Shows
GRC EngineerGRC meets Enterprise Security: TPRM, Compliance, Zero Trust and M&A w/ Kane Narraway from CanvaParamify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc---What happens when you have to merge three operating systems, satisfy FedRAMP requirements, and keep engineers happy whilst building enterprise security at scale?In this episode, Kane Narraway, previously leading enterprise security at Atlassian, building Zero Trust at Shopify, and now running enterprise security at Canva, shares battle-tested insights on the intersection of GRC and enterprise security.Kane's unique perspective...
2025-12-021h 06
GRC EngineerBeyond the Screenshot: Why Auditors Don't Trust Platforms & What Quality Really Costs w/ Troy FineParamify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc---Troy Fine has conducted hundreds of SOC 2 audits over 15 years. In this conversation, he reveals uncomfortable truths about the audit market that most practitioners won't discuss openly.His most explosive admission: "Nobody can measure audit quality." Not TPRM teams. Not buyers. Not even auditors themselves. You're not paying for quality - you're paying for brand recognition.We cover:**The Evidence Trust Problem**Why auditors trust screenshots but not platform automation, the middleware accountability gap that makes audit firms uncomfortable, and what professional...
2025-11-111h 09
GRC EngineerFrom Checklists to Code: Engineering the Future of FedRAMP w/ Pete WatermanParamify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc.To get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribeWrong ink colours. $300,000 authorizations. Congressional investigations within the first month. How do you fix federal compliance from the inside?In this episode, Pete Waterman, Director of FedRAMP, shares how he's applying 20+ years of engineering experience to rebuild federal authorization from first principles. What started with "violent hatred" of the programme has become one of the most significant...
2025-10-281h 43
GRC EngineerRebuilding GRC from Scratch: Build-First Engineering w/ Emre & Chad from DockerTo get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribeHow do you build a modern GRC programme when you inherit processes designed for a team three times your size, in an organisation where "compliance frameworks were owning us instead of us owning them"?In this episode, Emre Ugurlu and Chad Fryer from Docker share their journey transforming compliance, risk, and customer trust functions over the past six months through relentless automation, AI-assisted development, and a ruthless focus on user experience.Emre previously spent 3.5 years at Plaid...
2025-10-141h 13
Risk is Our BusinessWarp Cores and GRC Engineering: Designing the Future with Ayoub FandiIn this transmission of Risk Is Our Business, Captain Michael Rasmussen connects across the comms with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the GRC Engineer Podcast and Newsletter, for a deep dive into what might be the next frontier of governance, risk, and compliance: GRC engineering.
Ayoub explains what GRC engineering is, what it does, and the value it provides, moving GRC away from after-the-fact verification and closer to the design phase, where software engineering problem-solving can be applied to solve long-standing compliance and assurance challenges. Together, they map out the c...
2025-09-0819 min
GRC EngineerUnfiltered conversation with a GRC Software Engineer w/ Varun Gurnaney, Staff Security EngineerCheck out grcengineer.com to learn more!SummaryIn this engaging conversation, Ayoub Fandi and Varun Gurnaney explore the evolving landscape of Governance, Risk, and Compliance (GRC) engineering. Varun shares his unique journey from cybersecurity to GRC, emphasizing the importance of automation and collaboration between engineering and compliance teams. They discuss the challenges faced in GRC, the philosophical aspects of risk management, and the future of compliance in a rapidly changing technological environment. The dialogue highlights the need for a more integrated approach to security and compliance, advocating for a shift towards real-time assessments and a deeper understanding of the...
2025-09-0657 min
GRC EngineerThe GRC Engineering Blueprint for the Public Sector w/ Dr. Ibrahim Waziri Jr. from GoogleTo learn more, check out grcengineer.comSummaryIn this episode, Dr. Ibrahim Waziri Jr. shares his extensive experience in GRC engineering and cybersecurity, discussing the evolution of compliance from static documentation to dynamic, automated processes. He emphasizes the importance of GRC engineering in bridging different governance models and enhancing operational efficiency. The conversation also explores the challenges of bureaucracy in the public sector and the need for innovation in compliance practices. Dr. Waziri highlights the future of GRC engineering, focusing on regulatory acceleration and the potential for global...
