Raj Krishnamurthy

Security & GRC Decoded

How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC). Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy. It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates. Security & GRC Decoded brings you: Actionable strategies, expert insights, and real-world stories to elevate your Secur...

Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.compliancecow.com

Autor

Raj Krishnamurthy

Kategoria

Technology

Strona podcastu

www.compliancecow.com

Ostatni odcinek

25 cze 2026

Gdzie słuchać?

Podcasty w aplikacji Replaio Radio Już wkrótce

Podcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów

Pobierz z Google Play Zainstaluj za darmo Android 5 mln+ pobrań · ocena 4,8 iOS niedługo

Odcinki

The Trust Gap in AI: Why Agents Need a New Certification Model ft Rajiv Dattani & David Meyer @ AIUC 25.06.2026

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Rajiv Dattani and David Meyer from Artificial Intelligence Underwriting Company (AIUC) to explore one of the biggest unanswered questions in AI security: Can organizations actually trust AI agents? As enterprises rapidly deploy AI-powered products, copilots, and autonomous agents, traditional security assessments, comp...

Beyond Checkbox Compliance: Why GRC Must Become an Engineering Discipline ft Sheron Chakalakal, Head of GRC @ UiPath 02.06.2026

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Sheron Chakalakal , Head of GRC at UiPath , to explore why the future of GRC looks far more like systems engineering than traditional audit management. Drawing from his experience at Salesforce, Deloitte, and UiPath, Sheron explains why point-in-time audits and checkbox compliance are failing modern engineering organiz...

From Compliance Theater to GRC Infrastructure: Why AI Breaks Traditional GRC ft Jasmine Kaur, Principal of Security & Assurance Engineering @ CoreWeave 05.05.2026

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Jasmine Kaur , Principal of Security & Assurance Engineering at CoreWeave , to explore how AI-native infrastructure is fundamentally reshaping GRC. Drawing from her experience at companies like SAP, Google, and now an AI hyperscaler, Jasmine explains why traditional GRC models are failing in high-velocity, ephemera...

The GRC Illusion: Why Third-Party Risk Is Still Broken ft Val Dobrushkin, Director of GRC @ Tricentis 21.04.2026

In this episode of Security & GRC Decoded , Raj Krishnamurthy sits down with Val Dobrushkin , Director of GRC at Tricentis , to challenge one of the most overlooked failures in modern security programs: third-party risk management. Drawing from his experience building GRC programs at ForgeRock, NoName Security, and beyond, Val explains why most organizations are still stuck in compliance theat...

GRC Is Broken... And Nobody Wants to Admit It ft Dylan O’Dell, AVP Information Risk Officer @ Manulife 07.04.2026

In this episode of Security & GRC Decoded , Raj Krishnamurthy sits down with Dylan O’Dell , AVP Information Risk Officer at Manulife , to challenge one of the biggest assumptions in the industry: that GRC is working as intended. Dylan argues that most organizations are stuck in control-centric thinking and missing the true purpose of risk management — translating data into business decisions....

Security Is a Human Problem, Not a Tool Problem ft Steven Asifo, Director of Security & GRC @ Yahoo 24.03.2026

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Steven Asifo, Director of Security & GRC at Yahoo, for one of the most refreshing conversations the show has had on communication, influence, and the human side of security. Drawing on his unusual dual life as both a cybersecurity leader and a stand-up comedian, Steven makes the case that security and GRC are not j...

The 3 Year GRC Reckoning: Customer Trust, Real-Time Assurance, and the Future of Risk ft Bryan Culp, Senior Director of Customer Trust @ Box 10.03.2026

In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Bryan Culp , Senior Director of Customer Trust at Box , to explore how governance, risk, and compliance is evolving beyond certifications and into real-time trust. Bryan shares why the next two to three years will fundamentally change how GRC operates — driven by automation, AI, large financial institutions demanding r...

