In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Ayoub Fandi, GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter.

As AI reshapes how security teams operate, many GRC programs are still built around audits, frameworks, and compliance driven workflows. Ayoub explains why this model is quickly losing relevance and why simply automating existing processes often leads to solving the wrong problems faster.

The conversation explores how security teams need to rethink their operating models in an AI driven world. Nate and Ayoub discuss the shift from compliance driven programs to risk driven decision making, and why teams must move beyond audit cycles and start rebuilding workflows from first principles.

They also examine how AI is changing the nature of work inside security, why compliance is becoming table stakes, and why risk management remains one of the most complex and human parts of security. This shift is forcing organizations to rethink how they approach workflows, decision making, and collaboration across teams.

Beyond tooling, the discussion dives into systems thinking, stakeholder alignment, and how GRC teams can become more embedded within engineering, security, and the broader business.

This episode is essential listening for CISOs, security leaders, engineers, and practitioners navigating AI driven change, modern security architecture, and the evolving role of security teams.

Listen and Subscribe
Spotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=c862255fc2b84d12

Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699

YouTube - https://youtube.com/@TPRMPodcast

Episode Sponsor
This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews.

TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms.

Learn more at https://trustmind.com

About the Guest
Ayoub Fandi is the GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter. He focuses on rethinking how governance, risk, and compliance evolve in an AI driven world.

His work centers on applying systems thinking, automation, and engineering principles to modernize GRC programs and better align them with modern security practices.

About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth.

About the Show
The TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk.

Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.