Exploring the idea of a “control point” - why it matters, what makes it powerful, and how security startups can strategically position themselves around it.
Your point about GRC is sad but true: "GRC platforms also fall into this category, ... but their role is to defend against auditors rather than attackers."
The reality is that GRC is Compliance. The risk management function is performed just to meet the compliance check box.
However, risk management can be reimagined to support defending against attackers. Then we'll move from grC to gRc. I call it Risk-Informed Defense.
Good point- i'm focused on the Telemetry/Collection in by Services business (think Cribl and Splunk)- curious as to your thoughts on the Data Pipepline market and how you see these players (ex. Cribl) becoming more than a reduction in data ingest/storage solution.
Your point about GRC is sad but true: "GRC platforms also fall into this category, ... but their role is to defend against auditors rather than attackers."
The reality is that GRC is Compliance. The risk management function is performed just to meet the compliance check box.
However, risk management can be reimagined to support defending against attackers. Then we'll move from grC to gRc. I call it Risk-Informed Defense.
Good point- i'm focused on the Telemetry/Collection in by Services business (think Cribl and Splunk)- curious as to your thoughts on the Data Pipepline market and how you see these players (ex. Cribl) becoming more than a reduction in data ingest/storage solution.
PS- Loved your book, appreciate your work.
Great write-up all around!