Rethinking SOC 2 & GRC | Ctrl-Alt-Secure S4E16 ft. Emma Lawler & AJ Yawn
カートのアイテムが多すぎます
カートに追加できませんでした。
ウィッシュリストに追加できませんでした。
ほしい物リストの削除に失敗しました。
ポッドキャストのフォローに失敗しました
ポッドキャストのフォロー解除に失敗しました
-
ナレーター:
-
著者:
In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Emma Lawler and AJ Yawn from Rippling to explore the evolving world of Governance, Risk, and Compliance (GRC) and why modern organizations need to rethink how they approach SOC 2 audits, security evidence, and compliance operations.
Emma and AJ share insights into how companies can move away from manual, checkbox-driven compliance processes and toward engineering-driven security programs powered by automation, transparency, and first-party data. Rather than treating GRC as a once-a-year project, the conversation focuses on building systems that continuously improve security posture while reducing friction between companies, auditors, and operational teams.
The discussion dives into why automation should not be confused with reduced rigor, the importance of maintaining auditor independence, and how organizations can shift compliance “to the left” by embedding security into operational workflows instead of treating it as a final hurdle.
Valentina, Emma, and AJ also explore the cultural side of compliance, including why findings should be viewed as actionable signals for improvement rather than blame, and how organizations can design systems where compliance efforts compound over time instead of restarting from scratch every audit cycle.
Key topics covered:
• Why SOC 2 is more than a compliance checkbox
• Engineering compliance instead of documenting compliance
• The role of automation and first-party data in modern GRC
• Why auditor independence still matters
• Shifting security and compliance earlier into operational workflows
• Treating GRC as a continuous product instead of a yearly project
• Building scalable systems that reduce long-term audit fatigue
• Turning security findings into opportunities for improvement
Who should listen:
This episode is ideal for security leaders, compliance professionals, auditors, startup founders, IT teams, and anyone looking to build more sustainable and scalable security and compliance programs.
About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.
🔗 Learn more about Red Sentry: https://redsentry.com/
🔗 Learn more about Rippling: https://www.rippling.com/
Find more about Red Sentry.