In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Emma Lawler and AJ Yawn from Rippling to explore the evolving world of Governance, Risk, and Compliance (GRC) and why modern organizations need to rethink how they approach SOC 2 audits, security evidence, and compliance operations.

Emma and AJ share insights into how companies can move away from manual, checkbox-driven compliance processes and toward engineering-driven security programs powered by automation, transparency, and first-party data. Rather than treating GRC as a once-a-year project, the conversation focuses on building systems that continuously improve security posture while reducing friction between companies, auditors, and operational teams.

The discussion dives into why automation should not be confused with reduced rigor, the importance of maintaining auditor independence, and how organizations can shift compliance “to the left” by embedding security into operational workflows instead of treating it as a final hurdle.

Valentina, Emma, and AJ also explore the cultural side of compliance, including why findings should be viewed as actionable signals for improvement rather than blame, and how organizations can design systems where compliance efforts compound over time instead of restarting from scratch every audit cycle.

Key topics covered:

• Why SOC 2 is more than a compliance checkbox
• Engineering compliance instead of documenting compliance
• The role of automation and first-party data in modern GRC
• Why auditor independence still matters
• Shifting security and compliance earlier into operational workflows
• Treating GRC as a continuous product instead of a yearly project
• Building scalable systems that reduce long-term audit fatigue
• Turning security findings into opportunities for improvement

Who should listen:
This episode is ideal for security leaders, compliance professionals, auditors, startup founders, IT teams, and anyone looking to build more sustainable and scalable security and compliance programs.

About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Red Sentry: https://redsentry.com/
🔗 Learn more about Rippling: https://www.rippling.com/

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores, CEO of Red Sentry, sits down with Brianna Martinson, Director of Engineering at Tepia, to explore what it truly means to build secure, resilient systems around humans — not in spite of them.

Brianna shares how her background as a longtime developer shapes Tepia’s people-first engineering philosophy. Rather than treating software as isolated features, Tepia partners with clients to understand entire system flows, user behavior, and business constraints — especially when working with complex or legacy environments.

The conversation dives into why “user error” is often a design failure, how discovery and design should be just as rigorous as development, and why tiny usability decisions can make or break adoption and security outcomes. Brianna and Valentina also discuss holistic system thinking, DevOps principles, microservice architecture, and the emotional realities teams face when legacy tech becomes a liability.

The episode closes with a candid discussion on why leaning into discomfort — even when it risks short-term losses — leads to stronger trust, better systems, and more meaningful impact.

Key topics covered:

• Why human-centered design improves security outcomes
• The hidden risks of blaming users instead of systems
• Designing intuitive systems that people actually use
• Navigating legacy code, technical debt, and hard rebuild decisions
• Holistic engineering, DevOps, and microservice architecture
• Why doing things “the right way” builds long-term trust over short-term profit

Who should listen:
This episode is ideal for engineering leaders, security professionals, product teams, founders, and anyone building or securing complex systems where humans, technology, and business intersect.

About Ctrl-Alt-Secure
Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Tepia: https://tepia.co/
🔗 Contact Red Sentry

Find more about Red Sentry.

In this episode of Ctrl-Alt-Secure, Valentina Flores sits down with Timothy Shields, Partner at Kelley Kronenberg, to unpack what data privacy law really looks like when it meets real-world technology, security, and business constraints.

Timothy brings a rare perspective to privacy law, having started his career as a software developer and academic before becoming a tech and data privacy attorney. That technical background shapes how he advises companies today—moving away from unrealistic “zero-risk” thinking and toward practical, defensible decision-making.

The conversation explores where organizations most often misunderstand data privacy requirements, why documentation and intent matter as much as tools, and how companies can reduce legal exposure before something goes wrong. Valentina and Timothy also discuss breach response, AI-related legal risk, and why small companies are just as exposed as large enterprises.

Key topics covered in this data privacy episode:

• Why legal risk in tech is rarely “zero risk” — and why that mindset fails
• How a technical background changes the way privacy law is applied in practice
• Common privacy blind spots engineers and executives overlook
• The biggest legal mistakes companies make after a breach
• Why proactive security testing and planning matter more than perfection
• The critical role of documentation when regulators or courts get involved
• Why not doing what you said you would do creates more liability than getting breached
• Where AI liability is headed and what companies should be doing now
• Why “we’re too small to be a target” is one of the most dangerous privacy myths

Who should listen?

This episode is essential for founders, executives, legal teams, engineers, security leaders, and anyone responsible for handling customer data, building software, or managing cyber risk. If your company collects, processes, or stores data—or is experimenting with AI—this conversation offers practical guidance you can actually act on.

About Ctrl-Alt-Secure

Ctrl-Alt-Secure is brought to you by Red Sentry, a human-led, tech-powered penetration testing firm helping companies identify and fix vulnerabilities before attackers can exploit them.

🔗 Learn more about Kelly Kronenberg: https://www.kelleykronenberg.com/
🔗 Contact Red Sentry

Find more about Red Sentry.