In this episode of The Art of Cybersecurity, Cheri Hotman sits down with GRC leader Jerry Koshy for an honest, practitioner-to-practitioner conversation about what it really takes to build effective cybersecurity and risk programs.

While compliance and risk management often get framed as rigid processes or box-checking exercises, Cheri and Jerry explore why the most impactful work in GRC is actually an art form—one that requires leadership, communication, and the ability to align people across an organization.

Together they discuss:

• Why governance is often the most overlooked part of GRC

• How cybersecurity professionals must act as business enablers, not roadblocks

• The role of culture, buy-in, and relationship building in successful security programs

• Why many organizations struggle with audits and third-party risk management

• How strong GRC programs focus on continuous improvement, not just passing audits

They also dig into the realities of burnout in the field, the importance of emotional intelligence in leadership, and why the best cybersecurity programs succeed because of people—not just technology.

This episode is a candid look at the human side of cybersecurity, and why building secure organizations requires both science and art.