Beyond Checkbox Compliance

Welcome to “Beyond Checkbox Compliance”, the podcast that challenges the status quo of cybersecurity. Hosted by RESTIV CEO Devon Smibert, this show brings together top cybersecurity professionals from around the globe to share their strategies, experiences, and innovative approaches to compliance. Each episode explores how leaders in the field are transforming compliance into a powerful tool for trust, growth, and resilience. From navigating risk management to tackling industry challenges head-on, “Beyond Checkbox Compliance” delivers bold and empowering conversations that cut through the noise. Join us to rethink compliance and discover how it can be a catalyst for meaningful change in today’s digital world. Compliance isn’t the goal—it’s just the beginning.

From Boardroom To Breach: Why Security is a Business Issue, Not Just IT's Problem 02/18/2025

From Boardroom To Breach: Why Security is a Business Issue, Not Just IT's Problem Security frameworks, regulatory acronyms, and “best practices” can only get you so far—especially when they’re not built for how people actually work. In this episode, Devon is joined by Tim McCreight, Founder and CEO of Tale Craft Security, for a no-BS conversation on what businesses are getting wrong when it comes to security, and how a risk-based approach (the kind that actually works) is built on understanding people first. Tim shares his journey from security executive to entrepreneur, what led him to build Tale Craft Security, and why storytelling—not scare tactics—is the key to building security programs that stick. From boardrooms to frontlines, this episode breaks down what it takes to move past fear and build resilience. What You’ll Learn in This Episode: Why focusing on human behavior is more important than any technical control. The real definition of risk (spoiler: it’s not just about threats). How to align security programs with business goals—without the jargon. Why boards and executives need to rethink their role in cybersecurity. How better storytelling can bridge the gap between security teams and decision-makers. Key Themes: Risk as Business Impact: Security decisions are business decisions—treat them that way. Human-Centered Security: People will work around your tools if they don’t buy in. Storytelling Over Fear: Security leaders need to explain risk like it’s a story—not a legal briefing. The Power of Sharing: Cyber adversaries collaborate—why don’t we? Memorable Quotes: “The effect of uncertainty on objectives—that’s risk.” – Tim McCreight “You don’t need to be afraid of the chainsaw, but you’d better respect it.” – Devon Smibert “Security professionals need to get better at telling stories—because that’s how businesses actually understand risk.” – Tim McCreight Guest Spotlight: Tim McCreight is the Founder and CEO of Tale Craft Security, a consultancy built on helping businesses understand risk, make better decisions, and build security programs that enable growth. Tim is a 45-year industry veteran, former President of ASIS International, and host of the long-running podcast Caffeinated Risk. Resources Mentioned: Tale Craft Security – RESTIV: Cybersecurity Without Surprises – Caffeinated Risk Podcast – ISO 31000 Definition of Risk: “The effect of uncertainty on objectives” Join the Movement: RESTIV is rewriting the cybersecurity playbook—no fear, no fluff, just clarity. 👉 Follow RESTIV on LinkedIn for unfiltered insights: 👉 Learn more at io #CybersecurityWithoutSurprises #RESTIV #TaleCraftSecurity #BusinessRisk #SecurityThatWorks #ResilientBusiness #CyberRiskManagement #StorytellingSecurity Hosted by Devon Smibert /episode/index/show/a1e56886-c736-48ec-87a9-7e8bc91f9af3/id/35337025

The Art of Trust: Cybersecurity, Sales, and Operational Insights 01/21/2025

Beyond Checkbox Compliance

TOPICS