Home / 

Podcasts / 

The Cloutier Chronicles: From Chasing bad Guys to Becoming the GCSO of TikTok!

Roland shares invaluable insights into the world of security, risk management, and compliance. From having to understand what risk and compliance mean in the East compared to the West, to having to go to the legendary Don Swick to brush up on policies and procedures, Roland’s transition from enforcing the law to putting out fires in compliance is a testament to his adaptability and passion for making a difference.

He reveals how compliance, far from being boring, is an essential aspect of organizational success. From regulatory frameworks to ethical dilemmas, we leave no stone unturned.

From the office of inspector general in the army to the US government combing through every part of the manufacturing process, Roland Cloutier has faced the toughest of them all, when it comes to ensuring compliance. In this episode, Roland takes us on a journey through his extraordinary career, from his days in law enforcement to his current role as a trailblazer in the compliance realm. 

Roland Cloutier is an incredibly distinguished, successful, and hugely respected in the field of cybersecurity, regulation, law enforcement and now compliance.

He has been in the been in the cybersecurity game for over 20 years, previously held the post of GSO at TikTok, and previously spent 10 years at ADP, and before that served as chief security officer at data-storage vendor EMC (now owned by Dell). He was recently honored by the CISO Board, and CISOs Connect has named him one of the 2022 Top 100 CISOs in the industry. 

In addition, he has more than a decade of experience serving the U.S. Air Force, Department of Defense, and Department of Veterans Affairs. 

Cloutier also is the author of the business book “Becoming a Global Chief Security Executive Officer,” published in 2015.

Kyle Morris: So good afternoon to everybody and welcome to another episode of Comply or Die. Our guest today is, really, a very special one. He is somebody who is very, very distinguished, highly successful in his field, and his background includes cybersecurity, regulations, law enforcement. And now sitting in a compliance space.

Uh, a quick bit of background and a really, really top highlight is that our special guest today has been recognized by the CISO board and CISO Connect as one of 2020 twos, top 100 CISOs in the industry, which really is, uh, quite an incredible achievement and feat. 

This individual has been in the cybersecurity game for in excess of 20 years.

Previously held the role of global security officer at TikTok, and in addition, has more than a decade of experience serving the US Air Force Department of Defense and Department of Veterans Affairs. 

Finally, well, not even finally, but our guest today is also the author of a business book titled Becoming a Global Chief Security Executive Officer, which was published in 2015.

So Roland, thank you so much for joining us today, and as I say, a real privilege to have you on the podcast with us, 

Roland Cloutier: Kyle. Thanks for having me. 

Kyle Morris: Amazing. Apart from the brief introduction and the highlights I pointed out, is there anything else that you’d like to add? And please, I mean, feel free, tell us a bit more about yourself apart from those few facts.

Roland Cloutier: Well, you know, I’m a Sagittarius. No, just kidding. You know, you kind of summed it up altogether. 

It’s been a great, you know, 20 or 30 years in the space of security, risk, privacy, compliance, and law enforcement. 

So, just something I love getting up and doing every day and glad to be here talking about compliance with you because obviously it’s a huge part of, you know, my mission space, and what I have to do on a daily basis.

Kyle Morris: Absolutely. And I think, one thing you hit on the head already is something you get up and enjoy doing. I’m very fortunate you and I are having this conversation. I think there’s a lot of people that turn their nose up to and don’t quite feel the same about compliance. 

Kyle Morris: So to have more people like you, 

Roland Cloutier: they’re looking at it wrong, Kyle, they’re looking at it wrong.

Kyle Morris: I mean, please go on, tell me a bit more on that exact point. 

Roland Cloutier: You know, it’s, it’s funny, I don’t call it compliance anymore. I haven’t called it compliance for years. I mean, we do obviously have compliance specialists that help us create the, the level of assurance necessary to make sure that we’re in compliance with.

Global regulatory laws and things of that nature, and we’re following the frameworks that great professionals who have gone before us have created to, to ensure that, we’re meeting the spirit of what we’re all trying to accomplish in this space. But the word we use a lot more today, I think it’s assurance, especially in the operations space.

