Drata And The Rise Of The Chief Trust Officer In The AI Era

[00:00:03] Welcome back to another episode of the Tech Talks Daily Podcast. Quick question for you all. How do you make compliance faster and lighter on teams? And actually trusted in a world that moves at cloud speed? Well, today I'm joined by Matt Hillary. He's the CISO of a company called Drata. And we're going to talk about what really changes when AI and automation are applied to security and GRC.

[00:00:30] So yeah, we are going to get into how response times drop hours to minutes, why burnout has become one of the biggest hidden risks in security teams, and what the modern CISO role really looks like in 2026, how it will evolve, especially when trust is something that you've got to earn every single day of the week. And not only that, Matt, he's just an incredibly cool guy. Someone you could just sit down, talk to for hours like you've known him your whole life. Really cool guy.

[00:00:59] So let's get him on the podcast now, and we'll talk about all this and much more. So a massive warm welcome to the show. Thanks for joining me today. Can you tell everyone listening a little about who you are and what you do? Absolutely. Thanks so much, Neil, for having me today. So I'm Matt Hillary. I'm Drata's Chief Information Security Officer. Man, I've been here at Drata almost three years. And man, it's been the most action-packed three years of my entire career. It's been a lot.

[00:01:27] You know, before Drata, I was the CISO I think four other times. And so this is not new to me. What is new is being this leader at a kind of security company. But here at Drata, I'm effectively customer zero of the platforms that we support. And internally, I manage our internal IT team, our security team, our GRC team, as well as kind of our enterprise apps team. So a very, I would say, pretty heavily burdened role. But at the same time, like for someone who just loves life and wants to get the most out of it, I truly enjoy it.

[00:01:57] But, you know, one of my favorite things in this role is spending time with people like you and doing these podcasts like what you have going on here, as well as others, just to share anecdotes and strategies and help others and friends along the way. But, yeah, and I hail from Salt Lake City, Utah, where my life stays pretty busy with my spouse and my four kiddos. My oldest is a senior this year, which makes me feel really old. Well, you are in the perfect place. And I love Salt Lake City there as well. It's a beautiful place to live.

[00:02:26] You've got it all going on. And for saying you have had an action-packed few years, you do have the great outdoors. There's so many great activities to do. And I'm curious, though, if in your work side, you've had that action-packed few years, somewhat of a unique vantage point, I would imagine. So how have you seen AI change the reality of a fairly boring subject, some would say, as compliance work?

[00:02:48] How has AI impacted that, particularly when it comes to things like response times, risk reviews, and day-to-day pressure on security teams? Because we hear a lot around the hype around AI. But I'd love to hear more about what you've seen in the real world. You know, it's a fascinating question. The two things that come to mind are efficiency and relief, right? I want to talk about efficiency for a sec. It's just been fascinating to see how much AI has changed the reality of every bit of our world.

[00:03:16] And that has not been limited to things such as our GRC space, like you said. A space where it's traditionally been viewed through the lens of a spreadsheet, the lens of audits, the lens of, oh, man, the GRC team showing up again. What do they need this time kind of feel, right? But now it's been incredible. Having over 8,000 customers and growing, we get hundreds of these questionnaires that come through.

[00:03:38] So I think that's one where it's just an immediate uplift and relief to any GRC team is using these capable large language models to help populate some of these hundreds of questions of questionnaires. It's been incredible. I had a recent experience where, you know, right now it's our fiscal year end and our quarter year end. And so my team is just overwhelmed with a number of questionnaires that are coming through, large and small. I got one that came through. It was like 530 local time.

[00:04:05] And I usually like to go upstairs to help my wife make dinner and really kind of spend that time with my kiddos. It's really connecting time. But, man, at 530, they're like, man, it's the end of the, you know, it's like the last couple of days. We need to get this through. They're in Australia. They need to get it so they don't, you know, lose a day. And so I ran this through kind of our AI QA or AI assisted questionnaire capability in our platform. It was about 120 questions.

