In this episode of Security and GRC Decoded, Raj Krishnamurthy sits down with Andrew Spangler, Director of Security and GRC at Harness, to explore how compliance engineering can go far beyond checkboxes—and actually drive innovation.

Andrew shares his journey from building the compliance engineering function at Datadog to scaling automation and visibility across the SDLC at Harness. He dives into how using internal platforms for security workflows (aka “drinking your own champagne”) can unlock time savings and risk reduction, especially in areas like vulnerability management and secure software delivery.

Key Takeaways:

✅ How compliance automation builds credibility and supports innovation.

✅ Lessons from building compliance engineering at Datadog.

✅ Harnessing the power of SBOMs and supply chain security.

✅ Practical uses of generative AI and ChatGPT for GRC workflows.

✅ The future of democratized threat modeling.

✅ Advice for new grads entering security and GRC.

✅ Podcast recommendations that go beyond the security bubble.

Whether you're leading a GRC team or just getting started in the field, this conversation will expand how you think about security, compliance, and the role of curiosity in technical leadership.

Listen now to learn how modern GRC teams are shaping the future of secure software delivery.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Learn More About How ComplianceCow Can Help Your GRC Team Today!
Click Here 👉https://www.compliancecow.com/

🚀 Enjoying The Show?! 🚀

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More / Connect with Andrew Spangler

If you enjoyed this conversation and want to learn more about Andrew Spangler, connect with him directly:

💼 LinkedIn: https://www.linkedin.com/in/atspangler/
🌐 Company: https://www.harness.io/