The Hitchhiker’s Guide to the GRC Technology Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Anders Søborg, co-founder and co-CEO of E-V-E AI, in an unusual setting at the Glyptoteket Museum in Copenhagen. Surrounded by a space that blends art, architecture, and atmosphere into a single experience, the conversation begins with a simple idea. Context changes how you see everything. It turns out that same idea applies to GRC, where meaning is often buried in documents, dashboards, and disconnected processes. From there, Anders explains what E-V-E AI is and why it approaches compliance differently. Instead of layering automation onto existing workflows, E-V-E is built to analyze evidence directly. It maps controls, identifies gaps, and produces audit-ready outputs without the usual friction. The goal is not just speed but clarity. They then discuss the role of agentic AI, where it is already delivering value and where it may take GRC in the near future. The conversation also explores how organizations should think about value across four dimensions. Efficiency, effectiveness, resilience, and agility. Not just cost savings. The episode closes with a look ahead to 2030 and how platforms like E-V-E AI may reshape compliance into something more continuous and embedded in how organizations actually operate. In a galaxy full of rules and reports, this conversation lands on something simpler. When you understand the context, the rest starts to make sense.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Adil Khan, CEO of SafePaaS, to explore what governance looks like when the enterprise is no longer neatly contained. They begin with the story of SafePaaS, including where it came from, what it set out to solve, and why it has taken a different path from many other GRC platforms. At its core, SafePaaS focuses on one of the most immediate and material risks organizations face today: cybersecurity risk, and how controls around identity, transactions, and access can be continuously governed rather than periodically checked. The conversation moves into real-world use cases, from IT general controls and segregation of duties to continuous monitoring across complex ERP and cloud environments. Along the way, Adil explains how SafePaaS delivers not just compliance, but efficiency, effectiveness, resilience, and agility and why those outcomes matter more than features alone. They also explore how SafePaaS is approaching AI and where it’s being applied today, what’s practical versus speculative, and how automation is reshaping control environments. Finally, they look ahead to 2030 and what governance may need to become as enterprises grow more distributed, systems more autonomous, and risk more dynamic. In a universe where complexity tends to expand faster than control, staying “under control” may require rethinking how control itself is designed.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Anthony Habayeb, co-founder and CEO of Monitaur, for a conversation that begins with mythology and quickly finds its way into the realities of governing artificial intelligence. Anthony explains the origin of the name Monitaur, and why the image of navigating a labyrinth isn’t such a bad metaphor for the world organizations now face as they deploy AI systems. From there, the discussion moves into what AI governance actually looks like in practice, and why too many organizations still think of GRC as little more than a compliance exercise. Michael and Anthony explore a broader idea—governance, risk, and compliance shouldn’t be episodic or checkbox-driven. In an AI-enabled world, it has to become a continuous, orchestrated system that connects risk, controls, performance, and business objectives. Along the way, Anthony shares advice for organizations just beginning their AI governance journey, explains how companies can measure the value of a platform like Monitaur through real operational outcomes, and offers examples of how customers are already putting these ideas into practice. The episode wraps with a look ahead to where AI governance may be headed by 2030, and how organizations can prepare for a future where AI systems are no longer experiments, but part of everyday decision-making. Because in a galaxy full of models, algorithms, and acronyms, governing AI responsibly may turn out to be the most important journey of all.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Stas Bojoukha, founder and CEO of Compyl, to explore a different way of thinking about governance, risk, and compliance. The conversation begins with what makes Compyl stand out in a crowded market and the kinds of real-world use cases organizations rely on it to solve today. From there, Michael and Stas dive into the idea of GRC Engineering and what it actually means, who it’s for, and why it extends far beyond the IT security function. Along the way, they unpack a bigger shift happening in the industry. If the role of “information security” alone is no longer enough, what comes next? Michael makes the case that the CISO role is evolving toward something broader, a digital risk and resilience leader responsible for delivering digital trust—a concept that closely aligns with how Compyl approaches GRC. They also tackle AI, one of the most discussed and misunderstood topics in the market. The discussion separates real, practical applications of agentic AI in GRC from the marketing smoke and mirrors surrounding it, highlighting where Compyl sees genuine value today and where the industry still has work to do. The episode closes with some of Compyl’s most challenging use cases and a look toward the future, and discuss how the platform may evolve by 2030 as organizations continue to rethink how they manage risk, resilience, and trust in an increasingly digital world. In a galaxy full of frameworks, acronyms, and automation promises, this conversation focuses on building GRC systems that actually work.