Cybersecurity Workforce Design: Reducing Burnout, Clarifying Accountability, and Aligning Incentives with Dan Duffy

Innovation comes in many areas, and compliance professionals need to not only be ready for it but also embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits Dan Duffy, the Cyber Practice lead at Consulting Solutions and a longtime cybersecurity and executive-search professional. They chat about the paradox of rising security spend alongside increasing burnout and turnover. Duffy argues organizations cannot hire their way out of broken structures: undefined workflows, lack of playbooks, shadow IT, fragmented accountability, and excessive alert volumes cause teams to drown, making burnout a business risk rather than an HR metric. He emphasizes auditing workforce design, mapping workflow needs, and ensuring executive and board-level support, including proper CISO reporting lines and authority. They discuss the emerging demand for an AI compliance officer, the need for AI governance ownership and accountability, and misaligned incentives in which security is treated as a late-stage tax rather than a design principle. Duffy advocates maturity-focused programs, incident-informed leadership, and stronger entry-level pipelines. Key highlights: The Cyber Talent Crisis Burnout as Business Risk AI Governance Accountability Building for Long-Term Success Future Workforce Pipeline Advice for New Entrants Rethinking Workforce Strategy Resources: Connect with Dan Duffy on LinkedIn Consulting Solutions Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation comes in many areas, and compliance professionals need to not only be ready for it but also embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Mouhcine Jalili, VP of Growth – iGaming at Software Mind, on reframing iGaming compliance as a design, delivery, and platform challenge rather than an end-stage legal checklist. Mouhcine argues compliance failures often stem from siloed teams, fragmented legacy platforms, inconsistent vendor integrations (B2B2C), and release management across jurisdictions with differing rules (e.g., spin time, buy-bonus features). He emphasizes strong release governance, modular and configurable architectures, automated controls that cannot be bypassed, and real-time monitoring and alerts to prevent harm, including responsible gambling interventions based on early behavioral signals. Scaling successfully requires standardization and automation while allowing local configuration and avoiding post-acquisition data fragmentation. Over the next 3–5 years, he expects operational compliance to become more engineering- and data-driven, with tighter integration among compliance, product, and engineering teams. Key highlights: Compliance As Design Platform Breaking Silos With Automation KYC Data And Onboarding Gaps Integrity And Preventive Controls Future Engineering Driven Compliance Resources: Connect with Mouhcine Jalili on LinkedIn Software Mind on Linkedin Software Mind Website Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation comes in many areas, and compliance professionals need to not only be ready for it but also embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Tim Morss, CEO at SpeakUp, about the evolution of speak-up systems from the employee perspective. Morss describes his background in compliance technology and SpeakUp’s global footprint, emphasizing that employee expectations favor frictionless, mobile-first, intuitive reporting with transparency and feedback over 800-number hotlines and complex forms. He notes common program gaps: hard-to-find reporting channels, poor mobile experiences, overreliance on telephony (especially problematic for non-English speakers), insufficient guidance on what to report, and weak trust due to lack of follow-up and perceived inaction. They consider generational preferences, privacy-aware deployment, such as QR code placement, and AI use cases such as multilingual voice intake for illiterate supply-chain workers, while cautioning against unsafe AI practices and autonomous decision-making. Morss highlights investigative management as a major opportunity beyond basic case repositories and forecasts greater AI-driven integration with in-house systems amid geopolitical and regulatory divergence. Key highlights: Employee Expectations Shift Common SpeakUp Mistakes Trust and Anti-Retaliation Gen Z Reporting Channels AI Voice for Workers One Practical CCO Tip Resources: Connect with Tim Morss on LinkedIn SpeakUp Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Nikunj Bajaj, Co-founder & CEO at TrueFoundry, about enterprise agentic AI infrastructure, governance, and hidden costs most organizations are not accounting for. Nikunj describes TrueFoundry’s platform as a single control plane for enterprises to build, ship, and govern agentic AI applications, inspired by Meta’s internal ML stack, which he says is about a decade ahead of the rest of the industry. He argues enterprises over-focus on model and tool selection when problem definition and effective use are the real constraints. On governance, he identifies two failure modes: avoiding meaningful use cases entirely to sidestep governance risk, or trying to solve all governance problems up front and never reaching ROI. Successful teams implement application-specific controls iteratively, starting with a few high-value use cases rather than hundreds of low-value ones. He highlights that model inference accounts for only about 20% of total generative AI spend, with the majority of spend concentrated in infrastructure, engineering, and debugging, creating cost-allocation and budget-control challenges for compliance teams. For auditability, he argues that an agent without full decision traces is “a liability with an API key,” and walks through how end-to-end tracing enables audit readiness, faster debugging, and proactive attack detection. He closes by advocating centralized control via a unified AI gateway while enabling federated development and tailoring guardrails to whether your exposure surface is external or internal. Key highlights: Stop Chasing Tools Governance vs Speed Hidden AI Costs Agent Auditability Board Level Priorities Resources: Connect with Nikunj Bajaj LinkedIn – Nikunj Bajaj Learn More About TrueFoundry TrueFoundry Website TrueFoundry on LinkedIn

