Ever experienced the frustration of multiple security audits that yield the same findings with no real path forward? You're not alone. Security audit fatigue is a widespread challenge facing organizations today, and it's exactly why we created IT Audit Labs.<br><br>Welcome to the premier episode of "The Audit," where we introduce our team of cybersecurity and operations professionals passionate about bridging the gap between identifying security problems and implementing practical solutions. Founded in 2018, IT Audit Labs began with a simple observation: companies were getting audited repeatedly but lacked the resources and expertise to translate findings into effective security strategies. Our founder Eric Brown shares how this realization led to building a team that goes beyond assessments to deliver actionable security roadmaps supported by strong project management discipline.<br><br>Meet our diverse team of experts: Kyle Rosendahl brings his expertise in penetration testing and red team operations; Nick Mellom specializes in social engineering and compliance frameworks like CMMC and NIST; and Mandy Ray contributes her skills in project management, organizational strategy, and security education. Together, we're committed to making information security accessible, practical, and even enjoyable. We're tired of security content that's either too technical to understand or too vague to implement, so we're creating something different – insightful analysis of current security events, expert interviews, and practical guidance delivered in an engaging format.<br><br>And for those interested in our more unfiltered thoughts? Don't miss our upcoming "Audit After Dark" series where we'll discuss all the things we can't say during our workday – adult beverages included! Join us on this journey by subscribing to the podcast and connecting with us at itauditlabs.com or on social media. Let's transform how you experience and implement information security together.
Eric Brown: 0:05
You’re listening to the Audit presented by IT Audit Labs. Welcome to the Audit, a podcast by IT Audit Labs professionals. We are starting a podcast and this is our first episode. So who is IT Audit Labs? Well, we’re a group of cybersecurity and operations professionals who have a varying degree of interests in the information security field and we’re going to talk to you about them over the course of our podcasts. We’ll have guests on and we’ll have other folks on from IT Audit Labs to engage in a variety of topics and areas of our passion. And my name is Eric Brown. I’m the founder of IT Audit Labs. I have a background working as a technology and security executive and I currently consult in a variety of vCIO and vCISO roles across a few different verticals.
Eric Brown: 1:16
My personal interests in information security are related to personal security and privacy, so I hope to unpack a few of those things in the upcoming podcasts. It Audit Labs was founded to fill a gap in the information security auditing space. I had run across a few different customers who had essentially audit fatigue. They had been audited a number of times. I think in one case a customer had five audits over a three-year period and they were getting a lot of the same audit findings, but they didn’t have the staff or the resources to interpret those audit findings and build a security strategy to address them.
Eric Brown: 2:10
So that’s where we came in. We were founded in 2018 and we focused initially just on audit and security strategies to mitigate those audit findings, and we quickly grew into providing project and program management services, as we saw that as really a key discipline to help organizations actually put action to the strategy. So it wasn’t enough just to have the strategy and the resources to accomplish the strategy, but you really needed that strong project management and program management discipline to achieve the results. So we brought on some really great program managers and have expanded into blue teaming.
Eric Brown: 3:07
We do staff log in other IT service areas and then our core areas are compliance audits, fractional leadership in the VC, so in the CIO space we do social engineering security assessments and pen tests. So over the course of the podcast we’re going to feature a number of our security team members and you’ll hear from some of them coming up throughout this podcast.
Kyle Rosendahl: 3:37
Hi, I’m.
Eric Brown: 3:37
Kyle.
Kyle Rosendahl: 3:38
Rosendahl. I’m a security practice lead here at IT Audit Labs. I have a background working as a security engineer and a consultant on numerous projects helping to protect sensitive assets and things for a wide variety of different companies. My main field of study and interests lie in penetration testing, ethical hacking, malware analysis and red team operations. So if there’s ever a red team engagement or a penetration test going on here with IT Audit Labs, I’ll probably have my hands in that pie to some degree.
Kyle Rosendahl: 4:10
As we move forward with this podcast, we’re looking to bring some key insight into the field of information security to you as the listener. A lot of the times we find when we go out and we search for good security content out there that it’s either very convoluted and very messy and very technical and not always the easiest thing to listen to, or it’s just very broad and you don’t get many of the specifics. So some of the things that we hope to bring to the podcasting space here with the podcast are some deep dives into current security events, things that are going on in cyberspace, in information security, that you may or may not be aware of, that could have a direct impact on your life. In our field of work we run across a lot of very talented and very, very intelligent individuals. We hope to bring some of them into here to do some interviews and to talk about what they’re seeing in the field and to really get a deep dive into how they’re using their intelligence and their businesses to help better information security for corporations as well as individuals. And then we also hope to just bring a voice of fun to information security.
Kyle Rosendahl: 5:29
At times it can be a kind of downward-looking field. A lot of you can do this. You cannot do this a lot of rules and things set up to kind of keep systems and people safe. But we hope to make it fun, help bring a level of insight to the field, to help you as an individual understand maybe why those rules exist at your companies, see what the attackers are doing, how they’re trying to breach the defenses and take advantage of things either that you do or the rules set up at your company, and then why those rules or things might be put in place. So we look forward to kind of bringing a lot of this content to you and making it fun and entertaining in the process. Hey everyone.
Nick Mellem: 6:15
my name is Nick Mellom. I work as a security engineer here at IT Audit Labs and my background is working as a security engineer and consultant on projects ranging from social engineering, risk mitigation and compliance within CMMC and NIST. I also have experience working with the private and public sectors, including the Department of Defense, and overall I really just enjoy helping companies of any size find their gaps in their security infrastructure and making them feel whole.
Mandi Rae: 6:43
Hey, I’m Mandy Ray, a practice lead at IT Audit Labs. I specialize in project management, organizational strategy and change management. I’ve worked in both the private and public sector, leading security initiatives and technology projects. I’d say my true passion in security is training and education, especially as it results to parents, kids and teens. I also enjoy strategizing with my co-workers on red team activities and social engineering. In addition to our regular podcast series, the Audit, we will also be publishing not-safe-for-work content with the Audit After Dark. We’re hoping that these podcasts include us enjoying adult beverages, games, competitions and having conversations of all the things we want to say but really can’t during our workday. In conclusion, we hope you enjoy this ride with us. We really look forward to sharing our expertise, experience and education. If you want to find out more about our team services or find other podcast episodes, please check us out at itauditlabs.com or on LinkedIn, Facebook or Insta.
Eric Brown: 8:01
Thank you for listening to the Audit by IT Audit Labs.