On May 13 in New York, five of the most technically sharp minds in GRC got on stage to discuss the challenges facing GRC teams today.
Annual audits don't reflect real risk. Control frameworks were built for auditors, not adversaries. And somewhere along the way, governance stopped freeing up security teams and started consuming them.
This panel was stacked with practitioners who are building, breaking, and redefining how GRC works at scale.

WHAT'S COVERED

• When does governance stop being proactive and start becoming operational drag?
• Why is GRC the least engineered part of a security program, and what does fixing it actually look like?
• What breaks first: the control, or trust in the control?
• How do you move from point-in-time attestation to continuous, data-driven security posture?
• What does "GRC Engineering" mean in practice, beyond the talking points?

‍