In this episode, Cheri Hotman sits down with long-time colleague and GRC leader Peter Spier for a candid, no-nonsense conversation about what actually keeps organizations secure and what quietly puts them at risk.

Peter brings more than two decades of experience across PCI, audits, and enterprise risk to unpack a topic most teams avoid. Integrity in GRC. Together, they challenge the obsession with green checkmarks, clean audit reports, and “passing” frameworks while ignoring what really matters. Reducing real risk.

This conversation cuts straight through common myths:

• Why a report with zero findings should make you nervous, not confident

• How audits differ fundamentally from running a security program

• The danger of scoping games and checkbox compliance

• Why continuous improvement requires uncomfortable conversations

• How ego, incentives, and fear quietly undermine security decisions

Cheri and Peter also explore the human side of cybersecurity. Coachability, transparency, and the willingness to surface problems early before attackers do. This episode is for leaders, practitioners, and auditors who care less about appearances and more about building programs that actually protect the business.

If you have ever felt uneasy about a “perfect” audit, struggled to push bad news up the chain, or wondered whether your compliance program is giving you a false sense of security, this conversation will resonate.