When GRC Stops Watching and Starts Working ft Ryan Schoeller, Director of Security & GRC @ Treasure Data 24.02.2026

In this episode of Security & GRC Decoded , Raj Krishnamurthy sits down with Ryan Schoeller , Director of Security & GRC at Treasure Data , to challenge one of the most deeply rooted assumptions in the industry: that GRC should stay passive and “independent.” Drawing from his experience across startups, mid-market tech companies, and large enterprises, Ryan argues that the most effective G...

Does GRC Belongs Outside Security? The Case for an Independent Second Line ft Charles Nwatu - GRC Engineering Leader 10.02.2026

What if GRC shouldn’t sit inside Security at all —and what if the bigger problem isn’t automation, but what you do after you automate? In this episode, Raj Krishnamurthy sits down with Charles Nwatu (former Security GRC Engineering & Assurance leader at Netflix) for a candid, systems-level conversation about why “annual audit rituals” fail modern engineering, how GRC can produce high-fidelity...

GRC Is an Engineering Discipline. Not a Checklist. ft Akhila Chitiprolu, Head of Security & GRC @ Sierra 27.01.2026

GRC has long been seen as abstract, manual, and disconnected from how modern engineering teams actually work, but that narrative is breaking down. In this episode of Security & GRC Decoded , Raj Krishnamurthy sits down with Akhila Chitiprolu , Head of Security & GRC at Sierra, to explore why GRC must be treated as an engineering discipline, not a compliance afterthought. Drawing from her e...

GRC as a Growth Engine: From Checklists to Continuous Assurance ft Vivek Madan - Director of Security, Risk, and Compliance @ Fortinet 13.01.2026

In this episode of Security & GRC Decoded , Raj Krishnamurthy sits down with Vivek Madan to unpack what it really means to run a modern GRC program inside a global cybersecurity company. Drawing from his journey across networking, security engineering, risk, and compliance, Vivek shares how GRC can function as a true business enabler—opening markets, accelerating revenue, and strengthening tru...

Audit ≠ Security: Building Auditable Controls in a High-Velocity World ft Varun Prasad, Cloud Security & Privacy Assurance @ BDO 30.12.2025

Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience...

Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK 16.12.2025

In this episode of Security & GRC Decoded , host Raj Krishnamurthy sits down with Tom Scuderi , Senior Manager of Security & GRC at LTK and a veteran practitioner who has spent his career building governance functions at QTS, Tableau, Salesforce, and LTK. Tom shares how to scale GRC in high-growth environments by designing processes that resemble engineering workflows, reducing friction wi...

Controls Are Promises: Rethinking GRC for Modern Security ft Sergio Alonso @ Rapid7 02.12.2025

In this episode of Security & GRC Decoded , host Raj Krishnamurthy sits down with Sergio Alonso , a seasoned GRC and information security leader at Rapid7 , whose 17–year career spans auditing, high-regulation banking, blockchain innovation at Akamai, privacy GRC at Twitter, and now trust and governance in cybersecurity. Sergio breaks down how to translate legacy compliance thinking into moder...

How Pragmatic Controls Build Trust Between GRC, Security, and Engineering ft Mukund Sarma, Deputy CISO @ Chime 13.11.2025

In this episode of Security & GRC Decoded , host Raj Krishnamurthy sits down with Mukund Sarma , Deputy CISO and Head of Product Security at Chime , to explore what happens when governance, risk, and compliance teams work with engineering instead of against it. Mukund shares real-world lessons from a decade in security, explaining how to balance shift-left initiatives, build paved paths that r...

How to Build Trust Between GRC and Engineering ft Tristan Ingold, Security GRC Program Manager at Meta 30.10.2025

How do you build real trust between GRC and engineering? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Tristan Ingold , Security GRC Program Manager at Meta . Tristan shares how consulting shaped his approach, why “policing” doesn’t work, and how GRC earns influence by acting as a partner to engineering -- not a blocker. He discusses the cultural friction between a...

Rethinking Risk: Data-Driven Decisions for Modern CISOs ft Tony Martin-Vegue 16.10.2025

In this episode, Raj Krishnamurthy speaks with Tony Martin-Vegue , seasoned risk practitioner, speaker, and co-chair of the FAIR Institute San Francisco chapter. Tony shares decades of lessons learned from leading cyber risk management at Netflix , Gap , and other major enterprises—showing how to move from qualitative heat maps to quantitative insights that drive smarter business decisions. He bre...

