Chaos

GRC Uncensored

News EN ↓ 23 episodes

GRC Uncensored is an experimental podcast designed to elevate real conversations with GRC professionals, auditors, regulators, and those building programs around it. Your hosts are Troy Fine and Elliot Volkman. Hosted on Acast. See acast.com/privacy for more information.

Author

Chaos

Category

News

Podcast website

feeds.acast.com

Latest episode

Dec 31, 2025

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

AMA: GRC, SOC 2, and the State of Audits 31.12.2025

It’s the last day of 2025, which means it’s time to wrap season one. When Troy and I piloted this series, we didn’t expect thousands of you to tune in, and certainly didn’t expect to pickup the wonderfully smart Kendra to join our crew. With that, we want to thank you for encouraging us to keep this series going. We’ll be back for season 2 soon, and are taking in new pitches for episodes now. To w...

Do Ethical GRC auditors really exist? 20.11.2025

In this episode, the crew digs into a messy but necessary topic: what does ethical auditing even mean in a market overrun with automation shortcuts, low-effort SOC 2 audits, and firms that self-declare “quality” without proving it? With Troy actively auditing today and Kendra working with auditors in real time, the team breaks down where rigor actually shows up, where the system is broken, and why...

SOC 2, Vibes, and the Audit Arms Race 22.10.2025

This episode dives deep into the messy, absurd, and sometimes hilarious world of SOC 2 audits and compliance frameworks. Wiz CISO Expert Zlatko Unger joins the crew to talk about the expanding “acronym soup” of frameworks, the blurred lines between automation and assurance, and why finding an auditor who vibes with your team might matter more than the name on the certificate. The crew also debates...

Clean Reports, Flawed Systems, and the Future of GRC 09.10.2025

TJ, Kendra, and Elliot are back, and welcomed Evan Millman , GRC Manager at Abnormal Security, for what started as a casual chat and evolved into a sharp look at compliance blind spots, the role of AI in GRC, and how professionals can shape their careers in a changing field. [00:02:00] Evan shares how he used ChatGPT to analyze a risk assessment report. [00:05:00] What GRC leadership looks like at...

AI Guardrails, Foot Guns, and the Ostrich Problem 25.09.2025

This week on GRC Uncensored , hosts Troy Fine and Elliot Volkman sat down with Merritt Baer , Chief Security Officer at Enkrypt AI , for a candid conversation about the collision between AI, governance, and security. Merritt brought decades of CISO experience — from AWS to the intelligence community — and didn’t hold back, fully embracing our podcast name, on what’s hype, what’s real, and what CIS...

The Softer (and Sometimes Spicier) Side of GRC 28.08.2025

In the latest episode of GRC Uncensored , hosts Kendra Cooley and Troy Fine sat down with Jake Bernardes , CISO of Anecdotes and host of Risking It All , to talk about the positive side of GRC. What unfolded was less about sugar-coating and more about the tensions shaping our industry from AI disruption to the shaky future of SOC 2 reports. More specifically, is there a world where we see a consol...

The TPRM Tug-of-War: Trust, Tools, and the AI Tradeoff 31.07.2025

This week, the crew sits down with Henry Stanley—founder of Fabrik and engineer-turned-GRC troublemaker-to dig into the messy reality of third-party risk management (TPRM). With experience across fintech, startups, and security consulting, Henry brings a pragmatic but optimistic view of how the industry can move forward. From the limits of SOC 2 and the myth of standardization to the risks and rew...

Will FedRAMP 20x Repeat SOC 2’s Mistakes? 17.07.2025

This week on GRC Uncensored, the crew welcomes John Santore, a longtime FedRAMP and SOC 2 practitioner who has seen firsthand how compliance frameworks evolve, and sometimes unravel. Now serving as Director of Cyber Acceleration at Constellation GovCloud, John joins Troy and Elliot to unpack FedRAMP 20x, a new pilot program designed to streamline the U.S. government’s cloud authorization process d...

Why the "Why" Matters in GRC 01.07.2025

In this episode of GRC Uncensored , Richa, founder and CEO of Complyance , joins the hosts to unpack the growing tension between scalable compliance tooling and the real needs of maturing GRC teams. The conversation examines why SOC 2 in a box solutions fall short for mid-market organizations and what it truly means to integrate AI without compromising privacy. Along the way, the group debates the...

From Engineering to GRC: A first-hand account of the GRC talent gap 19.06.2025

As organizations contend with growing threats and shrinking GRC teams, this episode explores the widening talent gap in governance, risk, and compliance. Guest Shruti Mukherjee, a former software engineer turned GRC practitioner, shares her journey, her insights on the evolving nature of the field, and her call to action for both professionals and organizations to rethink what GRC careers can look...

What It Really Takes to Get Hired in GRC 05.06.2025

Guest: Pete Strouse, Cybersecurity Talent Advisor & Host of The Talent Gap Fireside Chat This episode explores how governance, risk, and compliance (GRC) roles are filled, and why it's getting harder to land one. Pete Strouse unpacks the current job market, share recruiter insights, and offer advice to job seekers and hiring managers navigating a GRC landscape shaped by automation, offshoring,...

