S3E19: Resilient Cyber w/ Andres Vega & Andrew Clay Shafer

In this episode of Resilient Cyber, Chris Hughes chats with Andres Vega and Andrew Clay Shafer about the intersection of Governance, Risk, and Compliance (GRC) and DevOps. The conversation dives deep into how modern organizations can align GRC with DevOps principles to ensure compliance while maintaining agility and speed in digital environments.

🔑 Key Highlights:

• GRC & DevOps Synergy: Learn why GRC often lagged behind in the DevOps revolution and how enterprises can integrate these critical frameworks into their development cycles without sacrificing speed or compliance.

• Regulatory Impact on DevOps: Explore the role of regulatory policies in DevOps environments, including how cybersecurity executive orders, NIST frameworks, and compliance mandates are shaping the future of software development.

• Investments Unlimited: Discover insights from the new book Investments Unlimited, co-authored by Andres and others, which introduces a narrative-driven exploration of how organizations can thrive in a world of rapid development, security, and audit requirements.

• Scaling GRC in the Cloud: Andrew and Andres share their perspectives on scaling compliance in cloud-native environments and explain how adopting Infrastructure as Code (IaC) and compliance automation is key to ensuring secure, scalable, and efficient operations.

• Machine-Readable Attestations: As organizations adopt DevSecOps, the importance of machine-readable attestations, infrastructure-as-code practices, and verified compliance has never been higher. Hear their thoughts on how these technologies can ensure both velocity and security.