
596.7K
Downloads
318
Episodes
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
Episodes

3 days ago
Modern Approach to Identity Security
3 days ago
3 days ago
30 min
As threats have evolved, so too has the approach to modern identity security. A privilege-centric approach must be adopted to address this evolution. Identity management for all accounts within an organization must mature to meet the demands of the cloud, nonhuman identities (NHIs), agentic AI, and modern attack vectors. Your strategy must now manage and mitigate not only traditional privileged access (root and administrator accounts), but also attacks targeting modern identities with paths to privileged access.
These paths to privilege remain one of the most valuable targets for cybercriminals because many organizations continue to defend their environments with fragmented or siloed security strategies and solutions. Security gaps and risks exist across endpoints, cloud environments, SaaS applications, third-party access, and now agentic AI and NHIs, making today's threat landscape more complex than ever.
In this episode, ISACA's Donnie Carpenter, Principal, Information Security and Professional Practices Research Development, speaks with Christopher Hills, Chief Security Strategist at BeyondTrust, about the evolution of identity security and why organizations must rethink how they protect privileged access in today's rapidly changing technology landscape.
Related Resources & Stay Connected
Learn more about BeyondTrust: Discover how BeyondTrust helps organizations protect identities, manage privileged access, and reduce cyber risk across cloud, endpoint, SaaS, and hybrid environments.
BeyondTrust
Additional Resources from BeyondTrust:
- Shadow AI Governance: How to Detect Shadow AI Governance
- Microsoft Vulnerability Report: Microsoft Vulnerability Report
Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging technology insights.
ISACA Podcast Library
Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights.
ISACA YouTube Channel
Don't forget to like, comment, and subscribe for more conversations shaping the future of IT, cybersecurity, governance, and risk.

Jun 30, 2026
Jun 30, 2026
23 min
FedRAMP 20x is redefining what federal compliance looks like. Designed to modernize the authorization process, this bold initiative is moving cybersecurity governance toward automation while reducing the lengthy timelines and documentation burdens that have traditionally defined FedRAMP.
Join host Safia Kazi as she speaks with Jake Bernardes, CISO at Anecdotes, about what FedRAMP 20x is, why it matters, and how this transformation will reshape governance, risk, and compliance (GRC) automation. Together, they explore what organizations can expect as federal compliance evolves and what the changes mean for enterprise customers navigating the future of cybersecurity governance.
Related Resources & Stay Connected
Learn more about Anecdotes: Discover how Anecdotes is helping organizations transform governance, risk, and compliance with AI-powered automation, continuous monitoring, and audit-grade data that enables faster, smarter, and more scalable GRC programs. https://www.anecdotes.ai/
Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq
Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

May 28, 2026
The Future of IT Audit: Key Changes in ITAF 5
May 28, 2026
May 28, 2026
29 min
Technology is transforming how organizations operate — and IT audit and assurance must evolve alongside it. In this episode, Paul Phillips sits down with Mary Carmichael, contributor to the newly updated IT Audit and Assurance Framework (ITAF 5), to discuss how audit professionals can adapt to today’s increasingly complex digital enterprise.
Together, they explore the major shifts shaping modern audit, including AI governance, digital ecosystems, automation, evolving risk landscapes, cloud environments, and the growing need for stronger data literacy within audit teams. Mary also shares practical guidance on how organizations can begin modernizing their audit approach without overhauling everything overnight.
Key discussion topics include:
- The evolution from traditional control testing to outcome-based assurance
- Why audit teams need stronger technology and data capabilities
- AI governance, automation, and digital risk considerations
- Building practical audit modernization strategies
- How ITAF 5 supports governance, credibility, and audit relevance in modern enterprises
Whether you're an auditor, governance professional, cybersecurity leader, or risk practitioner, this conversation provides valuable insight into the future of audit and assurance in a technology-driven world.
Related Resources & Stay Connected
Download ITAF 5: https://www.isaca.org/resources/itaf-is-a-framework
Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
▶️Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq
🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT audit, governance, risk, and cybersecurity.
#ITAudit #ITAF5 #AuditAndAssurance #Cybersecurity #Governance #RiskManagement #AI #ISACA #DigitalTransformation #InternalAudit

May 21, 2026
Breaking the Compliance Mentality
May 21, 2026
May 21, 2026
23 min
In today’s evolving cybersecurity landscape, strong leadership is the foundation of an effective security posture. Yet many agencies struggle when a “compliance mentality” takes hold, where meeting minimum requirements overshadows proactive risk management.
In this ISACA Podcast episode, Lisa Cook, ISACA's Principal Research Analyst, sits down with Patrick Bevill, Chief Information Security Officer (CISO) at the Federal Retirement Thrift Investment Board, to explore how agency leaders can establish a strong tone at the top and foster a culture that prioritizes security resilience over check-the-box compliance.
Related Resources & Stay Connected
Learn more about Williams Adley: Discover how Williams Adley helps organizations navigate audit, assurance, cybersecurity, risk, and advisory services with a focus on integrity and innovation. https://www.williamsadley.com/
Explore More ISACA Podcast Episodes: Dive deeper into cybersecurity, governance, risk, and emerging tech insights. https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
Subscribe to ISACA on YouTube: Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights. https://www.youtube.com/@IsacaHq
Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