[00:04:25] And so it would have probably taken me, you know, an hour and a half or so just to do it the way I like to do it, which is just complete and comprehensive and getting our customers what they need to help make their assessment. And I uploaded it into the platform where this model we have is actually goes through and ends up answering most of them. And it went through and I think it was 75 to 90% accuracy. That first kind of pass was able to answer all of them within five minutes.

[00:04:48] I went through, you know, the results to make sure they're all accurate and honest and complete and had to alter probably 10 of them and then basically submitted it, printed it out and sent it to our sales representative to then give to the customer. So within 20 minutes, I was able to get back to the, you know, sales team member and then get back upstairs to help make dinner. And so I'm going to, I'm seeing this across all of my peers that are using this capability.

[00:05:09] And so when you think about AI and helping our whole trust management ecosystem and building trust between companies, whether that be the audits or these questionnaires or just in general helping us all up level our understanding. That was one very acute anecdote that I had recently that was like, man, this is really helping the efficiency and also the relief. Not many of us like to answer the same question over and over and over again. And then also at the scale that we have. And so that's just been one that's been incredible among so many others that are ahead of us now, or even just now in play that we're seeing.

[00:05:40] And I think for many people listening and indeed organizations around the world, when they hear that word compliance, they immediately think that slow reactive process, but it doesn't have to be that way. That's one of the reasons I invited you on the podcast today. So can you walk me through a real world example of where automation has shifted a task for hours to minutes and what that change meant for people doing the work? Because there's some big opportunities here, isn't there? Absolutely. And I like the premise of your question here.

[00:06:10] It kind of makes me chuckle a bit because having been born in the GRC space, I started my career Ernst & Young up in Seattle. And traditionally, some of the big four still kind of go about their audits this way. I mean, they have their set of auditors that they're wanting to make sure they appease with how they're going about their assessments. So they have very, very specific methodology of how they audit. Now, coming from that space to now, at the time I started, we didn't have some of these capable APIs through all of our SaaS environments to go and automatically pull data.

[00:06:38] And not only just some sample data, but the entirety of what needs to be evaluated, like our auditors would ask for. Traditionally, you know, we would spend hundreds of hours a year as a GRC professional reaching out to control owners. Some companies operate between 100 to 200 controls, some even more if they're going through the more stringent, you know, efforts. And each one of those control owners, you know, they got to keep doing what they're saying they're doing. And then when we show up for audits, we want to have favorable and predictable audits, those that are smooth.

[00:07:08] Sometimes these audits are very burdensome, not only on the GRC team, but control owners themselves. And so with automation, to play, I must say in the last five years, this has really accelerated. And with AI, we're going to see this hockey stick just acceleration even more the next two to three years, which I'm really excited about. But it all started when we realized, hey, all this stuff that we're getting through screen prints for assessors, we can totally pull using API and programmatic interfaces to pull all of these things and run them through our programmatic tests to make sure they're passing.

[00:07:37] And so what's changed is instead of once a quarter or once a month, me and my team members reaching out to control owners, asking them, hey, you know, you're the control owner for background checks, maybe a real world example, and asking your HR team to say, hey, we hired 120 people last year, for example, and saying, hey, for those 120 people, man, our auditors are going to choose a random sample of 10% of those. And they're going to see, like, did you do background checks on those? And it's always a surprise when you come across one where you're like, we didn't do one for those? What? What failed?

[00:08:06] And it's amazing to be able to now use automation to replace that whole conversation. So we don't even need to reach out to control owners unless we found something that our automation had detected as a failure. And so now we can do 100% population analysis where we reach out to the background check provider via API. We pull the statuses of background checks, not the background checks themselves, but the statuses that, hey, got completed for all these. And we match them up with the identities within the company. And that's happening nightly, if not more frequently, based on whatever your preferences are.

[00:08:34] And it's able to analyze it saying, hey, for all these people that we know of in this company from our HR provider or identity provider, we have evidence showing that a background check has been completed. And so we don't need to worry showing up to auditors and saying, hey, pick any sample, pick the entire population. We have been monitoring this the entire audit period. And as a result, now with automation, we get that comfort, that assurance, that scalability, and really just comes down to that empowerment of a GRC team to reverse that conversation with control owners,

[00:09:03] where control owners feel like, hey, GRC team's not hounding me anymore. They've got my back. They know what I'm supposed to be doing, and they're monitoring my stuff. And they're going to let me know when something is amiss so that we can fix it on the fly so we can get back to 100%. So that's a real-life example where it's just really provided the level of continuous assurance that we're all hoping to go toward. Incredibly cool. And the last event I went to in 2025 was AWS reInvent.

