David Pahlman - Compliance As Code episode artwork

EPISODE · Mar 10, 2026 · 10 MIN

David Pahlman - Compliance As Code

from We Make Sure · host David Pahlman and Robert Parker

Compliance as Code vs Real Compliance | HIPAA, ISO 27001, and NIST 800-53 ExplainedEveryone is talking about Compliance as Code—automating controls, enforcing policies in CI/CD, and letting tools monitor security posture in real time. But can automation really handle the full scope of compliance frameworks like HIPAA, ISO 27001, and NIST 800-53?In this episode of the We Make Sure Podcast, David Pahlman breaks down where Compliance as Code works incredibly well—and where it falls short.You’ll learn why automation can enforce technical controls, but frameworks like HIPAA and ISO demand something deeper: governance, leadership involvement, risk-based decisions, and documented intent.If you're a CISO, security leader, compliance professional, or executive, this episode will help you understand how to balance automation with real-world compliance strategy.In this episode we discuss:• What Compliance as Code actually is• Where automation strengthens security programs• Why HIPAA compliance is mostly administrative• Why ISO 27001 requires intentional governance• The limits of automation in NIST 800-53• The difference between proving a control exists and proving why it existsCompliance as Code is powerful—but real compliance still requires people, judgment, and leadership.Subscribe for more conversations on:Cybersecurity • Governance • Risk Management • Compliance • LeadershipAbout the We Make Sure PodcastThe We Make Sure Podcast explores the intersection of cybersecurity, governance, risk management, and leadership. Each episode breaks down complex security and compliance topics into practical insights that executives and security professionals can actually use.If you work in security, compliance, healthcare technology, or executive leadership, this channel is built for you.#CyberSecurity #Compliance #ISO27001 #HIPAA #NIST #GRC #DevSecOps #InformationSecurity #WeMakeSure

Compliance as Code vs Real Compliance | HIPAA, ISO 27001, and NIST 800-53 ExplainedEveryone is talking about Compliance as Code—automating controls, enforcing policies in CI/CD, and letting tools monitor security posture in real time. But can automation really handle the full scope of compliance frameworks like HIPAA, ISO 27001, and NIST 800-53?In this episode of the We Make Sure Podcast, David Pahlman breaks down where Compliance as Code works incredibly well—and where it falls short.You’ll learn why automation can enforce technical controls, but frameworks like HIPAA and ISO demand something deeper: governance, leadership involvement, risk-based decisions, and documented intent.If you're a CISO, security leader, compliance professional, or executive, this episode will help you understand how to balance automation with real-world compliance strategy.In this episode we discuss:• What Compliance as Code actually is• Where automation strengthens security programs• Why HIPAA compliance is mostly administrative• Why ISO 27001 requires intentional governance• The limits of automation in NIST 800-53• The difference between proving a control exists and proving why it existsCompliance as Code is powerful—but real compliance still requires people, judgment, and leadership.Subscribe for more conversations on:Cybersecurity • Governance • Risk Management • Compliance • LeadershipAbout the We Make Sure PodcastThe We Make Sure Podcast explores the intersection of cybersecurity, governance, risk management, and leadership. Each episode breaks down complex security and compliance topics into practical insights that executives and security professionals can actually use.If you work in security, compliance, healthcare technology, or executive leadership, this channel is built for you.#CyberSecurity #Compliance #ISO27001 #HIPAA #NIST #GRC #DevSecOps #InformationSecurity #WeMakeSure

NOW PLAYING

David Pahlman - Compliance As Code

0:00 10:49

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of We Make Sure?

This episode is 10 minutes long.

When was this We Make Sure episode published?

This episode was published on March 10, 2026.

What is this episode about?

Compliance as Code vs Real Compliance | HIPAA, ISO 27001, and NIST 800-53 ExplainedEveryone is talking about Compliance as Code—automating controls, enforcing policies in CI/CD, and letting tools monitor security posture in real time. But can...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this We Make Sure episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!