Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis announces strategic partnership with Microsoft to acclerate the secure adoption of Copilot.

Learn more

Speed Data: The Principles of GRC With Hannah DeWane

1 min read
Published January 4, 2024
Megan Garza and Hannah DeWane

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Today's episode features Hannah DeWane, Cybersecurity Governance, Risk, and Compliance Specialist at Varonis. Hannah shared a sneak peek into her day-to-day world of security audits, saving the day for our customers, information technology, and her favorite topic, the wonderful world of risk management.

Hannah DeWane’s passion for defending against cyberattacks and threat actors may be what drew her to the world of cybersecurity, but an unexpected bonus was just how much she enjoyed the protection and value customers receive from her ace cyber skills.

“Coming from an IT background, I was interested in the attack side of cybersecurity — incident response, investigations, and understanding different cyberattacks and how to combat those threats,” she said. “As I’ve been in the security department, my passion has shifted more toward how we can bring value to our customers through our cybersecurity program.”

It’s fitting, then, that Hannah acts as the Cybersecurity Governance, Risk, and Compliance Specialist for Varonis, responding to customer inquiries and providing detailed information and updates.

“One of our top priorities is making sure that we answer all of our customers’ questions around Varonis’ security program,” she said. “We’re always continuously trying to improve our security program.”

GRC: The golden trifecta

Hannah is also responsible for Varonis’ security awareness program, bug bounty and vulnerability disclosure programs, external security audits, third-party risk management, and compliance. But Hannah’s favorite topic to explore is risk management.

“Risk management is the foundation of GRC,” she said.

Every company is different, and each business has to identify their critical assets and the major risks to their organization, and then they can tailor their security program around those risks.
Hannah DeWane, Cybersecurity Governance, Risk, and Compliance Specialist at Varonis

Hannah recognizes, however, that the best security postures emphasize all three aspects of GRC: governance, risk, and compliance.

“All three of them are very important — compliance is important because it’s about adhering to the cybersecurity program and certain laws and regulations, and governance is critical because it’s about the security culture and adhering to ethics,” she said. “All three work really well together and complement each other.”

A twist of fate

Hannah’s passion for cybersecurity is apparent; her face lights up when she talks about the challenges and payoffs of cyber. “There’s always something new to learn,” she said. “I think that’s very rewarding — the idea that you’re always learning something new, and you can take your career in whatever direction you’d like.”

It’s hard to imagine Hannah working in any other field, but before she caught the IT bug, she planned to pursue a career in legal.

“When I was in college, I thought about going to law school or teaching,” she said. “I took a part-time job on campus doing break-fix repairs for student computers, so that’s where I first found my passion for working with technology, and I started to go that direction and get more interested in the IT side.”

The rest, as they say, is history, and law school’s loss turned out to be Varonis’ gain.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
Speed Data: The Principles of GRC With Hannah DeWane
Hannah DeWane at Varonis shares her day-to-day world of security audits and the wonderful world of risk management.
Cybersecurity Maturation Model Certification 2.0: How Varonis Ensures Certification for Defense Contractors
Varonis can help you achieve compliance and implement the Cybersecurity Maturity Model Certification 2.0 (CMMC) program to safeguard cybersecurity across the government’s DIB.
Meta's $1.3B Fine: What can Happen if you Don’t Monitor Your PII
Continuous discovery and data monitoring critical to identify misplaced PII.
HIPAA Compliance: Your Complete 2023 Checklist
Is your organization ready to comply with 2023 HIPAA updates and changes? Ensure HIPAA compliance with your comprehensive 2023 checklist.