Framework ISO [-----] has quickly become a globally recognized mark of a company's commitment to its privacy program. Over the past [--] years risk3sixty has helped dozens of organizations prepare for and pass their ISO [-----] certification audits. Join us for this intro on everything you need to know. Overview: 00:00 Intro 00:30 What is ISO [-----] 04:19 The Business Case for ISO [-----] 08:51 The ISO Ecosystem 11:02 ISMS/PIMS 15:28 Annex A ISO [-----] 18:46 Annex B ISO [-----] 21:56 Processes and Timelines 30:57 Q&A For more"
YouTube Link 2023-02-09T19:56Z 13K followers, [----] engagements
"A Practical Guide to CMMC Implementation and Certification (risk3sixty + Schellman) CMMC is here and certification requirements are starting to show up in DoD contracts. In this session hosted by risk3sixty (advisory) and Schellman (assessment) you will learn - The CMMC rollout timeline and what to expect through [----] - How the certification process works (including the 4-phase C3PAO assessment flow) - Why scoping CUI/FCI correctly is one of the biggest drivers of cost effort and audit success. The session wraps with a live panel Q&A covering common readiness pitfalls assessor availability"
YouTube Link 2026-01-29T17:24Z 15.1K followers, [--] engagements
"Attack Surface Management (ASM) Part 2: Why Continuous ASM Beats Traditional Penetration Testing In Part [--] of our Attack Surface Management (ASM) Field Guide Series Cory Wolff breaks down the real differences between penetration testing and ASM and why point-in-time assessments alone cant keep up with todays threat landscape. Youll Learn - Why continuous always-on ASM matters as environments change daily (new assets new SaaS apps new exposures) - How modern breaches often start with stolen credentials and rapid vulnerability exploitation not just known assets on a scan list. - How ASM helps"
YouTube Link 2025-12-18T18:45Z 15.1K followers, [--] engagements
"Introducing Framework Deployment for fullCircle Managing multiple compliance frameworks across a growing business can get messy fast. Duplicate controls endless spreadsheets and constant remapping are just some of the challenges GRC professionals face just to keep everything aligned. How do you solve this Introduce Framework Deployment in fullCircle: A smarter way to add and manage frameworks like ISO [-----] ISO [-----] CMMC PCI DSS and more without multiplying the workload. Built by the compliance experts at risk3sixty Framework Deployment gives you: - Pre-configured control libraries designed"
YouTube Link 2025-12-15T19:17Z 15.1K followers, [--] engagements
"CMMC Part 2: How to Add CMMC to an Existing SOC [--] or ISO [-----] Program In Part [--] of our CMMC webinar series risk3sixtys Christian White (President & Co-Founder) and Andrew Parks (Manager Advisory and Assurance) walk through how to layer CMMC onto an existing SOC [--] or ISO [-----] program without creating duplicate work bloated scope or audit fatigue. Learn how to use what youve already built to meet CMMC requirements where the frameworks overlap and where youll need to make net-new investments especially around scoping and technical rigor. What Youll Learn: - Why CMMC scope is narrower and more"
YouTube Link 2025-12-11T15:47Z 15.1K followers, [--] engagements
"CMMC Series Part 1: Everything You Need to Get Certified (Levels 1-3 Scoping & Audit Process) The Cybersecurity Maturity Model Certification (CMMC) is now live and every organization in the DoD supply chain will need to comply. In this deep-dive session risk3sixty experts break down exactly what you need to know to prepare for CMMC Levels 1-3 scope your environment understand timelines and navigate the new phased rollout through [----]. Whether you're a prime contractor or a subcontractor this walkthrough will help you understand your requirements avoid common pitfalls and confidently prepare"
YouTube Link 2025-11-24T16:09Z 15.1K followers, [---] engagements
"Attack Surface Management (ASM) Part 1: Getting Started With Enterprise ASM Every organization has an external attack surface but few have full visibility into it. In Part [--] of our Attack Surface Management (ASM) series the risk3sixty Armada team breaks down what it takes to stand up an enterprise-grade ASM program that continuously identifies and mitigates exposure across your digital footprint. Youll learn: - What ASM is and how it differs from traditional penetration testing - Key components of an enterprise ASM program from asset discovery to continuous monitoring - Common blind spots and"
YouTube Link 2025-11-17T16:26Z 15.1K followers, [---] engagements
"GRC Agentic AI Roadmap: Security & Governance Considerations for Your Agentic AI Program (Part 4) As AI systems evolve from simple automation to agentic decision-making strong governance and security become non-negotiable. In Part [--] of our GRC Agentic AI Roadmap series the experts at risk3sixty break down how to establish the right guardrails controls and monitoring to ensure your Agentic AI program remains secure compliant and aligned with organizational risk appetite. Youll learn: - How to align AI initiatives with ISO [-----] and emerging governance frameworks - Security best practices to"
