Table of Contents

• 🤖 Introducing the Extract Wisdom Open AI GPT by danielmiessler.com

• 📘 Ray Dalio's “Principles” Connection

• 🖥️ Pointy Clicky Video Demo: No Command Line or C …

• 👀 Extract Wisdom Results

  • SUMMARY:

  • IDEAS:

  • QUOTES:

  • PERSONAL HABITS:

  • FACTS:

  • RESOURCES:

  • RECOMMENDATIONS:

• 🚀 Neat Eh?!

Views expressed are my own.

🤖 Introducing the Extract Wisdom Open AI GPT by danielmiessler.com

In today’s pointy clicky demo, I show how to use a cool GPT called Extract Wisdom that I learned about in this course I took in January:

Here’s a link to the GPT in the Open AI marketplace:

It’s a very approachable, easy to use tool in your browser and no coding experience is required. Simply take podcast transcripts, blogs, essays, academic papers or anything you can get into text, paste it in to the web interface and hit run. From there the tool does a surprisingly good job at extracting out wisdom. I really like this idea for an AI tool to augment your life: it reminds of some ideas from hedge fund CEO billionaire and leadership guru Ray Dalio.

📘 Ray Dalio's “Principles” Connection

I've talked before about his “Principles for getting what you want out of life” in a step-by-step process:

1. Set a goal

2. Encounter problems

3. Diagnose what went wrong and learn from it (extract wisdom)

4. Design a plan to get around the problem

5. Get results

6. Lather, rinse, repeat

The wisdom gained from this trial and error (or reading/learning about wisdom gained by the trial and error of others - this is why reading is an underutilized superpower) helps you elevate and get where you want to go.

🖥️ Pointy Clicky Video Demo: No Command Line or Coding Required

Transcript Input:

👀 Extract Wisdom Results

SUMMARY:

The GRC Engineering Podcast featured Vic, a security industry veteran with over a decade of experience, including roles at Meta and Marqeta, and founder of Compliance Foundry. The conversation focused on the challenges and future of GRC (Governance, Risk Management, and Compliance) engineering, with insights into compliance automation, the intersection of technology and regulatory compliance, and the evolution of GRC practices.

IDEAS:

1. Compliance automation should differentiate between automating compliance workflows and true compliance automation.

2. Continuous compliance observability is crucial for real-time detection and correction of compliance violations.

3. Effective GRC practices require collaboration between GRC professionals and engineers to align compliance with business enablement.

4. Policies should be machine-readable and dynamic to adapt to changing security requirements without introducing jeopardy.

5. Automated guardrails can prevent the introduction of new compliance debt.

6. Reporting for compliance should be real-time, customizable, and accessible through APIs to meet varied regulatory demands.

7. The term "compliance automation" might be misleading, suggesting a need for clearer differentiation between types of automation.

8. A holistic approach to compliance involves detection, correction, prevention, and reporting.

9. The relationship between GRC teams and technical teams needs improvement for effective compliance management.

10. Talent in compliance and engineering is valuable and should be leveraged for productive compliance practices rather than mundane tasks.

QUOTES:

1. "Do you want to spend your time building out interesting product or creating screenshots for the GRC team?"

2. "The phrase 'compliance automation' is a bit misleading."

3. "We're building out the next generation GRC platform."

4. "Governance, Risk, and Compliance should be thought of vertically rather than horizontally."

5. "Compliance is ultimately a kind of quality control function."

6. "The biggest challenge is that regulators are not engineers, and engineers don't understand compliance."

7. "Compliance has become the be-all and end-all, instead of being viewed as a key enabler."

8. "We as an industry can still do a lot more to mature the GRC practices."

9. "Continuous compliance observability and real-time reporting can significantly improve GRC practices."

10. "I love auditors, I hate audits."

PERSONAL HABITS:

1. Vic's career evolved from responding to a data breach to leading security GRC at major companies.

2. He emphasizes the importance of continuous learning and staying updated with industry practices.

3. Vic advocates for bridging the gap between GRC professionals and technical teams.

4. He prioritizes the automation of compliance to reduce manual tasks for engineers.

5. Vic values real-time data and reporting for effective compliance management.

6. He believes in making compliance a business enabler rather than a blocker.

7. Vic supports the idea of making GRC and technical teams work more collaboratively.

8. He emphasizes the importance of machine-readable policies for dynamic compliance management.

9. Vic is passionate about improving the user experience in compliance through technology.

10. He focuses on preventing compliance debt through automated guardrails.

FACTS:

1. Vic has over a decade of experience in the security industry, with roles at companies like Meta and Marqeta.

2. He founded Compliance Foundry, aiming to automate compliance in the cloud.

3. The conversation highlighted the distinction between automating compliance workflows and true compliance automation.

4. Vic discussed the evolution of GRC practices and the need for a more engineering-focused approach.

5. The podcast covered the importance of real-time compliance observability and reporting.

6. Vic emphasized the need for closer collaboration between GRC professionals and engineers.

7. The discussion touched on the challenges faced by GRC practitioners and the need for innovation in the field.

8. Vic's approach to compliance involves detection, correction, prevention, and reporting of compliance issues.

9. The podcast explored the limitations of current compliance automation tools and the need for more effective solutions.

10. Vic shared insights into the role of compliance in business enablement and the importance of aligning it with company objectives.

RESOURCES:

• Podcast: GRC Engineering Podcast featuring Vic, focusing on the challenges and future of GRC engineering.

• Company: Compliance Foundry, founded by Vic, aiming to automate compliance in the cloud.

• Industry Standards: Vic mentioned the importance of understanding and aligning with industry standards like PCI, HIPAA, and ISO 27001.

• Tools: Discussed the use of Cloud Security Posture Management (CSPM) tools for improving compliance practices.

• Regulatory Requirements: The conversation covered the need to meet varied regulatory demands through customizable and real-time reporting.

RECOMMENDATIONS:

1. Adopt continuous compliance observability for real-time detection and management of compliance violations.

2. Utilize machine-readable policies to ensure dynamic compliance management without introducing jeopardy.

3. Implement automated guardrails to prevent the introduction of new compliance debt.

4. Develop real-time, customizable reporting for compliance to meet regulatory demands efficiently.

5. Improve collaboration between GRC professionals and engineers to align compliance with business objectives.

6. Consider using external tooling for compliance automation to quickly address compliance needs and free up resources.

7. Focus on preventing compliance debt through proactive measures rather than addressing issues post-factum.

8. Explore opportunities to make compliance a business enabler by demonstrating its value in enabling sales and differentiating from competitors.

9. Encourage cross-functional understanding and collaboration to bridge the gap between GRC practices and engineering needs.

10. Stay informed and adapt to evolving GRC practices and technologies to improve compliance efficiency and effectiveness.

🚀 Neat Eh?!

Wow! This output is very high quality. It misses some key insights that I had come up with and added as a youtube comment but that’s because it’s tailored for the GPT author’s focus on:

I look forward to customizing these instructions to match precisely what I’m looking for.

Give it a shot to expose yourself to this wave of technology and advance what you want to do in the world!