Navigating Compliance in the Age of Cybersecurity

Kate Williams

Why SOC 2, AI risk, and compliance timing matter earlier than most startups expect.

Episode 1

Runtime: 39:08

January 5^th, 2026

In this episode of Crushing It, host Jonathan Trimble sits down with Kate Williams, a partner in the risk assurance and advisory practice at Maxwell Lock and Ritter, to explore how compliance expectations are changing for growing companies—and why startups are being asked to prove trust much earlier than they expect.

Kate shares what she’s seeing across fintech, health tech, and other regulated industries, including why SOC 2 has become a prerequisite for winning enterprise customers, how founders should think about timing their compliance efforts, and the practical differences between SOC 2 Type 1 and Type 2 reports. She also discusses the risks of last-minute, deadline-driven compliance and how better readiness can prevent costly fire drills.

The conversation expands into the impact of AI on compliance and cybersecurity, including emerging risks associated with shadow AI and the importance of building clear guardrails as organizations adopt new technologies.

This episode offers practical insights for founders, executives, and advisors who want to scale responsibly, manage risk, and build trust with customers in an increasingly complex cyber and regulatory environment.

Why SOC 2 is appearing earlier in startup growth cycle
The difference between SOC 2 Type 1 and Type 2 — and when each matters
How AI and shadow AI are changing compliance expectations
Why readiness beats last-minute audits

From the Conversation

Kate shares when startups should begin preparing for SOC 2—and why waiting for a customer deadline creates unnecessary risk.

“Navigating the compliance landscape is crucial for growth, especially for tech startups dealing with sensitive data.”

“While AI can enhance efficiency, it also introduces new vulnerabilities.”

“Preparing for SOC 2 early can save you from a scramble later, ensuring you’re ready when big clients come knocking.”

Kate Williams

Kate Williams Eye, CPA, CISA

Risk Assurance & Advisory Partner

Maxwell Locke & Ritter

About the Guest

Kate Williams, CPA, CISA, is a Partner in the Risk Assurance & Advisory practice at Maxwell Locke & Ritter. She works with startups and growing organizations—particularly in fintech, healthcare, and other regulated industries—to navigate SOC readiness, compliance strategy, and risk management as they scale.

Kate brings a practical, business-focused approach to compliance, helping leadership teams understand when to engage in SOC 2 efforts, how to prepare effectively, and how evolving risks—such as AI and shadow AI—fit into today’s assurance expectations.

About the Hosts

Jonathan Trimble

Jon is a former FBI Special Agent and cybersecurity executive whose career focused on intelligence, analytics, and technology development. A graduate of the U.S. Coast Guard Academy, he brings a strategic, systems-level perspective to how leaders understand risk and make decisions in complex environments.

Jonathan Trimble

Robert Cochran

Rob is a former FBI Special Agent who led and supported extensive international cyber investigations involving complex threat actors and cross-border risk. A graduate of the U.S. Military Academy at West Point, he brings an operational, real-world lens to conversations about resilience, accountability, and leadership under pressure.