Let us tell you about the time an auditor absolutely destroyed us.

"Show me your access logs." Three systems, none talking to each other.

"Prove this deployment was approved." We Slacked around for 20 minutes while they watched.

"What happened at 2 AM last Tuesday?" No idea.

They gave us a second chance.

After two weeks digging through logs like archaeologists, we fixed it. Not with some expensive GRC platform..with ArgoCD and Falco, two CNCF Graduated projects. We wrote rules that tag detections to NIS2, DORA, SOC2. We made Git our audit trail. We built workflows that captured evidence before anyone asked.

Next time the auditor showed up, they were slightly wowed. Most questions they asked, the system had already answered.

This talk is that story: the disaster, the fix, and a live demo where I break things on purpose so you can watch continuous compliance in action. You'll leave with working code, compliance-mapped Falco rules, and an architecture that worked for us.