A seasoned cybersecurity specialist, Tamara Lauterbach, MBA, currently serves as Senior GRC Specialist at Gong, where she leverages more than a decade of experience to strengthen organizational security and foster a culture of resilience.
At Gong, she drives governance, risk, and compliance strategies while advancing data security frameworks. Previously, as Cybersecurity Manager at Guthrie, she successfully led the organization to achieve HITRUST certification and implemented robust programs that elevated its overall security posture. Her expertise extends across multiple frameworks, including GDPR, ISO 27001, SOC 2, and HITRUST.
Her academic journey is equally impressive; Tamara earned a Bachelor of Arts from Argosy University, an MBA in Fraud & Forensics and Organizational Leadership from Carlow University, a Master of Public Health, and an M.S. in Information Technology and Systems. She is also deeply engaged with professional networks such as Women in CyberSecurity (WiCyS), InfraGard, and the Association of Certified Fraud Examiners (ACFE), where she advocates for collaboration, innovation, and diversity within the field.
To learn more about her career, we recently conducted the following interview:
Question: How did you get your start in technology?
Answer: I actually started my career in a Security Operations Center, working directly with tools like Splunk and Tenable. It was a really technical environment where every day was about protecting systems, monitoring activity, and responding to potential threats. That experience gave me a strong foundation and helped me see how technology touches every part of a business. Over time, I got more interested in how those same processes could be used to strengthen governance and compliance. That curiosity is what pushed me toward GRC work and building programs that connect technology, people, and business goals.
Q: What is your role at your company?
A: In my current role, I lead work around technology governance, third-party risk management, and compliance automation. My focus is on helping the company stay proactive about risk and regulatory requirements. I’ve developed internal control self-assessments that tie what we do every day to frameworks like NIST, ISO, SOC 2, and HITRUST. It’s all about making sure our systems and processes don’t just meet standards but also help the business run smarter and more efficiently.
Q: What areas of technology have you developed the most expertise in?
A: My background mixes hands-on security operations with governance and automation. I’ve spent a lot of time using tools like Splunk and
Tenable, and I’ve also built programs using GRC platforms such as Archer, AuditBoard, and Censinet. Over the years, I’ve learned how to connect data from these tools to help teams make better decisions. I really enjoy building systems that simplify risk and compliance so that they actually support the business instead of slowing it down.
Q: What trends are you tracking in these areas and why?
A: Right now, I’m really interested in how AI and automation are changing risk and compliance work. We’re starting to see smarter systems that can detect issues faster and even test controls automatically. I’m also following how frameworks like HITRUST are evolving to better fit organizations that rely on cloud and third-party environments. Another big trend is connecting GRC tools like Archer, AuditBoard, and Censinet with platforms like Splunk, so data flows more easily across teams. These changes are helping companies move from reacting to problems to actually predicting and preventing them.