Why GRC Is More Than Compliance with Kenneth Moras | Head of Security GRC | Plaid 02.10.2025

In this episode of Security & GRC Decoded , host Raj Krishnamurthy sits down with Kenneth Moras , Head of Security GRC at Plaid. Kenneth shares his journey from web developer and pen tester to building GRC and assurance teams at scale across leading companies like Adobe , Meta , and now Plaid . The conversation explores how GRC must balance governance, risk, and compliance as distinct but inte...

“This GRC Space is Hot!” with Varun Gurnaney, Staff Security Engineer at Apple 11.09.2025

How does a software engineer become a GRC leader? In this episode of Security & GRC Decoded , host Raj Krishnamurthy welcomes Varun Gurnaney , Staff Security Engineer at Apple . Varun shares his journey from writing janky Python scripts for compliance evidence collection to shaping the discipline of GRC engineering at some of the world’s biggest companies. He discusses the cultural and technic...

Risk in Dollars: The Future of GRC Measurement ft Ramya Subramanian, Director of GRC @ Freshworks 04.09.2025

How does a network engineer become a GRC leader ? Ramya Subramanian’s journey spans nearly two decades across IT, security, and governance. Now serving as Director of GRC & Privacy Operations at Freshworks , she joins Raj to unpack the evolving role of GRC: from quantifying risk and managing compliance debt to building automation that doesn’t slow engineering down. Ramya also shares how storyt...

Compliance ≠ Security: It Sets the Foundation ft Evan Millman, Security GRC Manager @ Abnormal AI 21.08.2025

What’s the true relationship between compliance and security? According to Evan Millman , compliance may not be security—but it’s the necessary starting point for building it. In this episode, Raj sits down with Evan to explore how organizations can shift their GRC approach from reactive checkbox checking to a proactive and risk-informed security practice. Evan shares stories from his work at Abno...

Cyber Economics and Keeping Up with Innovation ft Trupti Shiralkar (Cybersecurity Leader & Advisor) 07.08.2025

What trade-offs are you willing to make in cybersecurity?  In this episode of Security & GRC Decoded , host Raj Krishnamurthy is joined by Trupti Shiralkar , a seasoned cybersecurity leader and Advisory Board Member at Backslash Security , to explore how risk, ROI, and real-world constraints shape modern security programs. With decades of experience across AppSec, security architecture, and ri...

Why Security And GRC Teams Must Act Like Service Teams ft Jiphun Satapathy from Medallia 05.08.2025

Jiphun Satapathy has built and scaled security organizations at AWS , Snowflake , and now Medallia . In this episode, he joins our host Raj to explore the evolving role of CISOs as strategic business leaders . They discuss the importance of treating security as a service organization , how to handle vendor noise , and why insider risk is often overlooked . You’ll hear practical advice for security...

Preetam Joshi Breaks Down ML, LLMs, AI Agents, and Governance Challenges 10.07.2025

How do you make sense of security, governance, and risk in an age of black-box AI? This week, Raj is joined by Preetam Joshi , founder of Aimon Labs and machine learning veteran with experience at DRDO , Yahoo , Netflix , and Thumbtack . Together, they break down the technical evolution behind large language models (LLMs), explore the real challenges of explainability, and discuss why GRC teams mu...

RGC, Not GRC: Why Risk Comes First ft Ricky Waldron 26.06.2025

What if compliance wasn't just about passing audits—but about building trust from the ground up? In this powerful episode of Security & GRC Decoded , Raj sits down with Ricky Waldron , Director of Security Audit & GRC at Navan , whose GRC experience spans tech giants like Microsoft , Disney , Oracle , and Smartsheet . Ricky shares how GRC is evolving into a strategic business partner,...

Słuchaj podcastu Security & GRC Decoded w Replaio

Radio i podcasty w jednej aplikacji - za darmo, bez zakładania konta. Zainstaluj już dziś i nie przegap premiery

Pobierz z Google Play

Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS