Episode 78

full
Published on:

20th Aug 2025

Streamlining the Compliance Journey - An End-to-End Approach

Is your compliance strategy making life easier or just adding more chaos?

Welcome to Razorwire, where we take you to the heart of cybersecurity with voices that have seen it all. I’m Jim, your host and in this episode, I’m joined by Martin Davies (Audit Alliance Manager at Drata) and Patrick Sullivan (VP of Strategy and Innovation at A-LIGN). Together, we explore how to cut the compliance overhead, eliminate duplication across multiple frameworks and turn compliance into a competitive advantage that actually speeds up sales cycles.

Compliance is rarely anyone’s favourite topic, yet it’s unavoidable and organisations are under more pressure than ever to do it well. We explore why compliance keeps getting more complex, what’s actually driving value and how the right blend of people, processes and technology can transform it from a painful cost centre into a genuine strategic asset.

Key topics:

  1. Cutting Compliance Overhead: Discover practical ways to avoid duplication of effort, map overlapping controls across frameworks and use technology to bring order to compliance chaos.
  2. Compliance as a Value Generator, Not Just a Cost: Hear real world perspectives on shifting the mindset around compliance, from being a necessary evil to a competitive differentiator that can support new business, speed up sales cycles and add commercial value.
  3. The Road Ahead: Continuous Monitoring and Emerging Pressures: Explore the shift from annual audits to ongoing assurance, the impact of AI on compliance frameworks and the new reality of management liability in regulations like DORA and NIS2.

If you’re ready to rethink compliance and turn it into a source of strategic advantage, this is an episode you won’t want to miss.

On duplication of effort: 

"The words ‘compliance overhead’ - when I hear that, I hear duplication of effort. If someone's doing the same control twice, that's objectively a bad thing." 

Martin Davies


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we covered the following topics:

  • How to tackle the complexity of compliance - Understand why compliance requirements keep growing and discover strategies for managing multiple frameworks without getting overwhelmed.
  • How to turn compliance from cost centre to value generator - Learn practical approaches for positioning compliance as a competitive advantage that can speed up sales cycles and create business value.
  • Practical ways to streamline your compliance processes - Discover methods to eliminate duplication of effort, reduce time waste and support more agile business operations.
  • How to identify and eliminate overlap across frameworks - Learn techniques for mapping overlapping standards and consolidating controls to avoid doing the same work twice.
  • How to leverage technology and GRC tools effectively - Understand how platforms like Drata can transform evidence management, reduce audit stress and bring order to compliance chaos.
  • What auditors actually look for during assessments - Learn why auditors focus on intent and sound processes rather than box-ticking, and how to prepare effectively for audits.
  • When to shift from annual to continuous monitoring - Understand the growing trend towards ongoing assurance and when point-in-time assessments aren't enough.
  • How to manage third party and supply chain compliance risks - Learn strategies for validating and managing external risks as organisations rely more heavily on third parties.


Resources Mentioned 


Connect with your host James Rees


Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.


Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com. We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025

All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
Real conversations helping cybersecurity professionals sharpen their insights, strategy & leadership skills.
🔒 Cybersecurity is evolving — and so should you. Razorwire brings the open conversations that give you the edge.

Welcome to the Razorwire podcast — your resource for practical advice, expert insights, and real-world conversations on cybersecurity, information security (InfoSec), risk management, governance, security leadership, human factors, and industry trends.

Our mission is to help you build a stronger cybersecurity career while supporting a dynamic, agile community of professionals committed to continuous improvement.

Each episode brings you actionable advice and real experiences from your host, James Rees — an information security specialist with over 25 years of experience — and from a range of respected guests across the cybersecurity industry. Together, we explore everything from technical strategies and compliance challenges to security culture, communication skills, and leadership development.

James Rees is the founder of Razorthorn Security, providing expert consultancy and testing services to a wide range of organisations, including many Fortune 500 companies. His practical, no-nonsense approach helps organisations manage cyber risks effectively while strengthening resilience.

The Razorwire podcast is designed for cybersecurity professionals who want to stay ahead, sharpen their skills, and confidently respond to the challenges of today's evolving threat landscape. We believe collaboration is key to stronger security — and Razorwire gives you the conversations that help you achieve it.

For more information about us, or if you have questions you'd like discussed on the show, email podcast@razorthorn.com or visit www.razorthorn.com.