ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Being a Lifeguard Instead of a Police Officer and Compliance Is NOT Security - David Hawthorne"
Episode Synopsis
In this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.We will discuss the role of the compliance audit and what frameworks like SOC2 were supposed to solve. We dive into the approach of supporting and empowering teams as a lifeguard as opposed to being a police officer yelling "no" all the time. By the end, David shares some practical advice for growing your team and staying safe as you scale.Links mentioned in this episode:http://davidhawthorne.comhttps://github.com/shellninja
More episodes of the podcast The Security Repo
The CISO Whisperer Approach: Security Leadership, Empathy, and ‘Dad Bod’ Metrics – Douglas Brush
17/12/2025
Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press
10/12/2025
Why Technical CISOs Matter and How AI Is Shaping Security Ops - David Cross on Leading Security
26/11/2025
From Military Intel to CISO: Navigating Security Leadership in the Age of AI – Darren Desmond
12/11/2025
In God we trust