The Unfiltered Truth About CPAs and Audits 20.05.2025

This episode of GRC Uncensored goes full behind-the-scenes as Troy Fine, Kendra Cooley, and producer Elliot Volkman sit down for an unscripted discussion. From the challenges CPAs face in the security world to the ethics of auditing, the team explores what happens when trust, risk, and reputation collide. Plus, a big reveal: Troy is starting his own CPA firm—Fine Assurance. [00:10:00] The CPA Deba...

Going Beyond Compliance: The Intersection of Security and Risk Management 24.04.2025

In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman chat with Rob Wood, founder and CEO of Sidekick Security, to explore the relationship between compliance and security. They dig into topics such as the limitations of compliance as a security measure, the role of compliance tools and platforms, and the importance of effective communication and...

Oversight Over Auditors and Peer Reviews 10.04.2025

In this episode of GRC Uncensored, hosts Troy Fine and Elliot Volkman invite Jeff Cook, a compliance expert with over 20 years of experience, to discuss the intricacies of auditor oversight and peer reviews. Jeff shares insights into the complexities of the peer review process, including the role of State Boards of Accountancy, AICPA, and the challenges of maintaining quality in SOC reports. The c...

Third-Party Risk Management: When to Accept or Reject Vendor Documentation 27.03.2025

On a recent episode of GRC Uncensored, host Troy Fine and producer Elliot Volkman were joined by guest Stanley Krochik , a now seasoned GRC professional and former city security program manager, to discuss the realities of third-party risk Management (TPRM). The conversation focused on the growing issue of low-quality audits, the challenge of assessing vendor security postures, and the dilemma ris...

AI Governance: Insights on ISO 42001 from GRC Two Experts 13.03.2025

The latest episode of GRC Uncensored dove deep into the magical world of AI governance, specifically on ISO 42001. This week, our guests are Chris Honda , Whistic’s Manager of Security, Risk, and Compliance; and Jonathan LeBaron , MasterControl Senior GRC Engineer with the golden voice. Our due shared their firsthand experiences navigating compliance, business adoption, and the broader implication...

The Good, The Bad, and The Underrated of Compliance Audits 27.02.2025

In this episode of GRC Uncensored, hosts Troy Fine, Kendra Cooley, and producer Elliot Volkman dive into an unfiltered discussion with Joseph Kirkpatrick, founder and president of KirkpatrickPrice. The focus is on the implications of private equity and compliance automation tools in GRC. Joseph shares his insights on how the influx of private equity funding and the rise of 'SOC in a box' platforms...

Drata Talks Navigating Audit Integrity and Independence 12.12.2024

In this episode, host Troy Fine and producer Elliot Volkman welcome guest Kevin Kriebel, VP of Business Development at Drata. The conversation focuses on the challenges and intricacies of maintaining auditor independence and integrity in the compliance automation landscape. Key topics include the impact of bundling and price fixing on audit quality, the need for improved TPRM functionality, and th...

Episode Zero: Behind the Concept of GRC Uncensored 26.11.2024

In the pilot episode of GRC Uncensored, hosts Troy Fine and Elliot Volkman introduce the podcast aimed at having unfiltered discussions about Governance, Risk, and Compliance (GRC). This episode was recorded before any interviews and offers some retrospectives of what became reality or not. They detail their professional backgrounds, especially highlighting Troy's unexpected journey into auditing...

Unpacking audit quality (or lack thereof) 14.11.2024

In this episode of GRC Uncensored, hosts Troy Fine and Kendra Cooley, along with producer Elliot Volkman, continue their pursuit of trying to understand what is explicitly holding the GRC world back. Joined by ISO expert David Foreman, the discussion tackles the roles of auditors, tech vendors, and market forces in shaping audit quality. They explore the significance of audit integrity, the stayin...

Should you invest in a GRC tool for compliance? 24.10.2024

GRC Uncensored is back, and your hosts Troy Fine and Elliot Volkman are joined by Martin Cozzi, CEO of Pima, to discuss when, if at all, it makes sense to invest in a GRC tool to support a company's compliance efforts. The discussion spans the necessity and use of various compliance tools, the challenges of scaling compliance, and the importance of having well-defined processes and dedicated perso...

The Commoditization of Compliance and SOC 2 10.10.2024

In the first episode of 'GRC Uncensored,' hosts Troy Fine, dubbed the 'GRC Meme King,' and Elliot Volkman, alongside guest Kendra Cooley dive into the complexities of Governance, Risk, and Compliance (GRC) in cybersecurity. The discussion unravels the 'love-hate' relationship many security professionals have with compliance frameworks like SOC 2, exploring how they have become commoditized and pos...

GRC Uncensored Trailer 06.10.2024

GRC Uncensored is an experimental podcast designed to elevate real conversations with GRC professionals, auditors, regulators, and those building programs around it. Your hosts are Troy Fine and Elliot Volkman. Hosted on Acast. See acast.com/privacy for more information.

Listen to the GRC Uncensored podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.