YouTube Link 2025-11-17T16:13Z 15.1K followers, [---] engagements
"How Juvare Became an ISO [-----] Early Adopter with risk3sixty Juvare a global leader in emergency management and resilience technology is among the first organizations pursuing ISO [-----] to responsibly govern AI across both operations and product innovation. Ed Jones Information Security Manager at Juvare shares how his team partnered with risk3sixty to integrate AI governance into an already mature compliance program spanning ISO [-----] SOC [--] FedRAMP and more. Youll learn: - Why Juvare proactively embraced AI governance before customers began asking - How ISO [-----] builds on an integrated"
YouTube Link 2025-11-05T21:20Z 15.1K followers, [---] engagements
"An In-Depth Look at Attack Surface Management (ASM) with risk3sixty Your attack surface is bigger and changing faster than you think. Annual security testing doesnt cut it anymore. In this video risk3sixtys President Christian White and Director of Offensive Security Cory Wolff break down modern Attack Surface Management (ASM): What it is how it works and why leading organizations are adopting continuous security. Through real-world examples and even a military base defense analogy well show how ASM helps teams: - Continuously discover unknown assets and exposures - Detect threats like"
YouTube Link 2025-10-31T14:27Z 15.1K followers, [--] engagements
"GRC Agentic AI Roadmap: Lets Build a GRC AI Agent Together (Part 3) Agentic AI is here and GRC teams are already putting it to work. In Part [--] of The GRC Agentic AI Roadmap we move from concept to construction. Youve seen the business case and real-world examples. Now its time to build your first GRC AI agent. What Youll Learn: - Why building an agent is the next critical step in the GRC AI journey - How to apply a repeatable build framework to your program - A real-world build from idea to measurable impact - How to get started quickly even with limited internal AI expertise Part 1: Building"
YouTube Link 2025-10-31T14:20Z 15.1K followers, [---] engagements
"Harmonizing & Scaling Compliance Part 1: Establishing the Foundation for Streamlined Controls Welcome to Part [--] of our Scaling Compliance series: Establishing the Foundation for Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) explain why compliance leaders should prioritize scaling and streamlining control sets before growth and complexity take over. Youll learn: - Why managing multiple frameworks in Excel or SharePoint quickly becomes unmanageable - How client sector and regulatory"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"Harmonizing & Scaling Compliance Part 2: How to Implement Streamlined Controls Welcome to Part [--] of the Scaling Compliance series: How to Implement Streamlined Controls. In this session Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Alex Sullivan (Advisory & Assurance Associate) share practical tactics for building a scalable compliance program that harmonizes multiple frameworks into one integrated structure. Youll learn: - How to harmonize governance and eliminate siloed frameworks - Why harmonized policies and processes reduce duplication and confusion - A step-by-step"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"Harmonizing & Scaling Compliance Part 3: Advancing Maturity and Continuous Improvement In the final installment of the Scaling Compliance series Sawyer Miller (Director of Advisory & Assurance at risk3sixty) and Kristen Riess (Advisory & Assurance Senior Associate) discuss how to take your compliance program beyond the basics and drive continuous improvement. This session is designed for teams who have already harmonized frameworks and want to strengthen long-term resilience. Youll learn: - How to advance from reactive compliance to proactive data-driven program management - The role of KPIs"
YouTube Link 2025-10-29T16:39Z 15.1K followers, [--] engagements
"The AI-Powered Assistant Built for GRC Teams fullCircle AI Assist Panel Meet the Assist Panel your always-on consultant in fullCircle AI Chat. The Assist Panel brings instant context-aware insights right where you work. See related tasks risks and evidence without leaving your flow. When you switch controls it updates automatically. With the Assist Panel you can: - Save time and eliminate context-switching - Understand connections faster - Act confidently with AI-powered insights Available now in fullCircle AI. Select the Assist tab to get started"
YouTube Link 2025-10-27T18:58Z 15.1K followers, [--] engagements
"How Seriously Should GRC Teams Take AI In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:41Z 15.1K followers, 50.6K engagements
