A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering. Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technical and introduce GRC engineering, which uses engineering practices to enhance governance, risk, and compliance. We highlight the shift in GRC professionals' backgrounds and how technical skills improve GRC workflows. We also emphasize the importance of cybersecurity knowledge in GRC roles and what it means to operate at the staff level. This conversation offers invaluable insights for aspiring staff engineers, including advice on getting into GRC and building a career in GRC Engineering. → Ayoub's LinkedIn

→ Governance, Risk, and Compliance (GRC) for the Cloud-Native Revolution Course

→  GRCEngineeringPodcast 

→ GRC Engineering Newsletter_____________

RELATED EPISODES

🎙️ For further insights on GRC, watch or listen to Episode 12 with Izzy Vixsama from Datadog_____________

SPONSORS

👨🏾‍💻 Enhance your coding skills for cybersecurity with Code Crafters

🦾 Enhance your health to manage your challenging cybersecurity career with Ultrahuman_____________

⚡️JOIN 6,000+ CWX MEMBERS ON DISCORD

📰 SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER

🥶 WINTER MERCH_____________

🧬 CYBERWOX RESOURCES

🔹 Cyberwox Cybersecurity Notion Templates for planning your career

🔹 Cyberwox Best Entry-Level Cybersecurity Resume Template

🔹 Learn AWS Threat Detection with my LinkedIn Learning Course_____________

📱 LET'S CONNECT

→ IG

→ Threads

→ Substack

→ Twitter

→ Linkedin

→ Tiktok

Email: day@cyberwox.com_____________

#️⃣ Relevant Hashtags#cybersecurity #hacking #bootcamp #threatdetection #cloudcomputing #cloudsecurity #technology #tech #dallas #texas #cloud_____________

⚠️DISCLAIMER

This description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support!_____________

⏰TIMESTAMPS00:00 Intro02:50 Getting Started03:36 Ayoub's Background10:33 GRC's - Business & Cybersecurity14:25 The Evolution of GRC21:09 GRC is Boring23:24 Security Assurance26:49 GRC is NOT Technical31:12 Cyberwox Resource33:11 Cloud & GRC33:55 GRC Engineering41:28 Automation in GRC46:14 Staff Level GRC Work49:26 Getting into GRC53:52 Learning GRC Skils56:10 GRC for the Cloud-Native Revolution Course59:03 The GRC Engineering Podcast01:03:04 Final Thoughts01:04:12 Outro