[00:09:28] And the reason I bring that up is when I was researching you, I saw that you've spent some time at AWS too before you became a CISO. So looking back at that career, that part of your life, that chapter, what lessons from operating at that kind of scale have most shaped how you think about security leadership now? Are there any big differences there? Absolutely. Absolutely. I'm hoping I can project that same level of energy that you have in this question towards me back to because I think back at that time at AWS,

[00:09:56] I was one of the first GRC hires there to help start the AWS compliance program alongside just two other incredible humans, one who's still there, one who has continued to go on with his career. And all the other AWS team have just been some of the brightest, most astute minds to work alongside. So it was incredible to learn from them. And what comes to mind when I think about security leadership today, there's like three attributes that I'll share here. And many of these stem from my time at AWS. One was curiosity, continuing to learn. Number two is adaptability.

[00:10:26] And then number three is customer focus. So when I think about curiosity, what really makes us fall behind as security leaders is stop being curious. We're not continuing to learn because of how quickly technology is changing. So at AWS, the cloud was something that we had to explain to people. They're like, what are you talking about? What is this cloud? Like, what do you mean? Like, compute as a utility. Like, what is this? I remember back in 2008, 2009, 2010, like having to explain that was kind of, I don't know, painful.

[00:10:53] And so fast forward, it's like, man, this is the backbone of everything that we do. And now it's like, now we have to do the same thing with AI. Like, wait, how AI is working? And so that curiosity really helped us learn fast on how to apply GRC and security to the cloud at the time to help build trust in customers who were very, very skeptical about, wait, you want me to run my sensitive workloads on your environment that you control? So that was one. The second one, it was just incredible to watch was kind of the adaptability.

[00:11:21] We have these standards and security best practices that are out there. And I think this principle applies to every security leader out there where having been a CISO the number of times that I have, having been in a number of different environments that I have, it's a different canvas that we're painting on every time. And as a result, we can't use the same playbook. We can use the same paints. We just can't use the same playbook in every case.

[00:11:42] And so the art of being a true security leader is being able to show up and use those paints that you know how to use, like some of the security best practices or GRC practices and apply it to the organization's needs and risk posture and profile at that time. And that was one thing that I learned at AWS as well, because many of the tools, many of the capabilities that were off the shelf just did not scale, did not support the level of demand that we had at Amazon. And so it was just incredible to see us build our own tools or think out of the box.

[00:12:09] And so that thinking capability was one of the core principles. And last but not least, and this is a principle that has resonated with me since the day I started at Amazon until now, is their customer obsession. As security leaders, we sometimes forget, hey, we're here to build and maintain the trust of our customers. That is what our security teams are doing. That's what our GRC teams are doing. That is the output of everything that we do. And so at Amazon, we'd start with the customer and work backwards. And so when I see these hundreds of question questionnaires come through, it might be like, man, there's got to be a better way.

[00:12:39] The reality is, no, like, I want to meet the customer where they're at. I want to help them get the assurances they need. I want to help protect our organization to meet their standards. And so as a result, we're able to come out with a kind of web of trust that we've built between all of us. And so that value customer obsession is one, I think, is the true underpinning and foundation stone of every trust building CISO out there.

[00:13:02] And having spoken with so many CISOs in a decade of doing this podcast, one of the things that I've learned is that path to becoming a CISO is rarely linear. So what leadership challenges surprise you most along the way? And how do they influence how you show up for your teams now? I'm sure you've picked up more than a few war stories over the years. Oh, totally. I think this is where the humanity is probably going to show up in our conversation. I think I already talked already a little bit about always learning and being curious.