"How Seriously Should GRC Teams Take AI AI is everywhere but how much of it really matters for GRC In this short clip risk3sixtys team shares the turning point that made them take AI seriously the three trends that changed their perspective and why GRC leaders cant afford to wait and see. Watch the full webinar to learn how Agentic AI is reshaping GRC programs and where to start building real capability inside your team: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:40Z 15.1K followers, 247.6K engagements
"Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:37Z 15.1K followers, 56.6K engagements
"Build AI Capable GRC Teams with Agentic AI GRC teams are moving from manual tasks to lean and efficient operations inside the platform. Agentic AI automates routine work adds expertise on demand and frees your team to focus on strategy and organizational change. In this clip we explain what AI capable looks like and how to engineer automation into your program. Watch the full webinar to see real examples platform workflows and the roadmap for adopting Agentic AI in GRC: https://www.youtube.com/watchv=ux37Xw0YKUY Learn more about GRC Agentic AI: https://risk3sixty.com/grc-agentic-ai"
YouTube Link 2025-10-21T18:36Z 15.1K followers, 497.5K engagements
"How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk"
YouTube Link 2025-10-21T17:52Z 15.1K followers, 168.5K engagements
"Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore ISO [-----] resources:"
YouTube Link 2025-10-21T17:51Z 15.1K followers, 208.4K engagements
"How to Implement ISO 42001: A 3-Step Framework for Success In this clip Christian Hyatt CEO of risk3sixty shares the three-step implementation process our team uses to help organizations build a compliant and effective AI Management System (AIMS). Youll learn: - The [--] core steps to structure your ISO [-----] implementation - Common gaps and key workstreams to expect - Typical stakeholders and effort levels involved - What a standard ISO [-----] timeline looks like Watch the full session and explore our ISO [-----] resources: https://www.youtube.com/watchv=_wPkgeamFSk"
YouTube Link 2025-10-21T17:49Z 15.1K followers, 367.8K engagements
"Why ISO [-----] Matters: The New Standard for Managing AI Risk Risk3sixty has led some of the worlds first ISO [-----] implementations the new global standard for AI risk management. In this short clip Christian Hyatt CEO of Risk3sixty explains: - Why ISO [-----] emerged just one year after ChatGPTs release - How early adopters are approaching certification - Why AI risk management is quickly becoming a revenue blocker if ignored The bottom line: Just like security and privacy managing AI risk is now table stakes for doing business. Watch the full webinar and explore more ISO [-----] resources:"
YouTube Link 2025-10-21T17:48Z 15.1K followers, 140.8K engagements
"Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our"
YouTube Link 2025-10-21T14:32Z 15.1K followers, [--] engagements
"Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats"
YouTube Link 2025-10-21T14:30Z 15.1K followers, 191.7K engagements
"What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or"
YouTube Link 2025-10-21T14:29Z 15.1K followers, 157.5K engagements
"Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty"
YouTube Link 2025-10-21T14:20Z 15.1K followers, [--] engagements
"Why Cybersecurity Needs Continuous Testing (Not Point-in-Time Checks) Learn more about securing your full attack surface continuously: https://risk3sixty.com/learn-more-asm Why Continuous Testing Is the Future of Cybersecurity In cybersecurity one test a year isnt enough when your digital perimeter is under constant threat. In this clip featuring experts from risk3sixty we draw a powerful parallel between military base security and modern information security. Just like a base requires 24/7 monitoring to prevent breaches your organizations attack surface demands continuous testing. Hear our"
YouTube Link 2025-10-15T19:05Z 15.1K followers, [---] engagements
"Why Penetration Tests Alone Arent Enough Continuous Security with Attack Surface Management (ASM) Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm Penetration Testing Isnt Enough Anymore & Heres Why Traditional penetration tests give valuable insights but only at a single point in time. In todays fast-changing threat landscape your attack surface evolves daily through new products mergers and innovation. Thats why a continuous proactive approach to security is critical. Attack Surface Management (ASM) helps organizations stay ahead of threats"
YouTube Link 2025-10-15T19:05Z 15.1K followers, 194.6K engagements
"Introducing fullCircle's Insight Capable AI Chat Meet the future of compliance management. With fullCircles Insight Capable AI Chat you can ask complex questions about your program and get instant intelligent answers. Unlike generic AI fullCircles chat knows the ins and outs of your program your controls and your risks. That means faster answers smarter insights and compliance that actually works better. Learn more about fullCircle: https://risk3sixty.com/fullcircle-grc #GRC #AI #Compliance #Cybersecurity #Governance"
