S3E17: Resilient Cyber Show w/ Anil Karmel

In this episode of Resilient Cyber, Chris Hughes speaks with Anil Karmel, co-founder of RegScale, about compliance innovation and the evolving concept of Regulatory Operations (RegOps). With years of experience stemming from the U.S. Department of Energy's Nuclear Weapons Program, Anil shares how traditional compliance methods are being disrupted by technology and automation.

🔑 Key Highlights:

• RegOps Explained: Anil introduces the concept of RegOps, inspired by the principles of DevOps, to bring compliance into the agile, automation-driven world. Learn how organizations can shift compliance left and generate compliance documentation at the speed of code.

• Compliance as Code: Discover how APIs, cloud, and CI/CD pipelines can be leveraged to keep compliance documentation evergreen and automate the traditionally tedious compliance processes.

• Cultural Transformation: Anil highlights the cultural shift needed to bring compliance teams into this new era, breaking free from spreadsheets and legacy governance tools, and moving toward a continuous compliance model.

• OSCAL and the Future of Compliance: Learn about the Open Security Controls Assessment Language (OSCAL) and how it enables codified, machine-readable compliance documentation to streamline audits and drive efficiency.

• Continuous Compliance: Explore the future of compliance, where audits are no longer dreaded events but continuous, real-time processes that enhance security and reduce risk.

• Compliance Framework Sprawl: Anil addresses the challenge of multiple overlapping frameworks (HIPAA, SOC 2, FedRAMP, NIST, etc.) and how an as-code approach helps organizations map and rationalize these requirements.