Innovation spans many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Noor Aziz, a Saudi Arabia–based governance, risk, and compliance professional with extensive ISO lead auditor credentials, internal audit and controls experience, and a growing focus on AI governance. Noor argues that effective compliance must be practical and business-friendly—clear ownership, escalation, accountability, and evidence—so it still functions under operational pressure rather than becoming bypassed. She emphasizes leadership commitment, culture shaped by observed behavior, and integrated GRC to reduce silos that create duplication, inconsistent reporting, and “governance fatigue.” On AI, she frames governance as a board-level issue because adoption is outpacing accountability, creating future scrutiny around oversight, traceability, and defensibility; she notes, “capability without governance eventually creates instability.” She recommends change management, micro-learning, and ongoing communications, and concludes that governance is organizational infrastructure, not administrative overhead. Key highlights: Integrating Controls, Audit, and Risk Breaking Down GRC Silos Why AI Governance Is Board Level Culture When Nobody’s Watching Training That Actually Works: Microlearning and Ongoing Comms Why Frameworks Fail in Execution Maturing Governance for Business Value Resources: Connect with Noor Aziz on LinkedIn Innovation in Compliance was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with George Tziahanas, VP of Compliance and Associate General Counsel at Archive360. Tom interviews George Tziahanas on why organizations must move beyond data storage to providing data integrity, lineage, and accountability as a foundation for AI readiness. George defines “data defensibility” as the ability to defend how AI systems were trained and operate when AI decisions are not easily explainable, such as in rules-based automation, emphasizing upstream data provenance, monitoring, and audit trails. They discuss increasing regulator and stakeholder focus on authority and accountability, and how litigation can shape compliance, citing early e-discovery practices influenced by the Zubulake v. UBS Warburg decision and enforcement context involving former New York AG Elliot Spitzer. George uses the Mercor breach to show supply-chain and confidentiality risks in AI training data and notes that regulators and plaintiffs may rely on existing laws. He highlights risks from weak data governance, dark data, and legacy archives. He recommends asset/data inventories, migrating data off insecure legacy systems, risk-tiering AI use cases, extending ISO/NIST frameworks, and building observability to enable faster, responsible AI adoption. Key highlights: What Data Defensibility Means Litigation Shapes Compliance Weak Data Governance Risks Managing Legacy Archive Data Governance Accelerates AI Dark Data Explained What Success Looks Like Resources: George Tziahanas on LinkedIn Archive360 Articles by George Tziahanas Beyond Retention: Why AI Governance in 2026 is a Defensibility Problem Keeping Data in Check: The Importance of Data Defensibility