Remember, you know, I’m an operations executive, which means that, my focus is on implementing the controls, operating the controls, driving the controls, and assuring those controls. And then when things go bad, make sure we’re managing through critical issues, right? So that, that’s my job. And a big component of that is the daily controls assurance component, which quite frankly is a compliance, you know, related matter.

I think people often take the approach in compliance. It’s a one and done to the next time. From my opinion, that’s, that’s not great compliance. That’s more like audit assessment. Rather than ensuring that the sanctity of the controls and the sanctity of the operating environment through an appropriate compliance program.

So anyway, that’s my why I like it. Why do you like it, Kyle? 

Kyle Morris: So, I mean, from my side, in all honesty, the big thing for me, and I love how you’re now interviewing me on our podcast, that’s fantastic. Hope you’ve got a lot of questions lined up for me. But for me, it’s, it’s largely a value part for customers.

So like you made mention of the audit side and sort of audit with a one and done. In my background, I sat on the other side of the compliance fence. Be the auditing side. And of course it’s, it’s a checklist. It’s a yes or no. It’s a pass or fail. Yes, it’s obviously more than that, but at its crux, that’s essentially what you’re looking at.

So to sit on a compliance side and be able to get more value for a customer to assess something as part of a readiness or a remediation process, and to evaluate something and say, okay, this isn’t actually up to par, and if we were auditing, you would fail, but this is what we are going to do to rectify that and to have a really good control in place.

For me, that’s what I really enjoy. It’s, it’s the value, and it’s also just that journey with customers from having things in place, to having security minded processes that make the organization better on a daily basis. 

Roland Cloutier: Right, I can tell it’s already going to be a great podcast because you know with a lot of executives that I, that I work with in this space, we don’t necessarily even call it security.

Or compliance. Yeah, we call it business operation’s protection. And what you just described is how we live it, right? 

We’re, our job is to hear the, the ensure the success of the business and compliance has a direct relation to that. And when you go at it saying, I don’t want to fail an audit, therefore I don’t get penalties for the business, therefore we can run faster.

You’re helping the business move along. So that’s a that’s, you know, I like the way you described it. 

Kyle Morris: Thank you. 

And I mean, maybe in addition to that point, that will directly become the, the next question here is how, how have you managed, and I mean, what have you seen in. 

Over your career, obviously you’ve worked with organizations of different sizes and some of them, like you say, you’ve got these executives, or you’ve got it management that very much want you to go away, and it’s do the absolute minimum to pass the audits and have the checkbox.

How have you been able to sort of change that mindset with them to get them to see the value in the process? 

Roland Cloutier: Yeah, so, I love that question, actually. 

So, I wasn’t prepared for that question so early, but let me tell you, I think there are two parts to that question. Let’s talk about the first part.

They see it as a problem. They see it as you know, uh, just a hindrance of its kind of true. Say that not jokingly because, you know, think about it. You’re a business executive in a company, and you’re running a product line or whatever, and all of a sudden security comes at you with an assessment, and then you have, compliance that wants you to fill out a questionnaire or go through.

Then you’re getting audited because maybe you move money, or maybe it’s just your turn at the wheel and then all of a sudden, you know, the PCI team’s coming in and then all of a sudden, like you have five different teams taking up time from the people who are managing your operation, who are managing your go-to market, who are developing your product, who are supporting customers, who are supporting revenue.

And the next thing you know, the things that are quote-on-quote under the umbrella of compliance in some manner that is taking up, you know, 18 to 20% of your organization’s time. So I see why they get less than friendly when we walk into the room. 

Kyle Morris: To put it lightly. 

Roland Cloutier: To put it lightly. So, I think we have an issue of understanding organizationally, as a cohort of people trying to do the right thing in business operation’s protection to ensure this entity of the business, how do we do it better? So I think that’s step one. How do we do it better? Can we have a shared services model? Can audit ask some of the questions that I would use? Can we have a shared GRC platform that we all utilize to go get information out of or put our reporting in?

