GRC Engineering - Bringing GRC to a repository near you
Varun Gurnaney
BSidesSF 2024 · Day 1
In this insightful talk at BSidesSF 2024, Varun Gurnaney, a security engineer, presented a compelling vision for **GRC Engineering**, an approach that seeks to bridge the historical chasm between Governance, Risk, and Compliance (GRC) functions and engineering teams. Gurnaney argues that traditional GRC processes are often manual, burdensome, and lead to significant friction with engineers, who are primarily focused on shipping product and fixing bugs. His core premise is that by applying engineering principles and automation to GRC, particularly compliance, organizations can streamline audits, improve security hygiene, and ultimately foster a more collaborative environment where engineers "hate compliance less."
AI review
This talk presents a pragmatic engineering approach to a pervasive organizational problem: the friction between engineering and compliance teams. By proposing "GRC Engineering" and detailing an "audit engine" architecture, the speaker offers a viable path for large enterprises to automate evidence collection, reduce context switching for engineers, and achieve continuous compliance, moving beyond the limitations of generic vendor tools.