Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing lin...
All content for Security & GRC Decoded is the property of Raj Krishnamurthy and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing lin...
Why Security And GRC Teams Must Act Like Service Teams ft Jiphun Satapathy from Medallia
Security & GRC Decoded
1 hour 14 minutes
5 months ago
Why Security And GRC Teams Must Act Like Service Teams ft Jiphun Satapathy from Medallia
Jiphun Satapathy has built and scaled security organizations at AWS, Snowflake, and now Medallia. In this episode, he joins our host Raj to explore the evolving role of CISOs as strategic business leaders. They discuss the importance of treating security as a service organization, how to handle vendor noise, and why insider risk is often overlooked. You’ll hear practical advice for security and GRC leaders working in AI-first, high-growth environments—and how to maintain trust across engineer...
Security & GRC Decoded
Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing lin...
