Ctrl - Alt - Secure Podcast
Welcome to the Ctrl-Alt-Secure podcast, your guide to navigating the ever-changing landscape of cybersecurity. Join us as we delve into the latest trends, threats, and innovations shaping the infosec space.
Ctrl - Alt - Secure Podcast
Rethinking SOC 2 & GRC | Ctrl-Alt-Secure S4E16 ft. Emma Lawler & AJ Yawn
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Emma Lawler and AJ Yawn from Rippling to explore the evolving world of Governance, Risk, and Compliance (GRC) and why modern organizations need to rethink how they approach SOC 2 audits, security evidence, and compliance operations.
Emma and AJ share insights into how companies can move away from manual, checkbox-driven compliance processes and toward engineering-driven security programs powered by automation, transparency, and first-party data. Rather than treating GRC as a once-a-year project, the conversation focuses on building systems that continuously improve security posture while reducing friction between companies, auditors, and operational teams.
The discussion dives into why automation should not be confused with reduced rigor, the importance of maintaining auditor independence, and how organizations can shift compliance “to the left” by embedding security into operational workflows instead of treating it as a final hurdle.
Valentina, Emma, and AJ also explore the cultural side of compliance, including why findings should be viewed as actionable signals for improvement rather than blame, and how organizations can design systems where compliance efforts compound over time instead of restarting from scratch every audit cycle.
Key topics covered:
• Why SOC 2 is more than a compliance checkbox
• Engineering compliance instead of documenting compliance
• The role of automation and first-party data in modern GRC
• Why auditor independence still matters
• Shifting security and compliance earlier into operational workflows
• Treating GRC as a continuous product instead of a yearly project
• Building scalable systems that reduce long-term audit fatigue
• Turning security findings into opportunities for improvement
Who should listen:
This episode is ideal for security leaders, compliance professionals, auditors, startup founders, IT teams, and anyone looking to build more sustainable and scalable security and compliance programs.
About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.
🔗 Learn more about Red Sentry: https://redsentry.com/
🔗 Learn more about Rippling: https://www.rippling.com/
Find more about Red Sentry.