

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World
12 snips Jun 17, 2025
Santosh Bompally, Cloud Security Engineering Team Lead at Humana, shares his journey from a tech enthusiast to a security leader. He discusses transforming security exception management from a manual checkbox approach to an automated, continuously monitored system. Santosh emphasizes the importance of a solid security baseline and policy-as-code to enhance compliance in multi-cloud environments. He also highlights the complexities organizations face in maintaining rigorous security standards and the evolving role of automation in governance, risk, and compliance.
AI Snips
Chapters
Transcript
Episode notes
Santosh's Cybersecurity Journey
- Santosh was a youthful hacker keen on computers and networks, supported by his parents.
- His passion led him to study computer science and cybersecurity, gaining diverse roles in threat hunting, GRC, and risk management.
Exception Management Risks
- Exception management often is treated as a mere compliance checkbox without ongoing monitoring.
- This neglect expands the threat surface and risks security posture degradation over time.
Automate Multi-Cloud Policies
- Use cloud-native policies and policy-as-code across multi-cloud environments for consistent security enforcement.
- Automate exceptions with orchestration layers processing events from all platforms to scale and streamline.