Can we share resources, right? If we have really good, you know, a lot of organizations aren’t that big. We don’t have time to send out so many people. Maybe I have six questions and when your team goes out, you ask them for me, or you go collect the evidence. Can we do it in an automated way? If we’re doing evidence collection on technical infrastructure or policies, we don’t need to talk to the business.

Right? We should be able to connect to that in an automated way. A great architect and technologist that have been working for me for years until recently, he’s now a chief security officer, just got his. First Chief Security officer job, VJ LaRoza. He was accountable in our model, in our last model to actually create technology in the architecture organization to automatically test, validate, and ensure controls in an automated way through that problem from the business.

When we do that, we’re showing that we understand and um, great, um, empathy for, you know, for our business and, and for our internal clients. 

So that’s really step one, drive empathy through advanced capabilities in how you deliver compliance. 

Second, I think is do it when it counts. You know, if, if people are trying to go to market, like if you sit down and, and the company says, Hey, we want, you know, we wanna do business in Brazil this year. We haven’t done it in latam. 

Brazil has the biggest population we want to attack there. What do we have to do to be able to do our business there? Be their partner, research it, know what you have to do in order to help them accelerate, get ahead of it, build your compliance portfolio model specific for that geo region.

So they can go running in fast and deliver their services and achieve their market. Be their partner in their go-to-market, be their partner in what they’re trying to achieve by products. Know the next two years of products, the next two years of geo expansion, and help them achieve that.

Not when they get to the gate and they’re ready to run. But well before that, you know, think, think about it, you know, potentially starting these programs two, two years, 18 months in advance. So when they’re there, they’re delivering, they’re not waiting on quote. Compliance approval. 

Kyle Morris: Sure. I think there, there was a, a ton in that itself, if I had to take four key words from that.

And going back to the original question with how you got the value and, and sort of jumping around a bit there, I would from my side have to sum that up and say support, value, automation. And there was one other one that’s obviously affect me now. 

Roland Cloutier: Empathy. 

Kyle Morris: Empathy, empathy. Yes. Yeah, that was exactly it.

Thank you. Yeah. And I think if I, uh, it makes sense looking at your, your background and, and your success that, with that in the forefronts of your mind, why, why your career has been as it. Exactly as it has, because let’s go back to the other side where we’re saying compliance is regulatory, or it’s a need for a business.

Your whole approach that you’ve just taken us all through here is very much. Actually getting that value and support. It’s not a case of you have to do this and go and do it. It’s okay. I’m going to be a part of that journey with you to, to go and do that. So I, I really think that’s awesome. And I think the people that have worked with you, uh, I, I imagine it’s been an absolute fantastic time for then, rather than having someone that’s sort of enforcing stuff and, and you’re not seeing that benefit of it.

Roland Cloutier: Well, I think it’s a two-way street. I think a lot of the things that I’ve learned through my career that compliance experts and professionals. Right. I’m tangible, you know, I’m a, I’m a yeah, you know, umbrella leader in, in the security risk and compliance space. But you have, uh, men and women that have done this their entire careers.

This is their passion, and they’ve been at the, at the front line, they’ve been the forefront. They’ve been the, the sharp tip of the spare going, going, you know, in this area. And, and they say, listen, we’re tired of getting beat up. We’re tired of, you know, being looked at like this. We, we think we should do things differently.

And, and I think the industry as a whole, as kind of this. This new focus on compliance and new professional training in postgrad and compliance in postgrad or new certifications in compliance really is changing. Uh, going from, you know, I had a CPA and I wanted to do something more on the technical side, so I went into compliance to, this is a full-fledged, career field and multi-level career field that people are getting into it.

So I’m learning as much through them, as I’m helping them into the business.

Kyle Morris: Absolutely. 

Maybe going one step back to the, the automation part you made mention of. I would love for you to, to talk us through a little bit more from, in your experience, how you’ve seen that efficiency gain or just the advancement of being able to utilize automation in a compliance process for an organization as a whole.

