Skip to content
The TPRM Podcast
2 min read Episodes

Ep. 10 —Agentic GRC, SOC 2, and Why Data Beats Compliance with Jake Bernardes

Jake Bernardes, CISO at Anecdotes, joins the TPRM Podcast to break down agentic GRC, the real limitations of SOC 2, and why security programs built on real data, not checklists, are the future of third-party risk and compliance.

Ep. 10 —Agentic GRC, SOC 2, and Why Data Beats Compliance with Jake Bernardes

In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee talks with Jake Bernardes, Chief Information Security Officer at Anecdotes and former CISO at Whistic, known for his candid, data-first approach to GRC and third-party risk.

Jake brings deep experience across GRC, TPRM, and security leadership, and is an outspoken voice on why traditional compliance frameworks like SOC 2 have become procurement shortcuts rather than meaningful security signals. He shares a pragmatic view on what is broken in modern GRC and what it will take to fix it.

They explore what agentic GRC actually means beyond the marketing hype, why data quality and completeness are foundational for AI-driven security workflows, and how treating GRC as an engineering problem can fundamentally change how risk is assessed. The conversation also covers trust centers, machine-readable evidence, the future of audits and certifications, and how real security data could replace checkbox-based assessments.

Jake also shares direct career advice for security and GRC professionals, including why networking matters more than certifications, what it really means to be an effective CISO, and why security leaders should be driving business outcomes rather than positioning themselves as cost centers.

This episode is packed with insight for CISOs, security leaders, GRC and TPRM practitioners, and anyone thinking seriously about the future of compliance, trust, and risk.

Listen and Subscribe
- Spotify → https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=bf17a655fc0049f9
- Apple Podcasts → https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699
- YouTube → @TPRMPodcast

About the Guest
Jake Bernardes is the Chief Information Security Officer at Anecdotes and former CISO at Whistic. He has extensive experience leading GRC, TPRM, and security programs and is a strong advocate for transparency, data-driven risk assessment, and treating GRC as an engineering discipline.

About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai, helping SaaS companies build business-aligned security programs that increase developer velocity, strengthen trust, and support rapid growth.

About the Show
The TPRM Podcast explores real-world conversations with security leaders reshaping how we think about risk, uncovering the threats, pitfalls, and myths behind today’s cybersecurity challenges.

Nate’s LinkedIn → /natetrustmind
TPRM Podcast LinkedIn → /tprm-podcast
Website → https://tprmpodcast.com
Instagram → @TPRMPodcast
TikTok → @tprmpodcast

Share Share Share Share Share Email

Read next

Ep. 9 — Security Without Waste with Ross Young (Former CISO: Capital One, Caterpillar Financial)

Ep. 11 —The Real Risk of AI: Moving Too Fast or Too Slow? | Jacob DePriest, CISO 1Password