Ethan Troy
Principal @ Fortreum | Cloud Security Compliance and Automation
Orlando, Florida, United States
Actions
Ethan Troy is a Principal at Fortreum, where he bridges the gap between security compliance and engineering. He specializes in automating FedRAMP, NIST, and cloud-native controls across AWS, GCP, and Azure. Ethan’s work focuses on making audits less painful and compliance more scalable.
https://github.com/ethanolivertroy
Area of Expertise
Topics
GRC Engineering: Build Your Own Trust Center for Continuous Assurance
The traditional GRC model relies on "Point-in-Time" artifacts—static PDFs and annual audit reports that are obsolete the moment they are exported. In a cloud-native world, trust shouldn't have an expiration date.
This session dives into the discipline of GRC Engineering to show you how to Build Your Own Trust Center. We move beyond static documentation to explore how to build "Evidence Pipelines" that treat security claims as code. By pulling real-time signals from your infrastructure (IAM, encryption status, CI/CD gates), you can transform your security posture from a "snapshot" into a continuous stream of verifiable truth.
Attendees will learn:
The GRC Engineering Framework: Shifting from manual data collection to automated evidence pipelines.
Architecture of a Trust Center: How to map live technical signals to high-level compliance controls (SOC 2, ISO 27001, etc.).
Continuous vs. Point-in-Time: Methods for detecting "compliance drift" before your next audit cycle.
DIY Build Plan: A 90-day roadmap to move from static folders to a "Continuously True" trust model using your existing tech stack.
Attendees will leave with a practical blueprint for building a high-integrity Trust Center that reduces the "prove it" burden on engineering teams and provides a transparent, real-time view of business security impact.
GRC Engineering in the Cloud
A practical look at GRC Engineering through the lens of automation. Learn how to build and scale compliance checks across AWS, Azure, and GCP using open source tools, APIs, and scripting. Walk away with real examples you can use to modernize your cloud GRC workflows.
BSides Orlando 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top