The pros to it, any issues or risks you’ve seen with it. What’s your experience been like? 

Roland Cloutier

It’s been exciting, actually. I mean, what is compliance? The compliance is the assurance that a control is in place, operable, um, and in some cases necessary, depending on what type of, uh, you know, program, you know, you, you run.

And so I think one of the first efficiencies, from an executive perspective, just from running a p and l and um, and, and driving, cost assurance for businesses. Do we even need the control anymore? Like, can we reinvest in controls that we need by removing other controls? So I think when you are able to put in a capability that tests the efficacy in the, um, the validity, of necessity for any given control in an automated way. Like, is that even a problem in our environment? 

Do we have secondary or tertiary controls that actually become a primary control? So this automation has enabled us to very quickly pivot, when necessary, away from controls that are no longer valid.

You’ve seen it right a thousand times. Why do we even have that? Yeah, we tested it. There’s evidence, but there’s never been an alert against it. There’s never been you know, I, I don’t think we need it. Oh, okay. Let’s get rid of it. Um, yeah, so, so I, I think that’s number one. Number two is just the time, like if compliance is done in an extremely manual.

And an average compliance assessment, you know, you, I’m, I’m sure you do this, you know, in, in your space as well, takes, you know, an average of, uh, 40 hours for interviews, 80 hours for collection and analysis, right? You just go through the numbers. All of a sudden it’s, it’s one FTE for a full month for a single compliance review on a single topic.

Isn’t that crazy? Like you only get 12 months in a year to be a business. It takes one month to do one, including the report writing and delivery and, and you know, and sitting down a meeting, what if when an analyst sat down to do a compliance assurance? The data was already in front of them. Like we collected it on the control.

The evidence was there. Machine wise, no human touch it, so it can’t be faked, altered or anything else. And so we’ll get to trustworthiness in a minute, but all of a sudden all the data is there, and it’s automatically aligned with the control functions that I’m trying to look at, and it’s put in report format.

Matt, we graph showing what it was last month. That’s just data. That’s collecting data, putting data in right spots, analyzing and presenting in a human factor way that gives us the capability to understand it better at speed. And it’s done. And so that four week effort turns into a one or two day effort and then a delivery.

So now what are we getting to? We’re getting to a continuing assurance, a continuing compliance, because that’s what we’re after, isn’t it? It’s not a one and done, it’s one. Wanna make sure that our, our business is compliant, and assured on a continuing basis. So all of a sudden that that magical term of con of continuance is there, and we’re living it.

So that’s, that’s the number two thing I’ve seen is that, hey, where are we at with that? And are we still in compliance? Yep. Yesterday’s report came up, validated, it’s still working, and we got six alerts against it, and here’s the process that, you know, was handled after it. Okay, right? You can get that level of operational assurance as a leader in an organization through that.

And the last component I’ll, I’ll talk about is trustworthiness, right? It’s not that we don’t trust people to collect the information or trust people to give us the right information, but how many times do we have, collect the information, do interviews, ask six other questions, and they go watch your process?

Because we weren’t sure if we were getting, you know, the checkbox answer for a reason. We weren’t sure that, let’s be honest, people just want us to go away, so you know, we spend a little extra time part of that four weeks, is spending extra time to make sure we’re not, we’re not getting snowed. Well, when you do it through technology, you don’t have to worry about getting snowed.

You have you, you show them, you have confidence in them. You have confidence in their program, you trust them, and that relationship just gets better. So you have trustworthiness and a better relationship a lot, what more could you want, go automation!

Kyle Morris: I think that’s an incredible summary. I don’t have too many points to add to that, to be honest.

I completely agree with every single thing you’ve just mentioned, and one thing, I’m wondering as we go through this is, How did, how did you transition from law enforcement to compliance? I mean, I can hear compliance is the passion. You, you live it, you breathe it on a daily basis. Uh, I maybe that’s why you, you went that way.

What, what sparked that move? 

