Rehearsal is Over: Moving GRC Engineering from Theory into Practice
Branden Rosenlieb
BSidesSF 2026 · Day 1 · AMC Theatre 03
In "Rehearsal is Over: Moving GRC Engineering from Theory into Practice," Branden Rosenlieb delivers a compelling argument for transforming traditional Governance, Risk, and Compliance (GRC) functions into a modern, engineering-driven discipline. The talk addresses the critical challenge faced by organizations today: the inability of manual, static GRC processes to keep pace with rapid technological change, increasing regulatory demands, and the accelerating speed of business operations. Rosenlieb posits that by adopting principles from product development and DevOps, GRC can evolve from a perceived blocker into a strategic business enabler.
AI review
Rosenlieb is preaching something real — GRC-as-code is overdue and the instinct to wire OPA into CI/CD pipelines and automate evidence collection is correct. The talk lands in the right lane (practitioner case study / methodology) and delivers more concrete tooling than the average GRC session, but the technical floor is still low enough that any engineer who's touched Terraform and boto3 will be watching familiar demos.