[00:13:32] But the one that comes to mind most of all is humility. You know, this role is an incredibly demanding role. It's one that where we will do literally everything and potentially still fail. If you call a breach or a security incident failure, you know, there's always that small percentage that exists there. And I share that to help share with my peers that, you know, may feel, you know, very confident or have that bravado as a CISO is like, no, no, this is a heavy weighted role.

[00:14:01] But one true kind of principle that I learned internally is the role of being the great influencer within your organization, the great collaborator. I realized early in my security leadership career that being the smartest person in the room was absolutely cheap compared to showing up and being that leader that really met other people where they were at versus expecting them to meet you where you were at.

[00:14:25] You know, you kind of show up sometimes and the security leaders and the GRC leaders are like, we're bringing the Bible, like the GRC Bible along with us to say, or the security best practice principles and say, oh, this is what we got to do. And because this is best practice, you've got to do this. And that is not the approach that really breeds the amount of connection we need as security leaders to influence our organizations. We need to show up and say, hey, we've noticed this. We turned over this rock. We found all these things that we need to fix. Let's celebrate that together that we found it, that we're aware of it.

[00:14:53] Now, this is where the fun and journey really starts as a CISO and Secure Leader to be that great influencer and collaborate and saying, here are some best practices that we can do to mitigate this risk. We can put those like on the shelf to consider. And what are some ideas that you have when we talk to our SRE DevOps and infrastructure team members or application development team members or executive team members or board members saying we have a big risk as a company right now? What should we do? Here are some ideas. We can go with all those. We're probably going to go down this one, but I want to hear where you're at.

[00:15:22] What do you feel would be the case? My favorite moments and most learning moments, I think, as a security leader, Neil, have been when a very technical and incredibly intelligent infrastructure team member comes to me and says, wait, we want to do this. Why do we want to do this? This slows us down. This doesn't make any sense. What's the risk? I love the questioning because the questioning asks us why and it provides us as security leaders and GRC leaders the opportunity to explain the why and then really tease apart the why to say,

[00:15:52] is this really what is going to help mitigate the risk or are we doing something a little bit different here that we need to apply it differently? And so, again, those are the moments that we learn the most and have the most fun in this because, you know, rarely does just rerunning the same playbook work. And it really just, again, as a security leader, that great influencer, having those connections and being able to grow together have been the most impactful moments of my career, as well as kind of the most impactful moments of my day to day and working with others.

[00:16:19] And you mentioned the word humanity a few moments ago, and I think that word is so important in this AI age that we find ourselves because burnout continues to be an ongoing issue in security and compliance role. So, again, how have you seen automation reduce some of that cognitive load for teams and where do leaders still need to be careful not to replace one kind of pressure with another, which is very easy to do too? What are you seeing here? You are right.

[00:16:48] There is an intense amount of pressure that just continues to increase. I remember several years ago when a CISO was targeted directly by legal entities for a breach-related activity thing, and I remember my heart skipping a beat realizing the potential impact personally that is my risk role I have on me, let alone the rest of my team. And for someone like me who takes this extremely intentionally and seriously and with that good faith effort really trying to make this work, it is a heavy burden to carry.

[00:17:17] But the coolest thing is, like you said, automation and AI are really those enablers, those kind of relief feelings that's coming down where I can sit in front of an incredibly well-architected security platform like we use here for cloud security. And it is fascinating the amount of context I get in the window, the amount of automation, the amount of assessment, the amount of kind of context of where this vulnerability sits in the whole ecosystem to decide, is this really critical? Yes, on its own, it may be a critical vulnerability, but in the context of the whole ecosystem, is it critical?

[00:17:45] And now we're empowered with that amount of information, things that are going to have the greatest impact with the very few poker chips that we have day-to-day. It's the same with our GRC folks, especially with these GRC platforms that exist today that didn't exist five years ago, where we really have automation that's fueling us with that same level of context, that same level of assurance that is not only just helping our GRC teams feel a little bit less burden in the role, but also showcasing that to our customers in a way that's really relieved a lot of that pain.

