login

Introducing GRC Engineering: A New Era of AWS Compliance
.ical
2025-06-30 , Room 2

Traditional cloud compliance often relies on manual, checklist-driven processes that struggle to keep pace with modern cloud infrastructure's complexity and agility. This session introduces GRC Engineering, a fresh, proactive approach that integrates Governance, Risk, and Compliance (GRC) principles directly into the AWS engineering lifecycle.

Attendees will explore how GRC Engineering leverages automation, infrastructure as code, and AWS-native tools to transform compliance from a reactive burden into a strategic asset. Real-world examples will demonstrate tactical methods for embedding compliance seamlessly into AWS environments, using services such as AWS Config, AWS Audit Manager, and automation frameworks.

Participants will walk away equipped with actionable insights and strategies for adopting GRC Engineering practices, streamlining compliance processes, reducing operational risk, and achieving continuous compliance in AWS environments.

The speaker’s profile picture
AJ Yawn

AJ Yawn is an experienced cybersecurity leader specializing in cloud compliance, governance, risk, and compliance (GRC) engineering, with nearly 15 years of experience. AJ currently serves as Director of GRC Engineering at Aquia, leading innovative approaches to compliance automation and cloud security. He previously founded ByteChek, a compliance automation startup focused on SOC 2 and HIPAA, achieving over $1M in annual recurring revenue. AJ also served as a partner at Armanino LLP, a top 20 CPA Firm, spearheading product innovation in compliance and audit automation.

As a dedicated educator, AJ instructs courses on cloud compliance and security automation for the SANS Institute and LinkedIn Learning, where he has educated over 125,000 professionals worldwide. AJ began his career as a U.S. Army Officer in the Signal Corps, earning the rank of Captain, and later grew the cloud compliance practice at Coalfire from a small team into a thriving practice. His professional mission remains focused on transforming compliance into an accessible, automated, and value-driven discipline.