Engineer-turned-GRC-builder Henry Stanley (Founder and CPO of Fabrik) joins the pod to talk about building security programs developers actually want to use. From the death of PDF policies to developer-first controls, Henry shares lessons from his time in fintech, crypto, and consulting, and why startups are better at spotting compliance theater than most enterprises. Plus, the crew goes off script (again) to debate whether AI will help or harm modern GRC.

[00:04:00] – Why traditional policy documents don’t work for engineers

[00:08:30] – “Write less, enforce more”: Building policy that actually gets used

[00:12:00] – The startup lens: Doing security without killing velocity

[00:16:30] – What to build first: Inventory, ownership, automation

[00:20:00] – When GRC turns into audit prep theater

[00:28:30] – How to align engineering, product, and GRC

[00:33:00] – Why most programs break down at scale

[00:42:00] – The AI tangent: use cases, risks, and nonsense generators

[00:47:00] – Henry’s take: AI can help—but only with human oversight

Guest: Henry Stanley, Founder of Security Program.io

Hosts: Troy Fine, Kendra Cooley

Producer: Elliot Volkman

Runtime: ~56 minutes

Hosted on Acast. See acast.com/privacy for more information.