Keith Smith

Director of Cybersecurity GRC
Speaker on enterprise security, risk, and what actually works in practice

I’m a Director of Cybersecurity Governance, Risk, and Compliance in the healthcare sector, responsible for enterprise-level security across multiple business units.My work focuses on building and scaling security programs that operate in real-world conditions. That means balancing regulatory requirements, business priorities, and operational constraints without losing sight of actual risk.I regularly work with executive leadership to translate technical risk into business decisions, and my speaking focuses on practical approaches to security that work outside of idealized frameworks.My background spans both governance and operational security, which shapes how I approach building programs that actually work in real environments.

Speaking Topics

Who Really Owns Risk? Fixing the Biggest Lie in CybersecurityMost organizations say “the business owns the risk,” but few actually operate that way. This talk breaks down where that model fails in practice and how to implement risk ownership that works in real environments.Audience: Security leaders, GRC professionals, executives

GRC on a Budget: Building a Security Program Without Enterprise SpendNot every organization has unlimited tools and headcount. This session walks through how to build effective governance, risk, and compliance capabilities using practical, low-cost approaches.Audience: Small to mid-size security teams, new GRC leaders

Tabletop Exercises That Don’t SuckMost tabletop exercises are unrealistic, overcomplicated, or ignored. This session shows how to design and run engaging, effective exercises using simple, accessible methods.Audience: Security, IT, and risk teams

Compliance vs Security: Where They Clash and How to Fix ItCompliance frameworks don’t always align with real security outcomes. This talk explores the gap and how to build programs that satisfy both without wasting effort.Audience: GRC, audit, compliance professionals

Speaking & Professional Experience
• BSides SWFL (2025)
• BSides St. Pete (2025)
• BSides Orlando (2024)
• Thycotic Unlocked (2019)
• Enterprise security and risk briefings to executive leadership
• Cross-functional leadership presentations across IT, Legal, and Operations
• Security program development and advisory at enterprise scale
• Guest speaker for cybersecurity and college programs on careers in the field
• Mentor to graduating students entering cybersecurity roles

What to Expect
• Practical, real-world examples
• Clear explanations without jargon
• Honest discussion of what works and what doesn’t
• Actionable takeaways you can actually use
• Focused on real world application, not ideal-state theory