Is it time to rethink SOC 2? (Spoiler: Adam thinks so—and he’s got the receipts.)
In this insightful episode of Security & GRC Decoded, Adam Brennick, Director of Security Risk & Compliance at Cockroach Labs, joins Raj to challenge the status quo of SOC 2, compliance culture, and how GRC teams should operate in a modern, engineering-driven world.

With a unique perspective from leading both security and GRC functions, Adam shares why today’s compliance efforts often miss the mark—and how we can fix that. From his hot takes on “a la carte” SOC 2 to building automation-first programs that actually reduce risk, Adam brings clarity, conviction, and practical wisdom to the mic.

Key Takeaways:

✅ Why SOC 2 should be customizable—and how that shift would improve both trust and transparency
✅ How GRC, security, and trust functions intersect (and where they often break down)
✅ The role of “vibe coding” and AI in enabling GRC engineering
✅ Real-world strategies for building a balanced, high-impact GRC team
✅ How to make a bulletproof business case for compliance automation using data (not just complaints)

Take Action:

→ Reflect on your own compliance program: Is it outcome-driven or check-the-box?
→ Re-evaluate how your GRC, security, and engineering teams collaborate
→ Share this episode with teammates who care about making compliance actually matter

👉 Follow Security & GRC Decoded for fresh insights on how to make your GRC program faster, smarter, and more resilient.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow. Discover how ComplianceCow helps teams move from reactive compliance to proactive control automation.

🚀 Liking the show? Leave a rating and review to help us grow and keep bringing you bold GRC conversations.

💬 Connect with Adam Brennick:
💼 LinkedIn: https://www.linkedin.com/in/adam-brennick-959352158/
🌐 Company: https://www.cockroachlabs.com/