Shows
GRC Engineering PodcastThird-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi | Experts PanelIn this premiere episode of the GRC Engineering Podcast Experts Panel, host Ayoub Fandi brings together three seasoned Third-Party Risk Management (TPRM) practitioners to discuss the real-world challenges and innovations in vendor security assessment.Our expert panelists:McKenna Yeakey (Netflix) - TPRM professional with previous experience at Splunk and SamsaraKristi Hoffmaster - TPRM practitioner with experience at OktaBlake Hoge (Airbnb) - TPRM professional with previous experiences at Instacart and SalesforceThey dive deep into the practical realities of TPRM, exploring:How to optimise questionnaires for different vendor risk tiersStrategies for balancing speed and thoroughness in assessmentsThe evolving value of SOC 2...2025-05-201h 07
GRC Engineering PodcastThe Unfiltered GRC Automation Roundtable: 7 Platform Executives on Enterprise GRC & CommoditisationIn this groundbreaking episode of the GRC Engineering Podcast, we bring together executives from the 7 leading GRC automation platforms for an unprecedented discussion on the future of compliance automation. For the first time ever, leaders from Vanta, Drata, Anecdotes, Secureframe, Sprinto, Scrut Automation, and Thoropass share the same virtual stage to debate critical industry topics, challenge common assumptions, and share their visions for the future of GRC.Featured Guests:Jake Bernardes - CISO, AnecdotesMatt Hillary - CISO, DrataJeremy Epling - Chief Product Officer, VantaShrav Mehta - Founder & CEO, SecureframeGirish Redekar - Co-founder & CEO, SprintoNicholas Muy - CISO, Scrut AutomationAndrew...2025-03-251h 52
Cyber Stories PodcastGovernance, Risk & Compliance (GRC) Engineering with Ayoub Fandi | EP. 24A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering. Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technical and introduce GRC engineering, which uses engineering practices to enhance governance, risk, and compliance. We highlight the shift in GRC professionals' backgrounds and how technical skills improve GRC workflows. We also emphasize the importance of cybersecurity knowledge in GRC roles and what it means to operate...2025-03-201h 04
GRC Engineering PodcastScaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribeIn this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile.Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compliance into engineering-driven programs that scale with modern technology companies. Drawing from over a decade of experience across tech, fintech, telecom, and AI, she provides practical strategies for building GRC Engineering...2025-03-1857 min
Security & GRC DecodedEngineering Better Relationships: Why We Should Shift GRC Left w/ Ayoub Fandi @ GitlabIn this episode of Security & GRC Decoded, host Raj Krishnamurthy (CEO of ComplianceCow) sits down with Ayoub Fandi, a Staff Security Assurance Engineer at GitLab and co-author of the GRC Engineering Manifesto, for a deep dive into the evolution of GRC through an engineering lens. Ayoub shares how his background in consulting and cloud-native startups led him to question the traditional, checklist-heavy approach to GRC—and why embracing real-time data, automation, and developer-friendly processes is the key to building stronger security and compliance programs. He also reveals his controversial perspective on external certifications—explaining why they can some...2025-03-0652 min
Bare Knuckles and Brass TacksGRC Engineering: The Manifesto and Beyond!This week we dive into GRC Engineering with Justin Pagano, Emre Ugurlu, and returning guest Terra Cooke, three of minds behind the new GRC Engineering Manifesto.We tackle: Why GRC folks are engineers (yes, really!) Moving beyond "legacy GRC" into systems thinking Building GRC tools that engineers actually want to use The intersection of AI and compliance automationThis one gets nerdy! But if you want to understand how modern organizations can take a systems-based approach to governance while keeping engineers happy, this episode is for you.Check out the manifesto and repo...2025-01-2759 min
GRC Engineering PodcastAI Agents as the next GRC Frontier w/ Shruti Gupta from Zania | S2E2To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer.2024-12-021h 06
GRC Engineering PodcastIs GRC Engineering the next DevSecOps? w/ Justin from Klaviyo | S2E1Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo.
Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative.
He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk, and compliance and how GRC Engineering could be the next DevSecOps.
Be warned, TPRM is taking repeated hits in this...2024-10-2157 min
GRC Engineering PodcastGRC Engineering Podcast? The Who, the Why and the What w/ Ayoub Fandi | S1E1Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.2024-10-1910 min
GRC Engineering PodcastGenesis of a GRC Engineering program w/ Akshay Finney from Zoom | S1E6Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GRC objectives2024-03-0451 min
GRC Engineering PodcastGetting Technical about Compliance w/ Vic Bhatia from ComplianceFoundry.ai | S1E5Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud. 2024-02-1254 min
GRC Engineering PodcastOvercome your GRC challenges w/ Chris Hughes and Lloyd Evans from Aquia | S1E4With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.2024-01-0949 min
GRC Engineering PodcastThink in Systems w/ Simon Goldsmith from OVO | S1E3Episode Summary
In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail.
Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced environments.
The discussion dives deep into the challenges of balancing speed and security, the importance of collaboration in regulatory compliance, and how personal responsibility for CISOs is...2023-12-1456 min
GRC Engineering PodcastEngineering your GRC program w/ Charles Nwatu from Netflix | S1E2Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.2023-11-2851 min
The Cyber Security Recruiter PodcastThe Cyber Security Recruiter talks to Doron Samuel, Compliance Manager, Keystone Cyber ProtectionAnother week & yet another brand new episode of The Cyber Security Recruiter Podcast ……….Doron Samuel of Keystone Cyber Protection you were the man.Thank you so much for your time & awesome tips……..Massive appreciation from me for taking part in the Q&A afterwards. & huge thank you for giving the community awesome tips of how to break into cyber security 😍✌️This was a brilliant chat with Doron who has so much great advice.We did this on a Linkedin Live so the recording quality not perfect, but this is a fantast...2023-10-051h 08
The Cyber Security Recruiter PodcastThe Cyber Security Recruiter talks to Doran Samuel, Compliance Manager, Keystsone Cyber Protection This was a brilliant chat with Doran, who has so much great advice.We did this on a Linkedin Live so the recording quality not so good, but a fantastic episode. Doran referred to the following: 1. Jay Shetty - https://jayshetty.me/ 2. Ariel Evans - https://www.linkedin.com/in/marielevans/ 3. Ayoub Fandi - https://www.linkedin.com/in/ayoubfandi/ Also worth checking out for great GRC resources - AJ Yawn (https://www.linkedin.com/in/ajyawn/) and Troy Fine (https://www.linkedin.com/in/troyjfine/)2023-10-051h 08