Innovation comes in many forms, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, host Tom visits with Dr. Dennis Cummins to discuss his new book, “Invitational Selling: The Human Connection Advantage.” Dr. Dennis Cummins, a globally recognized authority on invitational selling, champions a sales approach that prioritizes building authentic connections over traditional hard-sell techniques. Rooted in his extensive experience selling from the stage, Dr. Cummins believes in the transformative power of meaningful conversations to understand and effectively meet customer needs. His philosophy is detailed in his new book, “Invitational Selling: The Human Connection Advantage,” which promotes inviting customers to engage rather than pressuring them into a purchase, fostering authentic relationships that extend beyond mere transactions. Proceeds from the book benefit the Make-A-Wish Foundation. His book also underscores the potential of invitational selling to inspire collaboration within organizations and families, reflecting his commitment to empowering others through shared skills and talents. Key highlights: Relationship-Driven Sales Approach Invitational Leadership for Employee Engagement Profitability through Open Communication Culture Humanizing AI to Build Trust and Connection Invitational Selling: Creating Authentic Business Connections Resources: Dr. Dennis Cummins on LinkedIn Dr. Dennis Cummins Website Invitational Selling: click here  Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation occurs across many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with Jeff Kushner, a compliance and IT security leader at Allgress. Jeff talks about “compliance drift,” where external obligations such as laws, frameworks like NIST/ISO/CIS, customer and licensing requirements, fall out of alignment with internal governance policies, procedures, and contracts, creating silent gaps that surface only during audits or incidents. They discuss the added volatility from business and geopolitical changes and identify industries most exposed to hidden compliance risks, including small and mid-sized businesses, AI-focused organizations, behavioral health clinics managing many frameworks across multiple sites with drop-in audits, and small DoD contractors facing CMMC. Jeff argues that traditional spreadsheet-based or audit-centric GRC is static and point-in-time. He describes Reg Watch as a complementary regulatory intelligence layer that continuously monitors 3,000+ global standards, provides real-time alerts, explains changes in plain English, and provides sample policies and implementation steps, along with supporting documentation and follow-up validation. Key highlights: Compliance Drift Explained Volatility Beyond Regulations Why Old GRC Fails Reg Watch Intelligence Layer Documenting Actions and Proof Resources: Jeff Kushner on LinkedIn Allgress Innovation in Compliance was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.

Innovation comes in many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom visits Deb Krier to discuss her work coaching primarily executives after serious cancer diagnoses. Deb discusses the unique leadership challenges of privacy, disclosure, and maintaining credibility while undergoing treatment. Deb, a corporate communications professional and founder of Wise Women Communications, discusses what leaders should share with boards, HR, close colleagues, and clients, emphasizing the importance of controlling the narrative to prevent rumors and coordinating with medical teams to plan around energy levels, treatment, and time away. She describes resilience as “grit,” encourages leaders to delegate and empower teams, and urges organizations to strengthen business continuity and contingency planning so no single person holds ultimate authority. Deb highlights the importance of a support “tribe,” the benefits of humor, and advises compliance professionals to listen with empathy while addressing any legal disclosure obligations. Key highlights: Cancer Coaching for Executives Work Impact and Treatment Planning Resilient Leadership in Crisis Support Tribe and Community Humor as Medicine Compliance, Empathy, and Culture Resources: Deb Krier on LinkedIn Your Cancer Coach Website  The Business Power Hour Podcast Innovation in Compliance is a multi-award-winning podcast that was recently ranked Number 4 in Risk Management by 1,000,000 Podcasts.

Innovation spans many areas, and compliance professionals need not only to be ready for it but also to embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom visits with GRC expert and OCEG co-founder Carole Switzer. They highlight her new books, “Mastering GRC: The Lawyer’s Guide to Success in Governance, Risk and Compliance” and “The AI-Enabled Law Firm” (co-authored with Lee Denner). Carole explains she wrote “Mastering GRC” to help lawyers applying legal skills in GRC roles move from reactive problem-solvers to proactive enterprise leaders by embedding in business objectives, asking better questions, and collaborating across audit, risk, legal, and compliance. She recounts OCEG’s origins and its GRC Capability Model, certifications, and global growth. Carole discusses balancing legal oversight with business partnership, including the risks of privilege when acting in business roles. Looking ahead, she predicts rapid AI-driven change in legal practice, stressing technology and data-meaning (“semantic layer”) issues, and the need to adapt existing GRC frameworks for speed and volatility. Key highlights: Why These Two Books From Counselor to Leader Integrated Governance Mindset How OCEG Built GRC Standards Oversight vs Business Partner Future of Legal GRC and AI Managing Volatility With Frameworks Resources: Carole Switzer on LinkedIn OCEG The AI-Enabled Law Firm Mastering GRC: The Lawyer’s Guide to Success in Governance, Risk and Compliance Innovation in Compliance, a multi-award-winning podcast, was recently honored as the Number 4 podcast in Risk Management by 1,000,000 Podcasts.