[00:18:16] You know, when you have thousands of customers coming in, asking for your SOC 2 report, and you need to have an NDA, and you need to make sure everything's all connected before you send that stuff over to them. And they want their policies, you know, with trust centers now that make that automated in a way to say, oh, actually, we see you're in our CRM. Looks like you're in the middle of, you know, our PRC. Looks like we have an NDA. You have direct access now to pull the documents you need in a very self-service fashion instead of having to do what it was previously, where it was all email-based.

[00:18:42] So that relief is kind of going down, and that burden is kind of going down while the stakes continue to rise. You had a really interesting part of your question around what are leaders doing where they're potentially swapping this pressure for another pressure. I still see some leaders not digging down to the level of intentionality and understanding the why behind certain things. For example, I think another very, very large organization that I've raised in the past, they put a heavy focus on KPIs,

[00:19:11] where it was like, I think some security team members are spending two to three weeks just putting together metrics and KPIs to showcase to their leadership, to their leadership, to their leadership upward and onward to realize, wait, we're spending this much time just formulating and showing all these fancy graphs, stuff like that, versus really focusing on what actually matters.

[00:19:31] And I think that pressure to look good on these slides versus actually focusing on what the one, the two, the three maybe KPIs that really, really matter and hone in on those and just show where you're at and the progress of those over time. You really save a lot of time on some of the, I'll call it bureaucracy, and really focus it on the stuff that really matters in accelerating our ability to respond and giving us more context than what we need to do to fix and what's going to reduce the most risk over time

[00:19:57] and allows our professional security engineers that are just so talented to focus on the things that really they love doing and that ultimately benefit us in the long run. And so I think that's where the pressure may be misplaced on the looking good part and should be refocused on the, and how can I enable you to do what you do as well as you do it and even more. 100% with you there.

[00:20:19] And something else we see gaining traction is the idea of continuous trust as the CISO role continuously evolves. So, but I guess if we dig deeper on that, what does continuous trust look like in practice beyond tooling in how leaders communicate and make those decisions? What are you seeing here? What does that actually look like? Because it sounds great saying it out loud, but what does it mean in the workplace?

[00:20:46] You know, when I think about trust and especially in a continuous manner, I think of two things. One, the humans that need to demonstrate trust. So that's more of the integrity side of the house. Like we need to have just deep integrity personally to really embolden that trust, not only ourselves, but as a company and when we work with others. And at Drada, we have a, you know, it's one of our values, which is trust is, you know, consistency built over time. I've heard the phrase, you know, trust is built in drips and lost in buckets. And with that, I think that really rings true.

[00:21:16] I'm seeing the CISO become more of that chief trust officer, whether we realize it or not. It really is that chief trust officer role where you really are emboldening not only what the integrity of hopefully what the company is doing behind the scenes, but also being able to build and maintain that trust with customers and all of your interactions. And so we talk about continuous trust. That's where we weren't able to do this previously beyond the point in time audits that we had once a year.

[00:21:42] Now with, again, the automation that we just talked about earlier, we can now see every day of the year where we stand with all of our controls. And we can then showcase that to customers to say, like, we are doing what we're saying we're doing and we're doing it every day. I had a really fun conversation recently, Neil, with one of my direct reports. And it was kind of a vulnerable question, one I wanted to try. And when we talk about trust, this is what came to mind. It was one of those questions like, do you trust me as a leader?

[00:22:11] And the second natural question and kind of following up to that question was, have I ever done anything that may have caused you to not trust me? Right. And so when you think about continuous trust, your brain starts going backwards and like, hey, have I ever given any indication where I may have caused you as another organization to not trust my own? And it's a very, very deep and just kind of introspective question that we all need to ask as companies and we all need to ask personally when it comes to our own integrity and when we work with others.

[00:22:40] Because that trust that we have between each other really is beyond transparency and openness and really just, hey, I have no ulterior motive. It extends beyond that to the companies that we work with, with those same level of interactions there. And so that's kind of how I talk about continuous trust is giving that continuous day after day assurance now that we have the automation to support that. But also it just is rooted in the deep down foundational element of integrity.