Roland Cloutier: 

Oh no. Totally. On the other side of it, actually, I did it because I felt like an idiot. Um, I was, you know, a federal police detective doing felony crime investigations, uh, mostly the fraud space and, uh, and theft and diversion and things like that. And, and the problem was…

I didn’t necessarily understand it. And, uh, I had a, a really good mentor, uh, guy by the name of Don Swick who passed away years ago now. But, he was a professor at Boston University, and we used to work close to each other, so I would run over to his office when I had a case that had something to do with computers, I’d be like, Don, Don, Don, explain this to me, this computer stuff. 

Like how do, like the forensics aspect of it, how those systems integrated with the data. So, it got to a point probably a couple of years into it. Uh, and, and he goes… Hey, hey, listen, I really like you, you’re a good guy, but I don’t have all the time for you in the world.

Maybe you should go back to school. You have an acumen for this. So, I did, I went, I actually went back to know, a computer extension school for a couple of years, went through their program they had at the time for, for this type of technology, fell in love with it.

Honestly, Kyle, I was kind of class clown in the back. I was the guy that churning off other people’s computer remotely, rebooting their machines, formatting their discs, like I was that guy. Uh, and just enjoyed the technology, you know, when I came out, dipped my toe in the dark area of commercialism and doubled my pay from government.

And as a young father, you know that’s pretty important to the family. And then found out I could do just as much in protecting the world through computers and the commercial sectors I could do in law enforcement, and started building global security teams. 20 years later, here I am.

Kyle Morris: Amazing. I feel like that is a, a very unique, um, resume and background story. I’m definitely gonna tell a, a good few people about that. I won’t bore them with all the compliance stuff, but definitely, the, the movement of it. It’s really cool. I think as a millennial or a just, just to sort of add into that, 

Roland Cloutier: Will you tell my kids that?

Kyle Morris:

I don’t think they thought that was cool, so I appreciate it. No, I, I think it’s a very cool journey. Just the interest or curiosity, for, for knowledge and to, to know things that you made mention of. Okay, let’s go, let’s go back, maybe not the whole way from 20 years, year by year timeline, but tell, tell us about some projects and initiatives that you’ve been a part of when, from when you started in the compliance space, maybe a few more recently, that evolution.

What, what stands out for you? 

Roland Cloutier: Yeah, in compliance, I want to say there’s probably like four things, maybe five. We don’t, we don’t have all day, but you know, that really spun my head on the space. At first was actually one of my first jobs as a chief security officer. I was doing work for EMC, in which I was the Chief security officer for EMC.

And I was at uh, for those of you that don’t remember, it’s now, uh, Dell EMC. They were the largest distant storage manufacturing company in the world. And like they were in 80% of critical infrastructure industries around the globe, so there was a lot of compliance. 

But one of the customers, the US government at the time had a lot of compliance requirements under how we secured, the manufacturing process, delivered it, so on and so forth.

I had, you know, the Office of Inspector General and things like that while I was in the, in the military and in law enforcement, but, I wasn’t ready for that level of compliance. And what was neat is I had to build it from the ground up. So I had to learn about it. I had to learn how to fit into my operations, how to budget for it, what type of people to hire.

So my first foray into true, honest to God compliance was through the requirements the US government was, was giving us for protecting the infrastructure we were providing them. 

So that was, I mean, that was a pretty deep way to go. I mean, you know, everything from the technology to the people, to the backgrounding, to the clearances and everything in between.

So that was, that was a pretty big, uh, project and, and then I got into some pretty big PCI projects. And people will say, well, that’s not really compliance. You know, that’s certification. Like, I don’t wanna get into the argument, but at the end of the day, the controls necessary to run a PCI program, um, monitor it, assure it a test report, uh, and validate.

Um, it was pretty big. And, you know, in segmentation of infrastructures and what operating environments and on and on and on and on, like all the things you. So PCI broadened my eyes to the complexity and compliance of compliance, right? Like, how do you, how do you do it? If you’re in a global multinational with infrastructure around the globe, and it’s just being processed in this area, how do you reduce the impact to the business?

