
Why Compliance Isn’t Governance & How GovOps Rebuilds Trust Boundaries – Mike Schwartz
From The Security Repo by Mackenzie Jackson & Dwayne McDaniel
March 11, 2026 · 38 min
About this episode
Dwayne McDaniel interviews Mike Schwartz about the differences between compliance and governance, and the role of GovOps in modern security practices.
Why Compliance Isn’t Governance & How GovOps Rebuilds Trust Boundaries – Mike Schwartz In this episode of the Security Repo Podcast, Dwayne sits down with Mike Schwartz (CEO & founder of Gluu) to unpack GovOps as “next-gen governance” built to be declarative, provable, and continuous. They dig into why compliance ≠ governance, how formal reasoning can help prove policy outcomes, and why modern governance needs to shift from periodic audits to real-time visibility. The conversation closes with the collision of agentic AI + identity, the need for better software identity and token trust, and how this moment might finally unlock board-level investment in security. Links from the show: https://www.linkedin.com/in/nynymike/ GovOps Working Group on LinkedIn https://www.linkedin.com/groups/17478011/ https://gluufederation.medium.com/govops-manifesto-33eb7cb01ed3 Identerati Office Hours https://gluu.org/identerati-office-hours-episodes/ The Janssen Project https://docs.jans.io/stable/ https://www.cncf.io/projects/oscal-compass/ https://gemara.openssf.org/ Mike Schwartz is the Founder/CEO of Gluu, and leads the Linux Foundation Janssen Project. He is the co-author of the book…
People in this episode
Host: Dwayne McDaniel
Guest: Mike Schwartz
Topics covered
- GovOps
- compliance
- governance
- real-time visibility
- digital identity
- security
Keywords
- GovOps
- compliance
- governance
- real-time visibility
- digital identity
- security investment
- agentic AI
- policy outcomes
Mentioned in this episode
Organizations: Gluu, Linux Foundation, Identerati, Janssen Project, CNCF, OSCAL Compass, Gemara
Books & works: Securing the Perimeter
More episodes of The Security Repo
- AI, Automation, & Humans' Role In Security: A View From Rsac 2026 With Jeff Man and Dwayne McDaniel · April 1, 2026 · 43 min
- Avoiding Operational Chaos While Defending A Credit Union With Data Classification - John Wallace · March 25, 2026 · 20 min
- OIDC And IAP In Production: Scaling Startup Security For Deepfake Defense - Talia Smiley · March 18, 2026 · 20 min
- The PCI Ultimatum -Thrift Store OSINT, and "Lost Media" with Dwayne Edwards and Mike Radigan · March 17, 2026 · 22 min
- From Annual Checkbox To Continuous SDLC Testing: Operationalizing AI Pentests - Andy Dennis of XBow · March 13, 2026 · 20 min
- Building AI Solutions with a Security-First Mindset: Frameworks and Lessons with Henry Odibi · February 11, 2026 · 19 min
Explore listener stats, chart rankings, contacts and more on the The Security Repo podcast page.