Governance, Risk & Compliance (GRC) Engineering with Ayoub Fandi | Cyber Stories Podcast EP 24

A conversation with Ayoub Fandi, a Staff Security Assurance Engineer at Gitlab and host of the GRC Engineering Podcast, as we discuss transforming GRC from a cost center into a strategic product through automation and engineering. Ayoub shares his journey from aspiring economist to successful cybersecurity professional. We explore whether GRC is technical and introduce GRC engineering, which uses engineering practices to enhance governance, risk, and compliance. We highlight the shift in GRC professionals' backgrounds and how technical skills improve GRC workflows. We also emphasize the importance of cybersecurity knowledge in GRC roles and what it means to operate at the staff level. This conversation offers invaluable insights for aspiring staff engineers, including advice on getting into GRC and building a career in GRC Engineering. → Ayoub's LinkedIn: https://www.linkedin.com/in/ayoubfandi/ → Governance, Risk, and Compliance (GRC) for the Cloud-Native Revolution Course: https://www.linkedin.com/learning/governance-risk-and-compliance-grc-for-the-cloud-native-revolution/a-cloud-native-ready-grc-program → @GRCEngineeringPodcast: https://www.youtube.com/@GRCEngineeringPodcast → GRC Engineering Newsletter: https://grcengineer.com/ _____________ RELATED EPISODES 🎙️ For further insights on GRC, watch Episode 12 with Izzy Vixsama from Datadog: https://youtu.be/63nFUz0lx6Y _____________ SPONSORS 👨🏾‍💻 Enhance your coding skills for cybersecurity with Code Crafters: https://app.codecrafters.io/join?via=daycyberwox 🦾 Enhance your health to manage your challenging cybersecurity career with Ultrahuman: http://ultrahuman.com/DayCyberwox 🫂 Join this channel to support the mission: https://www.youtube.com/channel/UCY-UlEymdA23eo09U9a0FLA/join _____________ ⚡️JOIN 6,000+ CWX MEMBERS ON DISCORD: https://discord.gg/cyberwoxacademy 📰 SUBSCRIBE TO THE CYBERWOX UNPLUGGED NEWSLETTER: https://cyberwoxunplugged.com 🥶 WINTER MERCH: https://store.cyberwox.com _____________ 🧬 CYBERWOX RESOURCES 🔹 Cyberwox Cybersecurity Notion Templates for planning your career: https://daycyberwox.gumroad.com/l/cyberlearningframework 🔹 Cyberwox Best Entry-Level Cybersecurity Resume Template: https://daycyberwox.gumroad.com/l/cybersecurityresume 🔹 Learn AWS Threat Detection with my LinkedIn Learning Course: https://www.linkedin.com/learning/introduction-to-aws-threat-detection/ _____________ 📱 LET'S CONNECT → IG: https://www.instagram.com/daycyberwox​ → Threads: https://www.threads.net/@daycyberwox → Substack: https://substack.com/@cyberwox → Twitter: https://twitter.com/DayCyberwox​ → Linkedin: https://www.linkedin.com/in/dayspringjohnson/ → Tiktok: https://www.tiktok.com/@cyberwox Email: [email protected] _____________ #️⃣ Relevant Hashtags #cybersecurity #hacking #bootcamp #threatdetection #cloudcomputing #cloudsecurity #technology #tech #dallas #texas #cloud #grc _____________ ⚠️DISCLAIMER This video description has some affiliate links, and I may receive a small commission for purchases made through these links. I appreciate your support! _____________ ⏰TIMESTAMPS 00:00 Intro 02:50 Getting Started 03:36 Ayoub's Background 10:33 GRC's - Business & Cybersecurity 14:25 The Evolution of GRC 21:09 GRC is Boring 23:24 Security Assurance 26:49 GRC is NOT Technical 31:12 Cyberwox Resource 33:11 Cloud & GRC 33:55 GRC Engineering 41:28 Automation in GRC 46:14 Staff Level GRC Work 49:26 Getting into GRC 53:52 Learning GRC Skils 56:10 GRC for the Cloud-Native Revolution Course 59:03 The GRC Engineering Podcast 01:03:04 Final Thoughts 01:04:12 Outro