Information Security Leaders: Henry Stanley - Fabrik
This week on our Infosec leaders series, George and Michael interviewed Henry Stanley , the Co-Founder and CPO of Fabrik (thetrustfabrik.com). Check out the video below or read on for the highlights.
SOC 2: A "Joke" or a Necessary Standard?
The conversation kicked off with a reference to a viral LinkedIn post questioning the legitimacy of SOC 2. While some dismiss it as an unnecessary burden, others see it as a crucial benchmark for security controls. Henry acknowledged both sides of the debate, emphasizing that while SOC 2 is often treated as a checkbox exercise, it remains a widely accepted and valuable standard—if done right.
SOC 2 was designed to ensure companies maintain strong security practices, but Henry pointed out how market pressures have led to commoditization, reducing its effectiveness in some cases. He stressed the importance of moving beyond a simplistic "SOC 2 badge" mentality and focusing on actual security outcomes, transparency, and deeper conversations about risk management.
The Role of AI and Automation in Compliance
The discussion then turned to how AI and automation are reshaping compliance. Traditionally, compliance has been a manual, point-in-time process, but advancements in automation are enabling real-time control verification and continuous assurance. Henry and George debated whether rigid frameworks like SOC 2 could eventually be replaced by AI-driven, dynamic compliance solutions that provide real-time insights.
Henry argued that while AI offers immense potential for improving compliance efficiency, organizations shouldn't abandon frameworks entirely. Compliance frameworks provide a structured approach to security and risk management, especially for companies just beginning their compliance journey. However, he sees a future where automation plays a larger role in reducing friction and increasing trust between enterprises and vendors.
Bridging the Gap Between Large Enterprises and Startups
One of the biggest challenges in compliance is the disconnect between large enterprise buyers and smaller vendors. Large organizations often demand stringent compliance requirements, while startups and SMBs struggle to meet them due to limited resources. George highlighted the complexities of this dynamic, particularly in SaaS environments where vendors often juggle multiple security expectations.
Henry proposed that automation and improved compliance connectivity could ease these burdens. He envisions a future where compliance questionnaires can be answered autonomously and accurately through AI-driven solutions, allowing vendors to efficiently demonstrate security posture without excessive manual effort.
Market-Driven Change vs. Regulatory Intervention
Regulation plays a role in shaping compliance expectations, but Henry argued that market forces—specifically, the expectations of large enterprises—are often a more significant driver of change. When influential organizations demand better security transparency and higher standards, vendors have no choice but to comply.
Michael Eggerling emphasized that as supply chain security and vendor risk management become increasingly complex, enterprises need to push for stronger assurances. This means moving beyond static reports and embracing real-time compliance evidence to ensure security controls are truly effective.
Fabrik’s Vision: Enabling Real-Time Trust
Fabrik is at the forefront of transforming compliance from a burdensome necessity into a seamless, integrated process. Henry described Fabrik’s mission to facilitate real-time trust through data connectivity, allowing enterprises to verify security controls dynamically rather than relying solely on periodic audits.
By leveraging automation, AI, and real-time data exchange, Fabrik aims to create a future where security and compliance are continuously validated, reducing risk and enhancing trust across industries.
For those interested in exploring Fabrik’s approach to modernizing compliance, visit?trustFabrik.com?and connect with Henry on LinkedIn at "henry makes things."