In this episode of Security and GRC Decoded, Raj Krishnamurthy sits down with Andrew Spangler, Director of Security and GRC at Harness, to explore how compliance engineering can go far beyond checkboxes—and actually drive innovation.

Andrew shares his journey from building the compliance engineering function at Datadog to scaling automation and visibility across the SDLC at Harness. He dives into how using internal platforms for security workflows (aka “drinking your own champagne”) can unlock time savings and risk reduction, especially in areas like vulnerability management and secure software delivery.

Key Takeaways:

✅ How compliance automation builds credibility and supports innovation.

✅ Lessons from building compliance engineering at Datadog.

✅ Harnessing the power of SBOMs and supply chain security.

✅ Practical uses of generative AI and ChatGPT for GRC workflows.

✅ The future of democratized threat modeling.

✅ Advice for new grads entering security and GRC.

✅ Podcast recommendations that go beyond the security bubble.

Whether you're leading a GRC team or just getting started in the field, this conversation will expand how you think about security, compliance, and the role of curiosity in technical leadership.

Listen now to learn how modern GRC teams are shaping the future of secure software delivery.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Learn More About How ComplianceCow Can Help Your GRC Team Today!
Click Here 👉https://www.compliancecow.com/

🚀 Enjoying The Show?! 🚀

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More / Connect with Andrew Spangler

If you enjoyed this conversation and want to learn more about Andrew Spangler, connect with him directly:

💼 LinkedIn: https://www.linkedin.com/in/atspangler/
🌐 Company: https://www.harness.io/

In this episode, Raj Krishnamurthy sits down with Josh Bressers, VP of Security at Anchore and longtime leader in the open source security space. With decades of experience, Josh brings a candid and compelling perspective on everything from the chaos of early cybersecurity days to the nuanced challenges of SBOMs and compliance in today’s world.

Josh reflects on how he entered the security world before there were formal certifications or programs, how community and curiosity fuel innovation in open source, and why the relationships you build are often the most valuable asset in your career. He also dives into exciting new work with the SBOM Everywhere Working Group and shares how GenAI is helping categorize the sprawling ecosystem of SBOM tools.

Key Takeaways:
✅ GRC teams often overburden themselves with audits.

✅ Embracing a product manager mindset helps GRC teams drive security initiatives.

✅ Technical knowledge empowers GRC professionals to enhance security programs.

✅ Changing perceptions of GRC within organizations is crucial for success.

✅ Proactive strategies can elevate GRC’s role and reputation.

✅ Integrating privacy into GRC frameworks strengthens compliance efforts.

✅ High Trust certification is achievable on a budget.

✅ Automation can significantly improve GRC efficiency and reduce redundancy.

✅ Overlapping audit timelines minimizes disruption and streamlines processes.

✅ Discipline from endurance sports fosters focus, resilience, and growth.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Learn More About How ComplianceCow Can Help Your GRC Team Today!

🚀 Enjoying The Show?! 🚀

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More / Connect with Josh Bressers:
If you enjoyed this conversation and want to dive deeper into Josh Bressers’s insights on GRC, cybersecurity, and building effective security programs, connect with him directly:

💼 LinkedIn: https://www.linkedin.com/in/joshbressers/
🌐 Company: https://anchore.com/

In this episode, Raj Krishnamurthy sits down with Kieran Pierman, GRC & Security at Whatnot, and a former security, risk and compliance leader at Cruise and Dropbox, to explore fresh perspectives on Security & GRC.

Kieran opens with a bold stance: data breaches, while critical, aren't the top threat they used to be. Instead, he argues, maintaining availability and service uptime is now paramount. Drawing from his unique experience building the foundational GRC program at Cruise, a pioneering self-driving car company, Kieran reveals how managing cybersecurity risks took on profound urgency—literally life-and-death implications—when securing autonomous vehicles.

Throughout the conversation, Kieran shares actionable insights on:

✅ Why availability and uptime are today's most critical security priorities.

✅ How building GRC at Cruise required an uncompromising security posture due to the potential consequences of vehicle security breaches.

✅ Why GRC should be seen as an engineering discipline rather than a checkbox function.

✅ Practical strategies to shift GRC from a cost center to a profit-driving role.

✅ The importance of automation, technical fluency, and proactive risk management.

✅ Balancing preventative and detective controls to optimize both security and business agility.

✅ Tips on working effectively with auditors to enhance, rather than hinder, security maturity.

Tune in to learn how adopting a proactive, engineering-minded approach can elevate your GRC program from compliance-driven to business-critical.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Learn how ComplianceCow can enhance your GRC efforts today!

🚀 Enjoying the Show?! 🚀

Don't forget to rate, review, and subscribe to ensure you don't miss out on expert insights from industry leaders shaping the future of security and compliance.

Learn More / Connect with Kieran Pierman

💼 LinkedIn: Kieran Pierman
🌐 Company: Whatnot