And that was the first time I really started thinking about this like, We shouldn’t be worrying about the entirety of the data center, just the 12 systems that, you know, impact PCI and how do we make sure we do that for the business. So being on both the compliance side and the operation side was great because I could just go change the architecture, which would reduce the compliance requirements and, and it, still make it assured to the level that we want to do for our marketplace.

So that was PCI. Oh, and then GDPR. Oh, the sweet GDPR. You know, I had an amazing privacy partner. His name was John Goz over at ADP and about two years before GDPR came out, you know, we were a solid privacy organization. We had to write letters of bad cessations between organizations.

We had, you know, um, for all unique that are in the privacy space, you know, we were doing uh, data flow analysis, dfa. You know, privacy impact analysis. We were doing all that stuff before gdpr, but GDPR changed our world, right? Um, and so we know we had to have automation. Um, we know we had to have levels of assurance in, in those data flows and the controls.

So also we’re marrying privacy with compliance, with data, with data assurance. So data defense and data assurance. It was a whole new world, world for us that we had to. So we got a lot of, you know, education over two years as a team, putting that in place. And I think the last one, not my favorite at all was M Y D F S, where actually me as a chief security officer had to sign to the asset station and compliance, to the state of New York for financial controls assurance on the technology.

And it was different cause that felt very compliance, like that didn’t, felt like it wasn’t the best, like, it didn’t make sense to me as a practitioner for the business or for the people that they were trying to serve. It felt like it more of a, a knee-jerk reaction at the time. So we had to come up with interesting ways to ensure that I, if I’m going to sign something, you know damn well I’m going to go through every single aspect of it.

So how did I get that level of validation and verification? That’s when we came up with the automation. How do you do this in an automated way that I wasn’t relying on people turning in you know, a questionnaire or something like that. I wanted to make sure that at a technical level, I could, I could go into a court, you know, raise my right hand swear in the Bible, and they’d know 100% um, that, that those controls were effective. So anyways, those are probably my top four, but they’re all impactful and, you know, how many years they take, uh, you know, to, to get ’em there. So their compliance has just been a part of my portfolio for a very long time.

Kyle Morris: 

Absolutely. And I mean, what a journey and, and what an experience as well, and thinking about a lot of the points you’ve made mention of and, and obviously working around the world with different companies, different, uh, corporates and, and cultures. Have you ever experienced any specific challenges or, or anything sort of stood out to you from, I suppose, a cultural, is maybe the closest way to sort of frame it where some are, are really security minded and, and willing to adopt, um, certain security or operational aspects as we are saying or not?

Roland Cloutier: Kyle, do you sit in Europe? 

Kyle Morris: I do not. 

Roland Cloutier: Okay. Uh, I normally get that, that question, uh, when we’re talking about Europe, the answer is yes, of course. I mean, you know, every culture is different every. Every business is run. I mean look at the difference between, board of directors, just from the United States or Europe, right?

So in the United States, boards have a responsibility to ha to ensure that the management is capable of doing the right things to manage the organization that’s as deep as they go, typically. In Europe, public boards have a much deeper requirement. They are to be part of the management of the organization and are accountable for delivering appropriate management to the company.

Right. So it’s a very different view, and it starts even at that board level. What I, what I’ll say is in different parts of the world, things like risk are looked at differently. The word risk is used in different concepts. It’s very different, call it in Asia or mainland China than it is in the United States.

What is operational effectiveness? You know, that’s very, very different when you are, you know, working in you know Europe versus the US or uh, you know, what privacy controls mean in, Eastern Europe or mainland Russia, to other parts of the world. So you have to build your program based on context, and you need people to educate you.

The worst mistakes I’ve ever made in my career is to run in headstrong, knowing how to solve so, uh, that’s a global issue in many geos or jurisdictions and not taking into account, um, uh, kind of what we would call globally local. 

How are they thinking about it locally? How do you have to support them locally?