May 19, 2026
May 19, 2026
25 min
Compliance does not have to be a stressful, last-minute scramble. In this episode, we explore how AI-driven control and automation transforms identity security from a costly headache into an audit-ready powerhouse. We break down the steps to simplify your regulatory processes, reduce operational costs, and enhance security by effectively managing human and non-human identities.
You will learn why gaining centralized visibility is your crucial first step, how to instantly spot and remediate risky orphan accounts, and the secret to running seamless, automated access certifications. Join our identity security experts as they share practical strategies to strengthen your defenses without draining your IT resources. Expect actionable tips that will help you build a sustainable, AI-powered compliance process tailored to your organization.
Related Resources & Stay Connected
- Learn more about SailPoint:
Explore how SailPoint is helping organizations modernize identity security, strengthen governance, and simplify compliance in an AI-driven world.
https://www.sailpoint.com/ - Explore More ISACA Podcast Episodes:
Dive deeper into cybersecurity, governance, risk, and emerging tech insights.
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library - Subscribe to ISACA on YouTube:
Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights.
https://www.youtube.com/@IsacaHq
Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Mar 4, 2026
Mar 4, 2026
51 min
Women in cybersecurity leaders share their stories and career advice in this SheLeadsTech fireside chat celebrating International Women’s Day.
In celebration of International Women’s Day and Women’s History Month, ISACA’s SheLeadsTech initiative brings together three inspiring leaders in cybersecurity for a special fireside conversation.
Join Debbie Lew and Jo Stewart-Rattray, both ISACA Hall of Fame inductees and recipients of the Eugene Frank Founders Award, as they sit down with Gail Coury, who will be inducted into the ISACA Hall of Fame in 2026.
In this warm and engaging discussion, they reflect on their journeys into cybersecurity, the evolving role of women in technology, and the power of mentorship, leadership, and community in shaping the future of the profession.
In this episode, they discuss:
• Their personal paths into cybersecurity and IT
• How opportunities for women in tech have evolved over time
• Lessons learned from leadership and service within the ISACA community
• Advice for the next generation of women entering the field
The conversation wraps up with a fun rapid-fire round that offers a glimpse into the personalities behind these accomplished careers.
Whether you're an experienced professional or just beginning your journey in technology, this fireside chat offers inspiration, insight, and encouragement from women helping shape the future of cybersecurity.
🔗 Learn more about ISACA’s SheLeadsTech initiative:
https://www.isaca.org/membership/sheleadstech
🎧 Explore more ISACA Podcasts:
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
📺 Subscribe to ISACA on YouTube:
https://www.youtube.com/@IsacaHq
#WomenInCybersecurity
#SheLeadsTech
#WomenInTech

Mar 3, 2026
Humans Are IT Security’s Weakest Link
Mar 3, 2026
Mar 3, 2026
49 min
📚 Related Resources & Stay Connected
📖 Read the full article:
Humans Are IT Security’s Weakest Link
https://www.isaca.org/resources/news-and-trends/industry-news/2024/humans-are-it-securitys-weakest-link
🎙 Explore More ISACA Podcast Episodes:
Dive deeper into cybersecurity, governance, risk, and emerging tech insights.
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library
▶️ Subscribe to ISACA on YouTube:
Stay ahead with expert interviews, industry analysis, and cybersecurity leadership insights.
https://www.youtube.com/@IsacaHq
🔔 Don’t forget to like, comment, and subscribe for more conversations shaping the future of IT and cybersecurity.

Feb 19, 2026
Feb 19, 2026
1hr 14 min
You’re listening to Secure Your Privates™ brought to you by ISACA Podcasts - where security meets privacy, risk meets reality, and governance finally makes sense. We’re here to cut through the noise and get real about what’s actually happening in cyber. The no-BS podcast on security and privacy. We talk about what’s broken, what’s working, and what nobody’s telling you in between.

Feb 12, 2026
Feb 12, 2026
25 min
In this ISACA Podcast episode, host Safia Kazi, Principal Research Analyst – Privacy, is joined by Dirk Schrader, VP of Security Research at Netwrix, to discuss how generative AI is revealing long-standing gaps in enterprise data security and governance.
This episode builds on insights from a recent ISACA webinar that explored how generative AI is exposing weaknesses in enterprise data security and governance. The discussion examines why many organizations lack visibility into where sensitive data resides and who can access it, particularly across hybrid and cloud environments. The conversation also addresses emerging risks introduced by AI tools, including non-human access and overexposed data. Listeners will gain practical, governance-focused guidance on how DSPM helps organizations assess risk, support compliance, and prepare data responsibly for AI initiatives.
Related Resources:
-
Watch the ISACA Webinar from the ISACA Virtual Summit 2025: “Securing Data in the Age of AI with DSPM”
https://www.isaca.org/training-and-events/online-training/virtual-summits/ai-governance-strategies -
Learn more from Netwrix:
https://netwrix.com/en/resources/ -
Explore more ISACA Podcasts:
https://www.isaca.org/resources/news-and-trends/isaca-podcast-library -
ISACA on YouTube:
https://www.youtube.com/@IsacaHq

Sep 4, 2025
Elevate Your Career with Lauren Hasson
Sep 4, 2025
Sep 4, 2025
18 min
Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event.
