This week, the crew sits down with Henry Stanley—founder of Fabrik and engineer-turned-GRC troublemaker-to dig into the messy reality of third-party risk management (TPRM). With experience across fintech, startups, and security consulting, Henry brings a pragmatic but optimistic view of how the industry can move forward.

From the limits of SOC 2 and the myth of standardization to the risks and rewards of AI-powered questionnaires, the group unpacks why TPRM is so fragmented—and why that’s not necessarily a bad thing. They also get real about AI in audits, the future role of assurance professionals, and why human connection still matters.

06:30 – Why TPRM Is Fragmented by Nature

09:00 – SOC 2 Isn’t Enough (And Never Was)

13:30 – Does Anyone Really Trust Audit Reports?

17:30 – Blacklists, Quality Checks & the SOC 2 Vibe Check

20:00 – The Rise of AI in Vendor Assessments

25:30 – AI Answers vs. AI Confidence

28:30 – Auditing the Auditors (and Their AI)

32:00 – Reasonable Assurance in an AI World

35:30 – Skepticism, Trust, and Human-in-the-Loop Auditing

38:00 – Does AI Kill Creativity? A Side Quest

44:00 – Will TPRM Be Agent-to-Agent in the Future?

Guest: Henry Stanley, Founder of Security Program.io

Hosts: Troy Fine, Kendra Cooley

Producer: Elliot Volkman

Runtime: ~56 minutes

Hosted on Acast. See acast.com/privacy for more information.