YouTube Link 2025-10-13T16:46Z 15.1K followers, [---] engagements
"How to Add ISO [-----] to Your ISO [-----] Program with risk3sixty + Schellman In this expert session risk3sixty and Schellman team up to walk through the business case implementation strategy and certification process for ISO 42001designed specifically for organizations already managing an ISO [-----] program. Speakers: Christian Hyatt CEO & Co-Founder risk3sixty Danny Manimbo Principal & ISO AI Services Leader Schellman What Youll Learn: - How ISO [-----] builds on ISO [-----] for AI governance - Key differences overlaps and integration strategies - A 3-step implementation model used by top companies"
YouTube Link 2025-09-25T15:32Z 15.1K followers, [----] engagements
"The GRC Agentic AI Roadmap: Real-World Use Cases for Agentic AI in Your GRC Program (Part 2) Agentic AI isnt just hype its already transforming how GRC teams operate. In Part [--] of our four-part series we go beyond strategy and theory to show you real-world Agentic AI use cases being implemented inside complex GRC programs today. What Youll Learn in This Session: - How GRC leaders are applying Agentic AI across frameworks like SOC [--] ISO [-----] and PCI - A walkthrough of the GRC AI Maturity Model and where most teams are starting - Live demos of the Evidence Processing Agent and Control Testing"
YouTube Link 2025-09-24T02:31Z 15.1K followers, [---] engagements
"Why MapLarge Chose Attack Surface Management With risk3sixty In this client conversation Cory Wolff Director of Offensive Security at risk3sixty sits down with Marvell Summerow Senior Security Program Manager at MapLarge to talk about Attack Surface Management (ASM). They cover: Why ASM uncovers risks traditional penetration tests miss How monthly ASM reports provide visibility into hidden assets and exposures The positive surprises MapLarge discovered early in their ASM journey The value of 24/7 monitoring compared to annual point-in-time tests Hear how MapLarge uses ASM as a critical layer"
YouTube Link 2025-09-04T19:33Z 15.1K followers, [--] engagements
"The GRC Agentic AI Roadmap: How to Implement Agentic AI in Your GRC Program (Part 1) Welcome to Part [--] of the GRC Agentic AI Roadmap Series. In this session we cut through the hype around AI and Agentic AI to deliver a clear actionable roadmap for GRC leaders who want to leverage AI to transform how their teams operate. This isn't theory it's built from real-world experience. Our team at risk3sixty has helped organizations ranging from high-growth tech companies to Fortune 10s implement AI into their governance risk and compliance functions and we've built our own GRC platform powered by"
YouTube Link 2025-09-04T19:30Z 15.1K followers, [----] engagements
"Why Attack Surface Management Beats Bug Bounty Programs Learn more about why attack surface management is better than bug bounties: https://risk3sixty.com/learn-more-asm Bug bounty programs sound great you only pay for valid findings. But the hidden costs add up fast: - Admin overhead managing scope and policies - Triaging and validating endless submissions - Sorting through noise duplicates and low-priority reports All of that pulls time away from your security team. Thats why many organizations are finding Attack Surface Management (ASM) more effective. With ASM especially at risk3sixty"
YouTube Link 2025-08-27T19:45Z 15.1K followers, [---] engagements
"Inside Infostealers: Evasion Exploitation and Lessons from Change Healthcare and Snowflake Infostealers have become one of the fastest-growing threats in cybersecurity fueling major breaches and enabling attackers to quietly steal credentials financial data and sensitive IP. In this technical session Cory Wolff (Director of Offensive Security) and Nick Swink (Senior Security Consultant) from risk3sixty break down the full lifecycle of infostealers including: - What infostealers are and how attackers use them - Delivery methods like malvertising and Telegram-based C2 - Technical deep dive into"
YouTube Link 2025-08-26T19:02Z 15.1K followers, [---] engagements
"What is Attack Surface Management (ASM) & Why It Matters Learn more about securing your full attack surface: https://risk3sixty.com/learn-more-asm 80% of cyber breaches start with unknown exposures. Thats why Attack Surface Management (ASM) is critical. Heres what it is and why it matters. Attack Surface Management (ASM) is one of the most important cybersecurity practices organizations can adopt today. But what does ASM really mean and why does it matter In this video we break down the basics: ASM continuously scans for exposures like forgotten subdomains misconfigured cloud storage or"
YouTube Link 2025-08-18T14:00Z 15.1K followers, 187.4K engagements
