Governance, Risk & Compliance (GRC) Engineering with Ayoub Fandi | Cyber Stories Podcast EP 24

Summary: The video discusses the evolution and significance of Governance, Risk, and Compliance (GRC) in the field of cybersecurity, featuring a conversation with Ayou, a staff Security Assurance Engineer at GitLab. Ayou highlights the transition of GRC from being perceived as a non-technical aspect to a more engineering-driven discipline that incorporates automation and continuous monitoring. The episode emphasizes the importance of GRC in bridging the gaps between business, engineering, and security teams, ensuring compliance while fostering a culture of security at scale.

Keypoints:

• The GRC role serves as a conduit between business and engineering teams within cybersecurity.
• Ayou shares his background in cybersecurity, initially transitioning from economics and linguistics into the field.
• The discussion highlights GRC’s evolution and the importance of understanding GRC engineering, which leverages automation and software practices.
• The backgrounds of GRC professionals are shifting, with fewer coming from traditional audit backgrounds and more from cybersecurity domains such as detection and response.
• Automation and engineering practices are increasingly being applied to GRC, enhancing its relevance and efficiency in modern cybersecurity operations.
• Ayou emphasizes the necessity of technical knowledge in GRC roles to better engage with engineering and security operations teams.
• Opportunities in GRC engineering are expanding and evolving, encouraging professionals to remain adaptable and innovative.
• Ayou encourages newcomers to the GRC field to focus on understanding control objectives rather than merely memorizing frameworks.
• Hands-on projects, such as implementing security controls in personal environments, can enhance practical experience in GRC.
• The episode concludes with a call to action for aspiring GRC professionals to engage with the community and pursue opportunities in this evolving field.