Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance

In this episode of Absolute AppSec, Nathan Hunstad, Director of Security at Vanta, discusses the intersection of security policy, governance, and technical defense. Drawing on his unique background in political science and the Minnesota state legislature, Hunstad argues that policy acts as the essential "conductor" for an organization's security tools. A major theme of the conversation is the challenge of compliance for startups, with the group advising founders to prioritize business survival and basic security hygiene—like password managers and IAM—before pursuing intensive certifications like SOC 2. The discussion also explores how AI is accelerating both development velocity and the ability to automate tedious security questionnaires. Furthermore, Hunstad contrasts the security posture of modern, cloud-native startups against legacy enterprises, noting that older organizations often struggle with "dark corners" of un-inventoried, vulnerable legacy tech. The episode concludes with a critique of outdated authentication standards, specifically advocating for the removal of mandatory password rotation in favor of NIST-aligned, phishing-resistant MFA.

You can listen to Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance online on Radio and Podcast. Open the player on this page to stream the available audio.

Episode 309 - w/ Nathan Hunstad - Compliance, Security Governance is an episode from Absolute AppSec by Ken Johnson and Seth Law.

The episode duration depends on the source podcast feed and may not always be available.

This episode was published on Jan 20, 2026.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Absolute AppSec when more episodes are available from the podcast feed.