"Cybersecurity Exec Brief: Ethereum Dev Compromised ChatGPT-5 Jailbroken Threat Groups Unite Ethereum Developer Compromised via Malicious VS Code Extension An Ethereum developer was recently compromised after installing a third-party extensioncontractshark/solidity-langin Cursor a modified version of Visual Studio Code. The extension silently exfiltrated environment variables (.env file) exposing sensitive API keys and wallet credentials. The attack led to a wallet drain within days. With over [-----] downloads the malicious extension represents a successful supply chain attack. Fortunately the"
YouTube Link 2025-08-13T18:54Z 15.1K followers, [--] engagements
"ISO [-----] Basics: What It Is and How to Get Certified Fast Learn more about the process for becoming ISO [-----] certified: https://risk3sixty.com/iso-42001 Download the ISO [-----] Overview for Business Leaders here: https://risk3sixty.com/whitepaper/iso-42001-overview-business-leaders Are you building AI products or integrating AI into your organization Then ISO [-----] should be on your radar. In this webinar Christian Hyatt CEO and Co-Founder of risk3sixty breaks down what ISO [-----] is why it matters for your business and how to build a certification roadmap. Learn how to align ISO [-----] with"
YouTube Link 2025-08-13T18:13Z 15.1K followers, [----] engagements
"New in fullCircle GRC: Control-Specific Findings Management Gain real-time visibility into control health with fullCircle GRCs new Control-Specific Findings Management feature. This update allows users to: - View all findings tied directly to a control - Quickly add or link issues for streamlined audits - Prioritize and track findings by severity and due date - Strengthen your overall security and compliance posture Whether you're preparing for an audit or improving your control monitoring workflows this feature gives you the transparency and efficiency your GRC program needs. Learn more at:"
YouTube Link 2025-08-11T19:27Z 15.1K followers, [---] engagements
"New in fullCircle GRC: Risk and Task Linking in Framework Controls Track and manage your compliance program more efficiently with fullCircle GRCs Risk and Task Linking in Framework Controls feature. This update allows users to: - View and manage risks and tasks directly within any framework control - Link or unlink items with two-way visibility across the platform - Maintain traceability for better audit readiness and gap remediation - Use a consistent interface across organizational and framework controls This enhancement improves oversight and streamlines your GRC workflows. Learn more at:"
YouTube Link 2025-08-11T19:26Z 15.1K followers, [---] engagements
"New in fullCircle GRC: Evidence Object Scoping in Controls Module Get more precision and filtering power in fullCircle GRC with the new Evidence Object Scoping feature. This update allows users to: - Add and manage scopes directly on evidence objects - Mirror familiar scoping functionality used in controls - Automatically apply scopes to existing linked evidence - Filter dashboards and reports by evidence scope This enhancement improves reporting accuracy and streamlines evidence tracking across your GRC program. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #Compliance"
YouTube Link 2025-08-11T19:24Z 15.1K followers, [--] engagements
"New in fullCircle GRC: Homepage Dashboard Report Export Save time and deliver executive-ready insights with fullCircle GRCs Homepage Dashboard Report Export feature. This update allows users to: - Instantly generate a professional PDF from your real-time dashboard - Share key metrics charts and widgets with stakeholders - Improve data accuracy and reduce manual reporting efforts - Deliver clear updates to leadership auditors or board members Streamline compliance reporting and make informed decisions faster. Learn more at: https://risk3sixty.com/fullcircle-grc #GRC #ComplianceReporting"
YouTube Link 2025-08-11T19:22Z 15.1K followers, [--] engagements
"Introducing fullCircle AI: In-Platform Compliance & Security Assistance Meet fullCircle AI your always on assistant for security and compliance. Now built directly into the fullCircle platform this AI-powered tool helps you: - Get instant answers to compliance and security questions - Draft summarize and clarify information without leaving your session - Receive responses tailored specifically to cybersecurity and compliance contexts Example uses: Risk management guidance Security awareness training best practices and lots more Whether youre preparing for an audit or managing daily compliance"
YouTube Link 2025-08-11T17:29Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: SharePoint Under Active Exploitation & Replit AI Gets a Mind of Its Own Critical SharePoint Vulnerabilities Under Active Exploitation Organizations running on-premises SharePointespecially [----] [----] and Subscription Editionneed to patch immediately. Threat actors are actively exploiting a deserialization vulnerability initially disclosed during Pwn2Own and later reverse engineered after Microsofts July Patch Tuesday updates. GreyNoise reports dozens of suspicious IPs scanning and attacking vulnerable instances with activity targeting the U.S. U.K. Germany and Spain."
