Skip to content
CTRLPhreaks » Captivate Podcasts » Developer Productivity Engineering (DPE), Audit, and GRC with Justin Reock

Developer Productivity Engineering (DPE), Audit, and GRC with Justin Reock

Clarissa Lucas and Bill Bensing interview Justin Reock about Developer Productivity Engineering (DPE) and its role in auditing and governance. They discuss the importance of measuring engineering productivity, observing the value stream, and identifying bottlenecks and impediments to productivity. They also explore the concept of proactive risk management and the need for partnership between developers and auditors. The conversation highlights the challenges of breaking silos and the potential for DPE to reduce developer toil and improve overall software quality. They conclude by reframing auditing as a way to fight cyber criminals and protect against exploitation. The conversation explores the intersection of auditing, governance, risk, and compliance (GRC) with the tech industry. It highlights the need for empathy, partnership, and bridging the gap between developers and auditors. The toxic mentality in the tech industry is also discussed.

Follow Justin:

  • LinkedIn –
  • X (Twitter) –


  • Developer Productivity Engineering (DPE) focuses on measuring engineering productivity and addressing pain points in the software development process.
  • DPE involves observing the value stream, identifying bottlenecks, and applying technology solutions to improve developer productivity.
  • Proactive risk management is an important aspect of DPE, allowing organizations to prevent issues before they become problems.
  • Partnership between developers and auditors is crucial for effective DPE, breaking down silos and leveraging each other’s expertise.
  • Reframing auditing as fighting cyber criminals can help developers see the value of auditing and governance in protecting against exploitation. There are commonalities and opportunities for collaboration between the auditing/GRC and tech industries.
  • Empathy, vulnerability, and partnership are essential for effective auditing and GRC.
  • Developers can bridge the gap with auditors by framing conversations as part of a fuller responsibility and recognizing the limitations of software solutions.
  • The tech industry should overcome the toxic mentality of thinking they can solve every problem and instead embrace teamwork and collaboration.


  • 00:00 Introduction and Overview
  • 01:16 Developer Productivity Engineering (DPE)
  • 03:23 Developer Productivity Engineering (DPE) and Governance and the Value Stream
  • 04:49 The Importance of the Build System
  • 05:42 Developer Productivity Engineering (DPE) and Governance
  • 07:49 Proactive Risk Management
  • 09:03 Partnership between Developers and Auditors
  • 09:56 The Role of Auditors in Developer Productivity Engineering (DPE)
  • 11:29 The Challenge of Breaking Silos
  • 21:53 The Divide between Developers and Other Departments
  • 27:59 Reducing the Negative Side Effects of Unrestricted Development
  • 28:24 The Role of Automation in Auditing
  • 31:24 Reducing Developer Toil through Developer Productivity Engineering (DPE)
  • 34:09 Partnership and Breaking Down Silos
  • 39:07 Reframing Auditing as Fighting Cyber Criminals
  • 40:58 Exploring the Complexity of Auditing and Governance, Risk, and Compliance (GRC)
  • 42:16 Empathy and Partnership in Auditing and  Governance, Risk, and Compliance (GRC)
  • 43:11 Bridging the Gap between Developers and Auditors
  • 43:40 Overcoming the Toxic Mentality in the Tech Industry
  • 44:40 Outro & Follow Justin

Leave a Reply

Your email address will not be published. Required fields are marked *