[00:23:06] And I think when you and I sit down in the afternoon talking about accuracy, honesty and trust, it's very easy to do. And we're talking about them as values. But we both know these things can be tested during high profile incidents or audits when things hit the fan and you start to feel a bit stressed and you start getting maybe a little bit snappy. But how do you maintain credibility when that pressure is at the highest and the answers are not always comfortable ones?

[00:23:36] You know, I've been in those situations. The words you said were perfectly that maintaining credibility. I think that comes from showing up as another human there in the room, realizing that we have our own triggers. But going into the room, knowing that everyone is looking to you to be that calm, level-headed, kind of mature voice to really hopefully calm the group.

[00:24:01] And realizing that, hey, many of us are not in situations where, you know, people are dying, right? Many are not in situations where there's mass pain being felt by a number of people. And it may feel that way because the pressure is like, oh my gosh, the stakes are high. But to realize is just putting that reality in the space and then showing up and saying, look, everything is figureoutable. And being able to give that assurance to your team members who are in those very high stakes moments to say, look, we have this thing in front of us. Like, what's going to help us here? How are we this?

[00:24:30] It really comes down to uncovering, hey, what do we find here? What's going on? How can we do this? And really just keeping it very, very focused on we are all on the same team, sitting here in the bleachers, watching on the screen, all the problems that we need to work together on. And then once you reframe that to the whole group that there's no use, there's no, hey, what wrong? Like the shaming piece is probably the fastest way to really destroy that level of calm and collective approach.

[00:24:56] Now, the part that you really asked here that I wanted to answer was around just making sure you keep your standards in place when the stakes are high. The way I've done that in the past is, man, rarely is this role black and white. And we really live in this shades of gray environment. And so trying to call something a certain shade versus another, it goes beyond me.

[00:25:20] Like I am not the smartest person in the room in those cases, but what I am is the person to collaborate and asking others like, hey, everyone, I assess this incident having this impact on these customers at this time. And as a result, I think we need to inform these customers of these things and to these levels. And then, you know, due to the nature over here, this is something that, you know, we obviously are learning from and kind of progressing from it. We're doing a root cause analysis. But just know that as a leader, like this is how I'm seeing it, but I may be missing something here. Like, can you please validate? Like we all are on this ship together.

[00:25:50] We are all in this room. It is not always me making a decision. I have my chief legal officer there. I have my, you know, chief technology out there. We have our, my leadership team and like the incident response team all there saying in a very vulnerable way as a leader asking them, I may be wrong here. I may be missing something here. What am I missing? Do you all feel okay from a source of integrity that we're making the right choice here, especially in the shades of gray? If not, let's discuss it as a DM me.

[00:26:16] We talk about it or otherwise, but just leaving that level of openness where it's very collaborative, because I think that wisdom of crowds idea applies so well here to keep those, again, stakes high. Because someone, if they're not feeling right about it, I want to hear about it because it is probably a good indication that we may have missed something incredibly important there. And if we have any security leader listening to our conversation today, maybe they're feeling a little bit inspired and want to make big changes, especially with it being the first part of the year when we all want to do things a little bit differently.

[00:26:46] So maybe they want to modernize compliance without losing the human element. What is the one principle that you think should guide every decision that they make over the next year? Anything you'd leave them with? Yeah, the one word that comes to mind is intentionality. We are only given so many poker tips to apply to certain parts of our program, and it really comes down to asking the why behind what we're doing. I think humans are absolutely inseparable to the security and to your C-space and will continue to be that way.

[00:27:15] I think the human in the loop will always be there, regardless of AI helping augment and accelerate their day-to-day jobs. Just because of the higher order level thinking and the additional human level context that we are able to process to make decisions. And so the reality is humans aren't going away, but the reality is we're still under a lot of pressure to deliver more than ever before. And with those limited resources, I think the one thing is just that intentionality, going back and asking, why are we doing this? Wait, what's the thing we're trying to do?

[00:27:44] What's the real risk here? Wait, why are we sending this 120 questionnaire out there? Okay, what are the actual questions on this questionnaire that matter? Oh, it's only eight of those? Let's send those eight of those if they have a SOC 2 report and ISO cert. Save all of us time and get the assurances we need to make that risk-based decision. That's one example of probably hundreds that as we go into this next year and as AI is becoming more and more capable to adapt and adopt in our own day-to-day, is just asking the why behind and being very intentional about what we do. Love it.