2025-08-261h 09
GRC EngineerDeep-dive on Cyber Risk Quantification and GRC w/ Tony Martin-Vegue from NetflixTo learn more, go to grcengineer.comSummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering. They discuss Tony's career journey from IT to risk management, the importance of cyber risk quantification, and the interplay between governance, risk, and compliance. Tony shares insights on the benefits of risk assessments for various stakeholders, the role of AI in enhancing risk quantification, and practical tips for those looking to start their journey in cyber risk quantification. The conversation also touches on the...
2025-07-291h 02
GRC EngineerBeyond the API: GRC Engineering in the Real World w/ Ange Ferrari, CISO/SVP @ METRO AGWant more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribeIn this insightful episode of the GRC Engineering Podcast, host Ayoub Fandi sits down with Ange Ferrari, SVP & CISO at Metro Group, for a deep dive into how GRC has evolved over two decades and what it takes to scale security programs globally.Our expert guest:Ange is a security leader with 20+ years experience across public sector, retail giants (Carrefour, IKEA), AWS EMEA, and now leading security for a...
2025-07-011h 08
GRC EngineerThird-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi | Experts PanelWant more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribeIn this premiere episode of the GRC Engineering Podcast Experts Panel, host Ayoub Fandi brings together three seasoned Third-Party Risk Management (TPRM) practitioners to discuss the real-world challenges and innovations in vendor security assessment.Our expert panelists:McKenna Yeakey (Netflix) - TPRM professional with previous experience at Splunk and SamsaraKristi Hoffmaster - TPRM practitioner with experience at OktaBlake Hoge (Airbnb) - TPRM professional with previous experiences at Instacart and SalesforceThey dive...
2025-05-201h 07
GRC EngineerThe Unfiltered GRC Automation Roundtable: 7 Platform Executives on Enterprise GRC & CommoditisationIn this groundbreaking episode of the GRC Engineering Podcast, we bring together executives from the 7 leading GRC automation platforms for an unprecedented discussion on the future of compliance automation. For the first time ever, leaders from Vanta, Drata, Anecdotes, Secureframe, Sprinto, Scrut Automation, and Thoropass share the same virtual stage to debate critical industry topics, challenge common assumptions, and share their visions for the future of GRC.Featured Guests:Jake Bernardes - CISO, AnecdotesMatt Hillary - CISO, DrataJeremy Epling - Chief Product Officer, VantaShrav Mehta - Founder & CEO, SecureframeGirish Redekar - Co-founder & CEO, SprintoNicholas Muy - CISO, Scrut AutomationAndrew...
2025-03-251h 52
Cyber Stories PodcastGovernance, Risk & Compliance (GRC) Engineering with Ayoub Fandi | EP. 24A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering. Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technical and introduce GRC engineering, which uses engineering practices to enhance governance, risk, and compliance. We highlight the shift in GRC professionals' backgrounds and how technical skills improve GRC workflows. We also emphasize the importance of cybersecurity knowledge in GRC roles and what it means to operate...
2025-03-201h 04
GRC EngineerScaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribeIn this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile.Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compliance into engineering-driven programs that scale with modern technology companies. Drawing from over a decade of experience across tech, fintech, telecom, and AI, she provides practical strategies for building GRC Engineering...
