Episodes
-
Episode Summary
In this episode, I welcome Shruti Gupta, a seasoned security leader with extensive GRC experience, current CEO of Zania. With a rich background that includes roles at Microsoft, Airbnb, and Instacart among others, Shruti shares her insights on the evolving landscape of GRC, particularly on how AI changes the game.
The discussion covers the challenges within GRC, the potential of AI to streamline processes, and what will become of our career path after AI agents take over a substantial chunk of our work.
Key Topics Discussed
💼 Career Journey: Shruti reflects on her career path from starting security programs at OpenDNS to leading AI security efforts at Microsoft 🌀 Complexity of GRC: Understanding the breadth of our field. Variety of all of the domains practitioners need to be proficient in. 📹 Limitations of Traditional Tools: She highlights how many GRC tools function as deterministic databases with evidence collection capabilities, lacking the analytical capabilities needed for effective decision-making. 📃 Examples of AI use cases: We explore how AI can automate repetitive tasks like documentation and evidence assessment, moving from automating input to automating output. 💼 Answer misconceptions around AI: We discuss fears around job displacement, framing AI as a tool that enhances GRC value rather than replaces it. 📈 AI for Career Growth: We emphasize how leveraging AI can lead to meaningful work and career advancement by freeing up time for high-impact activities. 🚅 Some forward looking statement regarding the future of the industry, what's next for her and how she sees the GRC industry shifting as AI agents become more capable.Guest Bio
Shruti Gupta is an accomplished security leader with extensive experience across various sectors. She has held significant positions such as CISO for Microsoft Identity and has been instrumental in building security programs at companies like Airbnb and Instacart. Her expertise is now on how AI Agents can help automate vast parts of GRC workstreams.
Notable Quotes
"GRC is a very vast topic... it's quite challenging to technically understand so much breadth."
"The kind of work that you can truly automate with AI is not something that is fun work that you would want to do anyways... it allows you to focus on more strategic tasks rather than repetitive, boring back-office work"
"The pressure in GRC is real; if you don't do it well, your company can really get penalised."
Useful links
Shruti's Linkedin
Zania.ai, Shruti's company dedicated on AI Agents for GRC.
Call to Action
If you enjoyed this episode, please subscribe to our podcast for more insights into GRC Engineering. Feel free to give us a review if you enjoyed it and to check out our other episodes!
For any questions, ideas for guests or feedback, please reach out to me on LinkedIn!
-
Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo.
Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative.
He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk, and compliance and how GRC Engineering could be the next DevSecOps.
Be warned, TPRM is taking repeated hits in this episode!
-
Missing episodes?
-
Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GRC objectives
-
Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud.
-
Episode Summary
In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail.
Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced environments.
The discussion dives deep into the challenges of balancing speed and security, the importance of collaboration in regulatory compliance, and how personal responsibility for CISOs is shaping the future of security leadership.
Key Topics Discussed
💼 Career Journey: Simon reflects on his career path, starting in the defense sector with the Ministry of Defense, moving through financial services and retail, and eventually taking on his current role at OVO. 🌀 Systems Thinking in Security: Insights into how Simon applied systems engineering concepts like "the survivability onion" to improve security outcomes across different industries. 📹 Balancing Speed and Security: A discussion on how fast-moving environments like defense and private sectors can integrate security assurance early in development to achieve better outcomes. 📃 Regulatory Challenges Across Jurisdictions: Simon shares his experiences navigating complex regulatory landscapes in Asia-Pacific and Europe, including personal liability challenges for CISOs. 💼 Leadership and Collaboration: Emphasizing the importance of strong teams and relationships to manage stress and uncertainty in high-stakes environments. 🚅 Forward-Looking Reflections: Simon discusses his current mission at OVO, supporting zero-carbon living through tech-enabled energy retail while addressing broader societal challenges.Notable Quotes
"The time horizon of the board is radically different from that of an engineer in a sprint."
"Balancing prevention with a positive attitude towards detection and discovery is key to building effective systems."
"Bringing assurance teams into the development lifecycle early can lead to better security outcomes—not just better documentation."
"Personal liability for CISOs is a growing challenge; it requires courage to take on such roles."
Useful links
Simon Goldsmith’s LinkedIn OVO EnergyGuest Bio
Simon Goldsmith is an accomplished information security leader with over two decades of experience across defense, financial services, retail, and energy sectors. Currently serving as Head of Information Security at OVO, Simon has a passion for systems thinking and collaborative leadership to drive impactful security outcomes.
Call to Action
If you enjoyed this episode, please subscribe to our podcast for more insights into GRC Engineering and cybersecurity leadership. Don’t forget to leave a review if you found value in this conversation!
For questions, guest ideas, or feedback, reach out to me on LinkedIn.
-
Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.