[00:28:13] And finally, before I let you go, you've shared your insights today. I'm going to ask you to leave one final gift for everyone listening. That is a song for our Spotify playlist, Guilty Pleasures Are Allowed, or a book for our Amazon wishlist. All I'm going to ask is, what would you like to leave everyone with and why? Oh my gosh, Neil, I love this question. It adds the fun humanity and even personal aspect and flavor to the conversation, so I'm glad you asked. I'll give you both of them, actually, because I'm in love with both worlds there.

[00:28:41] One is, I'm a huge EDM fan. And I love going to EDM concerts or just environments there. It's where my brain feels the most ease in this very demanding role, which kind of sounds wild when you have lasers blasting in your face and lights and fireworks and all this stuff going off and music at 120 plus decibels. But it's one of the ways I cope, I think, in this role. But one of my favorite songs recently, and one of my favorite EDM artists is Illenium. He has a song, I think, recently that dropped called You're Alive.

[00:29:08] It's a song that just kind of helps remind us to be present and that we are grateful that we are here, even with the demands we have in life. So that's the one song that I'll share. And I'll send that over to you because it's spelled you're like you are alive. He's actually going to have a show at The Sphere, I think, next month. It'll be really, really cool to see. As far as the book, just hot off the press, dropped only a couple of weeks ago, is Lessons from the Frontlines, Insights from a Cybersecurity Career. And it was written by Asaf Karen, who is the chief security officer at Qualtrics.

[00:29:36] This book is incredible in the sense that it focuses on the human element of a security leadership role. It's not focused on frameworks. It's not focused on skills as much as like the hard skills that we learn as technology or security and technology professionals. But it's one that really focuses on how do we inspire curious teams? How do we continue to grow and be that good human behind the role? How do we be the vulnerable leader that we're all looking for in this role that also is just, man, business savvy to really help push the company forward in the way it needs to go?

[00:30:05] So that's the book that I recommend. And it's been just a fascinating read beyond kind of the other ones that I've read. So, yeah, those are the two I recommend. Awesome. I will get both of those added. I absolutely love it. And you could just tell your passion coming alive there as you're talking about this. So that's why I asked the question. And for people listening, they want to dig a little bit deeper on Drotter now, find out more about that, connect with you or your team, or explore anything we talked about today. Where should they be going? And I believe there might also be a podcast we need to give a shout out to as well. Yeah, yeah, absolutely.

[00:30:34] So just hit up drata.com. We have a drotter.com slash demo where you can sign up and have a demo of our product and platform. I use these platforms every day, both the Drota site as well as the SafeBase acquisition we had last year that we were integrating. And with that, both have just been incredible. So I encourage all to just take a look. We have incredible team members who are really focused on the human connections and sales process. So you'll experience that directly as well. I love working with them.

[00:31:00] As far as podcast stuff, we definitely are starting a web kind of inside trust experience here as well and a bunch of other things that we're trying to share broadly to help others feel confident in this role as GRC leaders and CISOs. So look forward to those. I'm always happy to connect on LinkedIn as well. You can look me up there. I view connections with other people at a much, much higher level than everything else that we do. And so love to connect there and continue the conversation, however, might be beneficial to our listeners.

[00:31:28] Well, we covered so much there from how AI and automation and compliance actually works in the real world, how continuous trust fits into the evolving CISO role and also learned so much from your backstory, even given as a great EDM tune and a book to boot. But more than anything, just thank you for spending a little time with me today. Really appreciate you. Thank you. Right back at you, Neil. Thanks for what you're doing here to really help continue to broadcast this incredible message beyond to help all of us. And again, thank you for having me today. What an incredibly cool guy.

[00:31:57] I'd love to hear your thoughts on anything we talked about today. Please hop over to techtalksnetwork.com. You can send an audio message, DM or connect with me on socials. But right now, I'm going to check out that EDM tune that he recommended and I'll meet you here same time, same place tomorrow. Bye for now.