In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Stas Bojoukha, founder and CEO of Compyl, to explore a different way of thinking about governance, risk, and compliance.
The conversation begins with what makes Compyl stand out in a crowded market and the kinds of real-world use cases organizations rely on it to solve today. From there, Michael and Stas dive into the idea of GRC Engineering and what it actually means, who it’s for, and why it extends far beyond the IT security function.
Along the way, they unpack a bigger shift happening in the industry. If the role of “information security” alone is no longer enough, what comes next? Michael makes the case that the CISO role is evolving toward something broader, a digital risk and resilience leader responsible for delivering digital trust—a concept that closely aligns with how Compyl approaches GRC.
They also tackle AI, one of the most discussed and misunderstood topics in the market. The discussion separates real, practical applications of agentic AI in GRC from the marketing smoke and mirrors surrounding it, highlighting where Compyl sees genuine value today and where the industry still has work to do.
The episode closes with some of Compyl’s most challenging use cases and a look toward the future, and discuss how the platform may evolve by 2030 as organizations continue to rethink how they manage risk, resilience, and trust in an increasingly digital world.
In a galaxy full of frameworks, acronyms, and automation promises, this conversation focuses on building GRC systems that actually work.
