In just a few weeks, I’ll be in London for Gameday Ready — an immersive event designed to test how we think, decide, and adapt when the unexpected unfolds. It’s not a… Continue reading Gamification of Risk: The Art of Role-Playing in a Complex Risk World

Shields up! Red alert! On the bridge of the Enterprise, when an unknown anomaly threatens the ship, the crew does not panic — they orchestrate. Helm adjusts course, engineering reroutes… Continue reading GPRC for Operational Resilience: Navigating NIS2 and EU CER: The Expanding Mission of Resilience

When I stepped onto the keynote stage in Miami at Riskonnect Konnect 2025, it felt less like a ballroom and more like a bridge. The room hummed the way a… Continue reading CAPTAIN’S LOG: Choose Your Own Risk Adventure

Technology does not give you good risk management. Strategy does. Risk is everywhere—and that’s not a problem. As I say on the Risk Is Our Business podcast, the organization that is not taking… Continue reading If I Were a CRO: The Risk Platform I Would Demand (Through the Lens of an Analyst)

The Enterprise Bridge for Digital Trust in the European Union On the bridge of a starship, everything is connected. Navigation depends on sensors, sensors depend on power, power depends on… Continue reading GPRC for Operational Resilience: Delivering on DORA

This week I’m back in the United Kingdom—wall-to-wall engagements, packed rooms, and board-level urgency. Two themes are dominating every corridor conversation and every executive session: They’re not separate stories. They’re… Continue reading Not Your Father’s Information Security Program: Digital Risk & Resilience by Design

The week began with two very different conversations that echoed the same theme. One was with a major U.S. healthcare organization grappling with how to stay ahead of regulatory change.… Continue reading Policy Management and RegTech: Orchestrating Governance in an Age of Regulatory Uncertainty

Policies are more than documents on a shelf. They are the DNA of organizational integrity, the framework that defines culture, directs behavior, and provides accountability in times of scrutiny. When… Continue reading Policy Management by Design: From Chaos to Culture

Inevitability of Failure: the Digital EcoSystem of Business Every organization today is defined by the digital fabric and architecture in which its operations relies upon. This fabric is sprawling, complex,… Continue reading Digital Risk and Resilience: Orchestrating for Digital Trust

There comes a point in every organization’s journey when it must choose whether it is going to lead or follow — whether it will proactively shape its future or continually… Continue reading Why GRC is NOW or Never For Aspirational Organizations

Command and Control on the Bridge of the Enterprise with GRC 7.0 – GRC Orchestrate “Captain, sensors are detecting increased fluctuations in the warp field. I recommend we adjust our… Continue reading GPRC for Third-Party and Supply Chain Risk Management

Featuring my collected insights combined with thoughts from the most recent Risk Is Our Business Podcast with Ayoub Fandi, Security Assurance Automation Team Lead at GitLab and founder of the… Continue reading GRC Engineering: From After-the-Fact Verification to Engineered Assurance