Sign up to save your podcasts
Or
Share Controls Are Promises: Rethinking GRC for Modern Security ft Sergio Alonso @ Rapid7
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Controls Are Promises: Rethinking GRC for Modern Security ft Sergio Alonso @ Rapid7
In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Sergio Alonso, a seasoned GRC and information security leader at Rapid7, whose 17–year career spans auditing, high-regulation banking, blockchain innovation at Akamai, privacy GRC at Twitter, and now trust and governance in cybersecurity. Sergio breaks down how to translate legacy compliance thinking into modern engineering-aligned practices, why automation is the only scalable path forward, and how controls should be treated as “promises” that teams must honor every day. This conversation explores scaling GRC in high-velocity environments, reducing compliance fatigue, applying zero-knowledge principles to trust, and building the next generation of context-driven risk programs.
Key Takeaways
- Automation is the only sustainable path to scaling GRC without increasing friction.
- Controls should be viewed as “promises,” and audits as the consequence of keeping or breaking them.
- Context — technical, business, and risk — is the primary driver of effective triage and prioritization.
- GRC must evolve from a legacy function into a trust-driven, engineering-aligned discipline.
- Zero-knowledge-style thinking may define the future of transparency and customer trust.
What You’ll Learn
- How to adapt legacy compliance experience for cloud, SaaS, and fast-moving tech companies.
- Why automation, evidence APIs, and GRC engineering are becoming non-negotiable.
- How to reduce compliance fatigue using “meet once, meet many” principles.
- Why context is the key to reducing noise from security tools.
- How to partner with engineers using empathy, clarity, and strong framing.
- Why trust and transparency are reshaping GRC inside cybersecurity companies.
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Sergio Alonso | GRC & Information Security Leader | Rapid7
Connect on LinkedIn: https://www.linkedin.com/in/salonsor/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5xuvsT8HdJsa2sbhAFZQhL
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450
View all episodes
By Raj KrishnamurthyIn this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Sergio Alonso, a seasoned GRC and information security leader at Rapid7, whose 17–year career spans auditing, high-regulation banking, blockchain innovation at Akamai, privacy GRC at Twitter, and now trust and governance in cybersecurity. Sergio breaks down how to translate legacy compliance thinking into modern engineering-aligned practices, why automation is the only scalable path forward, and how controls should be treated as “promises” that teams must honor every day. This conversation explores scaling GRC in high-velocity environments, reducing compliance fatigue, applying zero-knowledge principles to trust, and building the next generation of context-driven risk programs.
Key Takeaways
- Automation is the only sustainable path to scaling GRC without increasing friction.
- Controls should be viewed as “promises,” and audits as the consequence of keeping or breaking them.
- Context — technical, business, and risk — is the primary driver of effective triage and prioritization.
- GRC must evolve from a legacy function into a trust-driven, engineering-aligned discipline.
- Zero-knowledge-style thinking may define the future of transparency and customer trust.
What You’ll Learn
- How to adapt legacy compliance experience for cloud, SaaS, and fast-moving tech companies.
- Why automation, evidence APIs, and GRC engineering are becoming non-negotiable.
- How to reduce compliance fatigue using “meet once, meet many” principles.
- Why context is the key to reducing noise from security tools.
- How to partner with engineers using empathy, clarity, and strong framing.
- Why trust and transparency are reshaping GRC inside cybersecurity companies.
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Sergio Alonso | GRC & Information Security Leader | Rapid7
Connect on LinkedIn: https://www.linkedin.com/in/salonsor/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5xuvsT8HdJsa2sbhAFZQhL
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450