Security & GRC Decoded
How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC). Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy. It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates. Security & GRC Decoded brings you: Actionable strategies, expert insights, and real-world stories to elevate your Security GRC programs. Each episode explores frameworks, risk management strategies, and innovations shaping the future of GRC – from practitioners in the trenches. Subscribe now to unlock the tools and knowledge you need to succeed!
Security & GRC Decoded
Cyber Economics and Keeping Up with Innovation ft Trupti Shiralkar (Cybersecurity Leader & Advisor)
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
What trade-offs are you willing to make in cybersecurity?
In this episode of Security & GRC Decoded, host Raj Krishnamurthy is joined by Trupti Shiralkar, a seasoned cybersecurity leader and Advisory Board Member at Backslash Security, to explore how risk, ROI, and real-world constraints shape modern security programs. With decades of experience across AppSec, security architecture, and risk governance, Trupti brings a rare blend of deep technical insight and strategic thinking.
They dive into cyber economics, AI-driven tooling, and why security storytelling may soon matter more than fear-based metrics. Whether you're a security veteran or just entering the space, this is a must-listen on staying relevant and effective in the age of automation.
5 Key Takeaways
- Cybersecurity is about trade-offs – No org can secure everything; knowing what to ignore is just as critical.
- LLMs can’t fully replace layered defense – Copilots help, but context and reachability still matter.
- ROI matters more than ever – Security teams must prove business value in language execs understand.
- Storytelling wins boardrooms – Fear, uncertainty, and doubt (FUD) is out. Framing risk with narrative is in.
- Reinvent or be replaced – AI won’t eliminate jobs—it’ll replace outdated versions of them.
What You’ll Learn
- How cyber economics helps frame decision-making
- The evolving role of LLMs and software composition tools in vulnerability management
- Why OWASP hasn’t solved insecure code after decades
- How to prioritize reachability over volume
- What developers and security pros should focus on to stay relevant
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: compliancecow.com
Connect With Our Guest:
Trupti Shiralkar | Advisory Board Member, Backslash Security
Connect on LinkedIn
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Timestamps (Approx)
[00:00] Intro
[02:47] Why cyber economics goes beyond traditional budgeting
[06:10] Introduction of grey swan events and the need for proactive innovation
[10:10] Aligning compliance and security using LLMs
[16:56] Reducing cognitive load in cybersecurity decision-making
[20:00] Budgeting for innovation: Lessons from Trupti’s past security leadership
[23:00] Difference between cyber economics and cyber risk quantification
[33:50] The misunderstood strategic role of GRC
[54:30] How meditation and mindfulness help navigate the security world
[57:15] Trupti’s final shout-outs to historic and modern tech inspirations
Raj Krishnamurthy (00:00.728)
Hey, hey, hey, welcome to Security and GRC Decoded. I'm your favorite host, Raj Krishnamurthy. And today we have an awesome multifaceted guest, Tripathi Sriralkar. Tripathi is a veteran in cybersecurity. She has 20 plus years starting from mobile gaming, going into penetration testing, to product security. And now she's advocating something super cool called cyber economics. We are here to talk about all of that. She's a painter at heart.
fantastic artistic person and she's also a certified meditation practitioner. Stripthi comes up with a very illustrious experience at companies like DocuSign, DataDog, Illumio and Amazon. Stripthi, welcome to the show.
Trupi Shiralkar (00:42.809)
Thank you so much. It's an honor and privilege to be part of this platform. I especially admire Compliance Cow because I think this is where the compliance meet innovations and through strong engineering practices, we can meet the growing needs of high-tech organization by providing them compliance through engineering effort. So thank you.
Raj Krishnamurthy (01:06.926)
I love it. I didn't make you say that just for the record, but I absolutely love what he just said. will be great. Fantastic.
Trupi Shiralkar (01:12.151)
Yeah, you know, the moment you told me Raj, you are a software engineer, you don't know much about security or compliance, that's when I realized like, probably sometime in life, you feel the pain when compliance team randomly reach out and you have to just produce the evidence that you have, you don't have. know, auditors can pull the certification, the company can suffer sales, business loss, right?
Somewhere that must be the pain point. That's why you still call yourself technologists at heart. So yeah.
Raj Krishnamurthy (01:43.886)
100%, 100%, you're totally right. And thank you very much. Thank you for the shout out.
Trupi Shiralkar (01:48.707)
Sure.
Raj Krishnamurthy (01:50.518)
Eric, can be back.
