TJ, Kendra, and Elliot are back, and welcomed Evan Millman, GRC Manager at Abnormal Security, for what started as a casual chat and evolved into a sharp look at compliance blind spots, the role of AI in GRC, and how professionals can shape their careers in a changing field.

[00:02:00 ] Evan shares how he used ChatGPT to analyze a risk assessment report.

[00:05:00 ] What GRC leadership looks like at Abnormal Security (ISO 27001, 27701, 42001, SOC 2).

[00:07:00 ] The complicated relationship between organizations and auditors — bias, incentives, and the reality of “clean” reports.

[00:12:00 ] Why third-party attestations are table stakes, not real assurance.

[00:19:00 ] TJ and Evan debate solutions: peer reviews, government oversight, or is the system fundamentally flawed?

[00:27:00 ] How Abnormal approaches vendor risk: criticality ratings, renewals, and compensating controls.

[00:32:00 ] Tools and automation in GRC — benefits and buyer’s remorse.

[00:36:00 ] The role of AI: evidence review, documentation search, and “trust but verify.”

[00:39:00 ] Should GRC professionals become coders, or double down on soft skills?

[00:44:00 ] Evan’s career advice: networking, persistence, and why soft skills matter more than technical depth.

Hosted on Acast. See acast.com/privacy for more information.