One of the big reasons I always created what we would call theater of operations, right? So, the same thing military taught me was you break up the world in different theaters, you’re going to operate differently in there because they have different laws, different requirements. Your supply chain’s going to be different, your people are going to be different.

How do you make sure that you understand this? So that’s number one. 

Number two is get business security officers, uh, or BSOs very close to the business in those areas and, and hopefully in the same culture, right? So they’re professionals in our career field, but, um, culturally aware and understanding, so they can help you, as part of your extended leadership team, actually deliver your services into that region appropriately with context.

So context is key and context is important in this business. 

Kyle Morris: Amazing. I, I can see from the start of our conversation when we said this podcast was gonna go, that time is absolutely flowing today. I do still, I have one more question that I’d love to get your insights on and then, maybe any, anything in closing that you’d like to add from your side?

We’ve covered and, and obviously spoken about the benefits and the use and aid of automation a lot. So we’re in 2023 right now. 

How do you see a global security officer or the aid and advancement of automation in this compliance space 10 years from now? 

Roland Cloutier: 10 years now. 

Kyle Morris: What’s the future? And the future? 

Roland Cloutier: The future looks like.

I hate to say it, um, especially for this podcast, but I think, we Nirvana in the area of continuing compliance assurance, will be here. I don’t, I think you’re going to be able to escape it. You’re not going to be able, we’re not going to see the questionnaire, um, we’re going to be able to click a button and see the verification and validation.

Compliance becomes a part of the daily operation. And, and so if, if a control is not in place or effective, it’s immediately fixed. Um, if it’s, if it’s, uh, and in some industries and people are going to cringe when they say this in, some regulators will be notified immediately. As the business is being, like, if it’s that sensitive of control and there’s a reporting requirement, the system will, will be so smart that, um, the government will know about it and, um, and, and the business will have to validate, repair and, and validate the repair, so to speak.

So I see less heavy intensive compliance organizations, smarter ways to implement, compliance reviews and assurance. And you know, I just see that, you know, we’re reaching where we’ve all wanted to be in the next 10 years. I think it’s there. I think we’ll see businesses in the next two years pop up in this space that will actually drive the technology around it.

Listen, you’re already seeing it with these incredible, you know, once in a lifetime, startups in certain areas, look at, I’m trying to think of something in compute that wiz technologies, right, that are doing it within the cloud infrastructure, um, uh, assurance, where if something is off slightly within a container, your team knows about it.

You’re going to see this in, mesh managed networks. I mean, this is all coming up. Organizations are not just taking the protection, monitoring and response view, they’re adding in compliance into this technology. So it’s immediate compliance as well. So, um, it, you know, the world’s looking up in the space.

Kyle Morris: Absolutely. And, and the benefit is there. And like you said, it’s immediate. It’s not once a year. Oh, quickly get everything in place for your audit that’s upcoming. It’s on a daily basis. You’re actually giving that assurance to your customers, to your business partners. 

So yeah, I definitely, maybe a bit more daunting for customers and organizations at a starting point, but once everything’s in place, should be pretty seamless and pretty quick.

Roland Cloutier: What, what if, what if compliance was renamed to the trust organization? Right. You see some of that with security organizations, chief security officers. Yep. Be, you know, helping the brand, you know, being called trust. What if the trust was delivered by compliance? And that’s how people looked at compliance in the future.

Kyle Morris: Yeah, absolutely. I think that is a, a brilliant final remark. Is there anything else you’d like to add before we wrap up, Roland? 

Ronald Cloutier:  No, just, uh, thanks to all the partners around the globe out there doing this work. I mean, I think it’s really, uh, As a Chief Security Officer, it’s really important. I know it doesn’t feel it on a daily basis, but, uh, keep doing it because you are making the world a more safe and trustworthy place.

Kyle Morris:  Absolutely. And thank you so much. Thank you for your time today, for your insights. It has been an absolute treat to have you on the podcast. 

Roland Cloutier: Thanks, Kyle

Kyle Morris:  Really appreciate it.