To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Tech Business Raj Krishnamurthy
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Security & GRC Decoded « »
Engineering Better Relationships: Why We Should Shift GRC Left w/ Ayoub Fandi @ Gitlab

52:30
 
Play
Playing
Share
 

MP3Episode home
Manage episode 478479483 series 3660899
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In this episode of Security & GRC Decoded, host Raj Krishnamurthy (CEO of ComplianceCow) sits down with Ayoub Fandi, a Staff Security Assurance Engineer at GitLab and co-author of the GRC Engineering Manifesto, for a deep dive into the evolution of GRC through an engineering lens. Ayoub shares how his background in consulting and cloud-native startups led him to question the traditional, checklist-heavy approach to GRC—and why embracing real-time data, automation, and developer-friendly processes is the key to building stronger security and compliance programs.

He also reveals his controversial perspective on external certifications—explaining why they can sometimes feel overrated—and makes the case for continuous, risk-based assurance that truly reflects an organization’s security posture. If you’ve ever felt the “cognitive dissonance” of outdated compliance controls in a modern engineering world, this conversation is a must-listen.

Key Takeaways
Bridging the Gap with Engineering: How GRC teams can embed themselves into developers’ workflows (e.g., JIRA, pull requests) to gain more accurate data and achieve real-time compliance insights.
Continuous vs. Annual Audits: The advantages of leveraging APIs and automation to monitor control effectiveness in near real-time, instead of relying on point-in-time evidence.
Rethinking External Certifications: Why these certifications can be a misleading representation of true security and how GRC professionals can ensure audits deliver real value.
Building a Modern GRC Program: Practical tips on designing policies and controls that align with fast-paced, cloud-native environments—minus the “waterfall mentality.”

Tune in to hear why GRC must evolve alongside today’s DevOps-driven world, and how you can unlock greater efficiency, credibility, and trust by adopting an engineering-first approach to governance, risk, and compliance.
🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More About How ComplianceCow Can Help Your GRC Team Today!

🎙️ Follow Ayoub Fandi:
Stay connected with Carlos’s insights and experiences by following him on LinkedIn:

  continue reading

8 episodes

#Tech #Business #Raj Krishnamurthy
Artwork

Engineering Better Relationships: Why We Should Shift GRC Left w/ Ayoub Fandi @ Gitlab

Security & GRC Decoded

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 478479483 series 3660899
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

In this episode of Security & GRC Decoded, host Raj Krishnamurthy (CEO of ComplianceCow) sits down with Ayoub Fandi, a Staff Security Assurance Engineer at GitLab and co-author of the GRC Engineering Manifesto, for a deep dive into the evolution of GRC through an engineering lens. Ayoub shares how his background in consulting and cloud-native startups led him to question the traditional, checklist-heavy approach to GRC—and why embracing real-time data, automation, and developer-friendly processes is the key to building stronger security and compliance programs.

He also reveals his controversial perspective on external certifications—explaining why they can sometimes feel overrated—and makes the case for continuous, risk-based assurance that truly reflects an organization’s security posture. If you’ve ever felt the “cognitive dissonance” of outdated compliance controls in a modern engineering world, this conversation is a must-listen.

Key Takeaways
Bridging the Gap with Engineering: How GRC teams can embed themselves into developers’ workflows (e.g., JIRA, pull requests) to gain more accurate data and achieve real-time compliance insights.
Continuous vs. Annual Audits: The advantages of leveraging APIs and automation to monitor control effectiveness in near real-time, instead of relying on point-in-time evidence.
Rethinking External Certifications: Why these certifications can be a misleading representation of true security and how GRC professionals can ensure audits deliver real value.
Building a Modern GRC Program: Practical tips on designing policies and controls that align with fast-paced, cloud-native environments—minus the “waterfall mentality.”

Tune in to hear why GRC must evolve alongside today’s DevOps-driven world, and how you can unlock greater efficiency, credibility, and trust by adopting an engineering-first approach to governance, risk, and compliance.
🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More About How ComplianceCow Can Help Your GRC Team Today!

🎙️ Follow Ayoub Fandi:
Stay connected with Carlos’s insights and experiences by following him on LinkedIn:

  continue reading

8 episodes

#Tech #Business #Raj Krishnamurthy

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play