In this episode of The CTO Show with Mehmet, I sit down with Lori Crooks, CEO of Cadra, to explore the evolving world of compliance and cybersecurity. From FedRAMP and SOC 2 to the latest AI regulations, Lori breaks down why compliance matters, where companies often go wrong, and how startups can use compliance as a competitive advantage.

We also dive into Lori’s entrepreneurial journey as a solo founder in a male-dominated industry, her lessons learned in building Cadra, and her advice for the next generation of founders and leaders.

About Lori Crooks

Lori Crooks is the founder and CEO of Cadra, a consultancy specializing in cybersecurity compliance. With 20+ years of experience spanning government, accounting, and technology, Lori helps organizations navigate complex frameworks such as FedRAMP, SOC 2, ISO, PCI DSS, and HIPAA. Beyond compliance, she is passionate about mentoring women in cybersecurity and building the next wave of leaders in the field.

Key Takeaways

• Why compliance is more than just checking a box

• The most misunderstood aspects of frameworks like FedRAMP, SOC 2, and HIPAA

• The hidden risks of third-party vendors and supply chains

• How startups can prepare for compliance before selling to enterprise or government customers

• The role of training programs in preventing human-factor breaches

• The cultural balance between security and productivity

• How AI and automation are reshaping compliance audits and regulations

• Lori’s entrepreneurial lessons as a solo founder in cybersecurity

What You’ll Learn

Listeners will gain practical insights into:

• Building and maintaining compliance readiness year after year

• Protecting customer data as a startup or SME

• Evaluating and managing third-party vendor risks

• Implementing effective employee security awareness programs

• Understanding emerging AI compliance frameworks like ISO 42001 and NIST’s AI Cybersecurity Framework

• Finding your niche and building credibility in a competitive industry

Episode Highlights

• [00:04] Lori’s journey from accounting to cybersecurity

• [00:07] Why FedRAMP is the toughest compliance framework today

• [00:11] The ongoing nature of compliance (not a one-time project)

• [00:13] Third-party vendor risks and real-world examples

• [00:17] Security training programs that actually stick

• [00:21] Balancing compliance with company culture

• [00:23] AI and automation in compliance audits

• [00:26] Are we ready for AI regulation?

• [00:29] Data leaks, LLMs, and employee training

• [00:30] Lori’s entrepreneurial journey as a solo founder

• [00:33] Competing with Big Four consultancies by finding a niche

• [00:36] Encouraging more women in cybersecurity

• [00:38] Advice for startup founders on what not to neglect

Resources Mentioned

• Cadra – www.cadra.com

• Connect with Lori Crooks on LinkedIn: https://www.linkedin.com/in/lori-crooks/