If I ever went back into the startup world, it wasn’t going to be just for another GRC tool.
It was going to be for the company that’s actually building what I’ve been talking about for years, where GRC finally moves beyond checkboxes and into the same lane as security and engineering.
That company is Compyl.
People First
Before I talk about the product, I need to talk about the people.
I’ve been on every side of this industry: as a founder, a partner in a CPA firm, a SOC 2 auditor, and, most recently, leading GRC Engineering for one of the largest professional services firms supporting the federal government. I’ve seen the good, the bad, and the checkbox compliance that makes our industry feel broken.
So when I decided to even consider joining another company, the first question I asked myself was simple: Do I believe in the people behind it?
From my first conversation with Stas, to working with Dan and the rest of the team, I knew immediately this was different. The energy, the humility, the willingness to dig in and solve problems together, it felt like family. This wasn’t a corporate culture hiding behind buzzwords. These were people I could be in the trenches with, who genuinely want to move the industry forward.
That matters to me. Because culture isn’t built on free lunches or perks, it’s built on shared values, and Compyl’s team lives them every day.
Then, the Product
Here’s the truth: I had options. Real options.
After years of success building the GRC Engineering movement, I could have gone anywhere. You can look at the comments under my posts. A lot of the big names were shooting their shot.
But when I saw Compyl, I didn’t just see another platform. I saw GRC Engineering in action.
This is the first platform where I’ve seen real engineering workflows for GRC. Not marketing slides. Not “trust us” demos. Actual workflows that let GRC professionals automate, customize, and continuously improve.
It aligns directly with how I believe GRC should be done. Connected to real data, integrated into the way teams already work, and built for people who care about doing it the right way.
The Role
I’ve joined Compyl as the VP of GRC Engineering and Product Evangelist, a role that sits right at the intersection of product, sales, marketing, and operations.
It combines all my loves into one position: building meaningful products, telling powerful stories, enabling teams to sell with confidence, and connecting the dots across the business.
It also gives me the chance to continue accelerating the profession I’ve been building—GRC Engineering—by bringing the concepts I’ve been teaching for years into a real platform that embodies them.
This isn’t theory anymore. This is where ideas turn into execution.
Why Now
I’ve spent years teaching and advocating for GRC Engineering. I’ve built labs, written a book, and helped hundreds of professionals evolve from checkbox compliance to real security-driven GRC.
So if I was going to join another startup, it had to be a place that shared that same vision.
Compyl isn’t just aligned with that vision. It’s living it.
The combination of great people and a great product doesn’t happen often in this industry. When it does, you don’t watch from the sidelines. You join the team and help build the future.
What’s Next?
This is just the beginning.
We’re about to launch something called Evidence Studio, which will change the way GRC teams collect and manage evidence forever. It’s built on the same principles of GRC Engineering that brought me here.
But I’ll save that story for later this week.
For now, I’ll leave you with this: I joined Compyl because I believe in the people and I believe in the product. And when those two things align, everything else takes care of itself.