2025-03-1857 min
Security & GRC DecodedEngineering Better Relationships: Why We Should Shift GRC Left w/ Ayoub Fandi @ GitlabIn this episode of Security & GRC Decoded, host Raj Krishnamurthy (CEO of ComplianceCow) sits down with Ayoub Fandi, a Staff Security Assurance Engineer at GitLab and co-author of the GRC Engineering Manifesto, for a deep dive into the evolution of GRC through an engineering lens. Ayoub shares how his background in consulting and cloud-native startups led him to question the traditional, checklist-heavy approach to GRC—and why embracing real-time data, automation, and developer-friendly processes is the key to building stronger security and compliance programs. He also reveals his controversial perspective on external certifications—explaining why they can some...
2025-03-0652 min
Bare Knuckles and Brass TacksGRC Engineering: The Manifesto and Beyond!This week we dive into GRC Engineering with Justin Pagano, Emre Ugurlu, and returning guest Terra Cooke, three of minds behind the new GRC Engineering Manifesto.We tackle: Why GRC folks are engineers (yes, really!) Moving beyond "legacy GRC" into systems thinking Building GRC tools that engineers actually want to use The intersection of AI and compliance automationThis one gets nerdy! But if you want to understand how modern organizations can take a systems-based approach to governance while keeping engineers happy, this episode is for you.Check out the manifesto and repo...
2025-01-2759 min
GRC EngineerAI Agents as the next GRC Frontier w/ Shruti Gupta from Zania | S2E2To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer.
2024-12-021h 06
GRC EngineerIs GRC Engineering the next DevSecOps? w/ Justin from Klaviyo | S2E1Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo.
Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative.
He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk, and compliance and how GRC Engineering could be the next DevSecOps.
Be warned, TPRM is taking repeated hits in this...
2024-10-2157 min
GRC EngineerGRC Engineering Podcast? The Who, the Why and the What w/ Ayoub Fandi | S1E1Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.
2024-10-1910 min
GRC EngineerGenesis of a GRC Engineering program w/ Akshay Finney from Zoom | S1E6Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GRC objectives
2024-03-0451 min
GRC EngineerGetting Technical about Compliance w/ Vic Bhatia from ComplianceFoundry.ai | S1E5Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud.
2024-02-1254 min
GRC EngineerOvercome your GRC challenges w/ Chris Hughes and Lloyd Evans from Aquia | S1E4With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.
2024-01-0949 min
GRC EngineerThink in Systems w/ Simon Goldsmith from OVO | S1E3Episode Summary
In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail.
Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced environments.
The discussion dives deep into the challenges of balancing speed and security, the importance of collaboration in regulatory compliance, and how personal responsibility for CISOs is...
2023-12-1456 min
GRC EngineerEngineering your GRC program w/ Charles Nwatu from Netflix | S1E2Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.
2023-11-2851 min
The Cyber Security Recruiter PodcastThe Cyber Security Recruiter talks to Doron Samuel, Compliance Manager, Keystone Cyber ProtectionAnother week & yet another brand new episode of The Cyber Security Recruiter Podcast ……….Doron Samuel of Keystone Cyber Protection you were the man.Thank you so much for your time & awesome tips……..Massive appreciation from me for taking part in the Q&A afterwards. & huge thank you for giving the community awesome tips of how to break into cyber security 😍✌️This was a brilliant chat with Doron who has so much great advice.We did this on a Linkedin Live so the recording quality not perfect, but this is a fantast...
2023-10-051h 08
The Cyber Security Recruiter PodcastThe Cyber Security Recruiter talks to Doran Samuel, Compliance Manager, Keystsone Cyber Protection This was a brilliant chat with Doran, who has so much great advice.We did this on a Linkedin Live so the recording quality not so good, but a fantastic episode. Doran referred to the following: 1. Jay Shetty - https://jayshetty.me/ 2. Ariel Evans - https://www.linkedin.com/in/marielevans/ 3. Ayoub Fandi - https://www.linkedin.com/in/ayoubfandi/ Also worth checking out for great GRC resources - AJ Yawn (https://www.linkedin.com/in/ajyawn/) and Troy Fine (https://www.linkedin.com/in/troyjfine/)
2023-10-051h 08