Darryl Macleod

Let's be real. If you work in risk or compliance, your days probably involve spreadsheets, folders full of screenshots, chasing down evidence, and sitting through way too many status meetings. It's how most of us manage risk registers, audits, and policies. And while that might work for a while, it quickly becomes messy and exhausting, especially as your organization grows and expectations increase. At some point, someone will say, "We should automate this." The problem? Most of us didn't get into GRC to become engineers. We're great at managing policies, audits, and frameworks, but not everyone is comfortable with terms like "APIs" or "policy-as-code." It can feel like automation is only for developers, and the rest of us have to keep clicking through spreadsheets. This talk is here to change that. "From Risk to Real-Time: Automating GRC Without Losing Your Mind" is a beginner-friendly introduction to automating your GRC work. No coding experience is required. Whether you're a risk analyst, compliance lead, or internal auditor, this talk will help you understand what GRC automation actually looks like and how you can start small without feeling lost. You'll learn: What GRC automation really means in plain language Simple starter projects like checking if MFA is enabled or sending reminders in Slack Easy-to-use tools for non-developers like Python, YAML, Zapier, and GitHub Actions How to bring an automation mindset into your work without losing your risk focus You don't need to be technical to benefit from automation. You need a path to follow. This talk is based on real experience from someone who learned by doing. You'll leave with tips, examples, and realistic ways to bring automation into your work, one small step at a time. Whether you're just curious or ready to improve your day-to-day tasks, this session will show you how to move from manual chaos to real-time clarity — all while keeping your brain (and your spreadsheets) intact.