Prioritizing governance, risk and compliance in cybersecurity programs By Ian Massingham, Amazon Web Services