YouTube Link 2025-07-23T18:56Z 15.1K followers, [---] engagements
"How to Harmonize Compliance Across Business Units Managing ISO SOC [--] PCI HITRUST and Others In this webinar risk3sixty's Kevin Ketts (CTO) and Carlin Cole (Product Manager) guide you through a controlcentric GRC approach to streamline compliance across multiple frameworks and business units; no more duplicate audits or lastminute scrambles. Learn: 00:00 Why harmonization matters 01:45 Top GRC team challenges: time expertise tools 04:20 The multiframework dilemma explained 07:10 How fullCircles platform harmonizes controls & evidence 12:30 Continuous compliance: spread work over time 17:00"
YouTube Link 2025-07-17T15:03Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: Gemini's Prompt Injections Citrix Critical Leak Car Infotainment Flaw Here's what's happening in cybersecurity this week 👇 Google Gemini is vulnerable to a new type of prompt injection that uses invisible text in emails. When users ask Gemini to summarize these emails the AI reads and executes hidden instructions embedded in white-on-white text - all without the user ever seeing them. The attacker's instructions can manipulate Gemini into leaking sensitive data. Citrix just patched another critical memory vulnerability they're calling "CitrixBleed 2". By sending"
YouTube Link 2025-07-17T14:25Z 15.1K followers, [---] engagements
"SOC [--] + AI: How to Report on Artificial Intelligence Risk and Compliance With AI use accelerating security leaders are asking "how do we prove we're using AI responsibly" In this video Christian Hyatt (CEO risk3sixty) and Phil Brudney (Director of Privacy and Quality Assurance risk3sixty) walk through how companies can incorporate AI risk management into their existing SOC [--] report. You'll learn what criteria to include how to structure a defensible program and what a SOC [--] + AI audit looks like in practice. What Youll Learn: 00:00 Why add AI to your SOC [--] report 02:25 Business case: risk"
YouTube Link 2025-07-16T17:30Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: M365 Exploit NK Fraud Scattered Spider Resurfaces Microsoft [---] Direct Send Exploited in Phishing Campaigns Attackers are abusing Microsoft 365s Direct Send feature to send spoofed internal emailsbypassing filters and tricking users with fake voicemail alerts and QR code phishing links. The technique relies on smart-host addresses and unauthenticated PowerShell commands to deliver payloads that appear trusted. Admins should disable Direct Send enforce hard-fail SPF/DMARC and educate users on quishing. More reading:"
YouTube Link 2025-07-02T15:07Z 15.1K followers, [---] engagements
"Cybersecurity & Compliance: How RxLink Navigated SOC [--] with risk3sixty Joseph Jackson co-founder of RxLink and serial entrepreneur shares how his team tackled compliance challenges with the help of risk3sixty while selling into Fortune [--] healthcare companies. He talks about how risk3sixty helped them choose SOC [--] and build a right-sized program during a tight six-month audit timeline. In this conversation Joe explains how compliance with the right partner can support growth instead of slowing it down why cultural buy-in matters more than checkboxes and what companies need to know when"
YouTube Link 2025-06-30T14:49Z 15.1K followers, [---] engagements
"Cybersecurity Exec Brief: Critical M365 Copilot Issue GCP Breaks Internet Possible T-Mobile Breach EchoLeak vulnerability in Microsoft [---] Copilot Cybersecurity research firm Aim Labs has disclosed EchoLeak a critical zeroclick vulnerability (CVE202532711) in Microsoft [---] Copilot a generative AI assistant powered by RetrievalAugmented Generation (RAG). The flaw exploits promptinjection and LLMscope violationsattackers can send an innocuous email that triggers Copilot to silently exfiltrate confidential organizational data without any user action. Although Aim Labs reports no known customer"
YouTube Link 2025-06-18T14:14Z 15.1K followers, [---] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing