Schedule time with us in San Francisco April 28 to May 1 here:

https://calendly.com/KleverScheduler/30min?back=1&month=2025-04

Ask us for your recording!

Third party risk is broken. Why? How do we fix it? Join me in conversation with Blake Hoge, Norm Kromberg with moderation by Rachel Curran to take a fresh look at some approaches for fixing it

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original event March 19, 2025

Think cyber GRC is a one-and-done project? Think again. Compliance is so much more than working through a checklist of vague controls that may not even apply to your company’s actual operations. Checkbox compliance wastes money, creates unnecessary busywork, and often leaves an even bigger mess to clean up than before the process started.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original session on March 18, 2025

𝗛𝗼𝘄 𝗱𝗼 𝘆𝗼𝘂 𝗺𝗲𝗮𝘀𝘂𝗿𝗲 𝗮𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝗻 𝗿𝗲𝗮𝗹 𝗯𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝘁𝗲𝗿𝗺𝘀? It’s time to move beyond vulnerability counts and start quantifying cyber risk in a way that executives, regulators, and engineers all understand. This session explores how organizations can go beyond traditional vulnerability tracking and adopt risk-based compliance frameworks that align with business strategy and regulatory expectations.

In-Person Conference in Vegas Mar 4-6! I’ll be a speaker championing consumer privacy handling to include identifying & classifying this type of data, aligning to all of the consumer privacy regulations, and being able to fulfil consumer requests! Today there are 120+ countries with consumer privacy laws, this is in addition to the US-based states that have consumer privacy requirements

Virtual event on Jan 29 2025 @ 10am Pacific or 1pm Eastern! Join us or come back here to watch the recording!

You know you've thought "How did they miss that?!" or "What where they thinking?!" after reading a story detailing a major fail that shouldn't even BE, had a proper GRC program been in place! Let's all come back to the basics and say no to checkbox compliance. We've been swimming in the oceans of spreadsheets and tool abundance, but are still losing data at an exponentially tragic frequency.

Join Mike Andrewes and myself as we use some magic 20/20 hindsight in assessing some real-life GRC Gone Wrong.

Jan.22, 2025 virtual event!

See speaker list however our CEO is speaking from 11:05 am until 12:50 pm so pack your lunch and get two CPEs :)

Session title is “Auditing A Properly-Functioning GRC Program” which means we’ll discuss how to stand up a GRC Program, using NIST v2. This is a not to miss event! Make sure you register!

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original event November 26, 2024

Politically neutral awareness for how we can prepare our companies to be compliant amid the administrative shift. What does this new administration mean for us, exactly... We'll talk about new attitude, regulations & priorities on cyber governance

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original event November 13, 2024

GRC Pro? GRC Novice? Somewhere in-between GRC knowledgeable? Join us Nov.13 for a quick reminder checklist as you prep for 2025 - We'll explain why it's important do begin to build a GRC program with appropriated controls

Click on *READ MORE* in this section to watch recording of this session on ISACA's platform - Original event November 12, 2024

So many of our compliance programs are unnecessarily complicated, laden with spreadsheets that are many thousands of rows but not reflective of our actual operations. Despite our genuine desire to be compliant, our efforts are overshadowed with irrelevant busywork and the myriad of tools sold to us as silver bullets. Meanwhile the breaches, ransomware, and losses continue to mount.

Here is the LinkedIn post: https://www.linkedin.com/posts/isacala_join-us-for-our-november-12-webinar-so-activity-7256819619972186112-sDen?utm_source=share&utm_medium=member_desktop

Here is ISACA's site with link to recording and content discussed: ISACA Los Angeles November 2024 Webinar - November 12th, 2024

In-Person: Oct.15-17, 2024 Boston, MA (Marriott Copley Place)

Our Founder is a speaker at The Best Data & AI Conference for CDAO’s in North America!

This is the annual meeting place for all senior data decision-makers from leading corporations across the country, facilitating connections for senior level Data & AI leaders across North America. Join the conversation #CDAOFall

In-Person Oct.9, 2024 Santa Monica, CA (Annenberg Beach House)

On the sand! LITERALLY on the sand! Enjoy Santa Monica's beautiful Annenberg Beach House, hosting ISSA-LA's Summit on Oct.9. Karina will be a panelist at one of the sessions. Join us in person for great networking. Opening reception is the prior evening on Oct.8 after the CISO Forum.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original event October 1, 2024

Business risks are growing for collecting personal/consumer data. Whether your organization collects personal data of employees, consumers, or business contacts for its internal use or to share it or sell it with business partners or other businesses for profit (data brokering) there are legal, financial and reputational risks regardless of your industry.

In this webinar experts in Data Surveillance, Governance/Risk/Compliance, Operationalizing Privacy Compliance and Cybersecurity/Data Protection will translate the issues into business terms, discuss the and reputational business risks and practical approaches to mitigate the business risk

In-Person: Sept.19, 2024 El Segundo, CA

This cybersecurity conference is NOT your average one. It focuses on local community networking and learning with an enjoyable meeting experience. No vendor booths or sales pitches. Meet vendors and your peers in golf bays. Benefit from expert insights in the morning and enjoy golf, food, and networking in the afternoon. Gain valuable insights, networking opportunities, and tools to combat cyber threats. You also get to explore a selection of vendor solutions from our CISO-vetted and curated list of 250 shortlisted vendors. Yep! We do the evaluations so you can rest assured the solutions do exactly what they say they do!

Click on *READ MORE* in this section to watch recording of this session on LinkedIn

YouAttest for Identity Permission Checking: This recorded #AuditTuesday goes into the enterprise problem of aligning enterprise roles/privileges (usually held in the HR) system with the various identity stores (including the IAM).

In-Person: Sept.5, 2024 Ogden, UT

Our founder is a speaker at an eventful day where cybersecurity meets the spirit of baseball.

Whether you're interested in industry insights, networking opportunities, or simply enjoying a game, this summit promises something for everyone.

Click on *READ MORE* this section to watch recording of this session on LinkedIn - Original webinar on July 26, 2024

Adhering to compliance have you spinning? Time to check how relevant controls are to your actual functions & appropriate their use within your company. Well-written controls will help your operations (not hinder them!) and will surface legitimate failures faster.

Join us as we discuss how to stop drowning in an ocean of vaguely written controls which may not even apply to you - then build passive evidence gathering practices which help you focus on true mitigations & maturity.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on July 16, 2024

Our final session recapping critical governance, risk & compliance areas - establishing & prioritizing focal areas, appropriating controls, creating KPIs, measuring risk (that actually applies to you!), aligning resources: people, process & technology. We're cramming in as much as we can into an hour! All 5 sessions will be available for viewing at your leisure.

If you're working on getting your CGEIT cert, or curious about some GRC refreshers, this is where you want to be!

Click on *READ MORE* in this section to access podcast - Original availability date was July 13, 2024

DiscoPosse Ep 256 - Simplifying Compliance: Navigating GRC with Karina Klever

Karina Klever, founder of Klever Compliance, shares her extensive experience in governance, risk, and compliance (GRC). With a career spanning over three decades, Karina delves into the fundamentals of GRC, breaking down complex concepts and offering practical insights on streamlining compliance processes. She emphasizes the importance of creating tailored policies, managing vendor relationships, and the necessity of passive evidence collection. The conversation also touches on the impact of AI and data retention in modern compliance frameworks. Tune in to gain valuable knowledge on demystifying GRC and making it more manageable for your organization.

Click on *READ MORE* in this section to watch recording of this session on LinkedIn - Original webinar on July 12, 2024

Compliance is not a checkbox exercise. This session discusses appropriating influences (regulations and frameworks), and understanding the differences. We also discuss vendor management risks and how data that may be relinquished downstream is at the biggest risk of breach due to the weak controls. Avoiding vague nebulous words in your published guidance allows for passive evidence gathering and eventually automation. Make auditors your friends!