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen explores a familiar but evolving constellation in the GRC universe: Mitratech. Long associated with what Michael calls “Legal GRC,” Mitratech has steadily expanded its orbit, moving from legal operations into enterprise-wide risk, compliance, and HR governance. The conversation examines what separates Mitratech in a market filled with specialists and generalists alike: not just breadth, but a deliberate effort to connect disciplines that are too often treated as separate planets. They unpack how Mitratech balances its deep legal roots with enterprise GRC capabilities, how HR has become an essential governance frontier, and how integration, rather than replacement, shapes its strategy. AI enters the discussion as well. What’s real today, what’s emerging tomorrow, and how Mitratech is positioning itself for the next phase of intelligent automation. Finally, they look ahead to 2030. What does the GRC galaxy look like then? What will organizations expect from platforms that span legal, risk, and people operations? And how does a company evolve without losing its gravitational center? In a universe of accelerating regulation and complexity, this episode considers what it takes not just to expand but to expand wisely.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen speaks with David Fisher, President of TDI Solutions, about something that often gets lost in the noise of modern GRC—Intelligence. They begin by exploring what makes TDI Solutions different in a crowded landscape. While many platforms lead with automation and AI, TDI starts with intelligence (human expertise, investigative depth, geopolitical awareness, and regulatory context) and then uses AI to enhance, scale, and accelerate that foundation. The conversation dives into TDI’s due diligence capabilities, what distinguishes their approach, and how intelligence-led analysis improves executive decision-making across jurisdictions and value chains. From there, they unpack how TDI’s technology platforms, including third-party monitoring and regulatory navigation, are built to support and operationalize that intelligence, not replace it. They also discuss why clients typically engage TDI, the caliber of analysts behind the work, and how the firm balances SaaS scalability with advisory depth. The episode closes with a look ahead at how TDI sees its intelligence-driven model evolving over the next several years. In a galaxy increasingly powered by algorithms, AI may be fast but intelligence still comes first.

In this episode, field researcher and galactic GRC hitchhiker for the Guide, Michael Rasmussen, talks with Aadesh Gawde, Founder and CEO of Optimas.ai, about a different way of thinking about GRC—not as workflows to manage, but as systems to engineer. The conversation begins with Aadesh’s analogy of Optimas as a Jarvis-like concierge for cybersecurity and resilience, a way of describing how the platform supports executive decision-making by continuously working in the background. From there, he explains why Optimas positions itself as both a GRC engineering platform and a GRC data platform, and why that distinction matters in a landscape crowded with tools built primarily to automate tasks and workflows. They discuss Optimas’ deterministic approach to understanding exposure, how that differs from probabilistic risk models, and why Optimas doesn’t see itself as a replacement for traditional GRC platforms. Instead, it’s designed to sit alongside them, answering a different class of questions about exposure, readiness, and confidence as conditions change. Along the way, they unpack what makes Optimas distinct, the kinds of use cases it’s solving today, and how Aadesh sees the platform evolving over the next few years. It’s a conversation very much in the spirit of the Guide itself, curious and quietly confident that some of the hardest problems become easier once you stop panicking and start thinking like an engineer.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Michael Campbell, Chief Executive Officer of Fusion Risk Management, to make sense of a GRC universe that has expanded to well over a thousand solutions (many trying to be everything, and a few choosing to be very precise). Michael shares his journey to Fusion and how decades of leading technology companies through growth and transformation shaped his view of risk, scale, and operational reality. From there, the conversation widens to the modern GRC landscape: why it has become so fragmented, why focus matters, and why Fusion has deliberately centered its strategy on resilience rather than generic compliance or catch-all risk tooling. They unpack what resilience really means today, far beyond business continuity plans and disaster recovery binders, spanning operational, cyber, organizational, and decision resilience. They also explore where risk and resilience overlap, where they diverge, and why confusing the two often leaves organizations exposed at the worst possible moment. Michael and Michael discuss what truly sets Fusion apart, how customers are pushing the platform in increasingly sophisticated ways, and what’s coming next as resilience becomes a board-level priority rather than a back-office function. In a galaxy crowded with tools, frameworks, and noise, this episode offers a simple piece of guidance straight from the Guide itself: Don’t Panic

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andreas Schmitz, whose journey through the risk universe began not in a product roadmap, but deep in the practitioner trenches and eventually led him to CRISAM. They explore what happens when someone who has actually lived with risk frameworks, audits, and regulatory pressure falls in love with a GRC platform because it finally makes sense. The conversation digs into why usability is not a “nice to have” in risk management, especially in environments like Germany, where standards such as IDW PS 340 set some of the most rigorous expectations in the world. Michael and Andreas discuss what sets CRISAM apart, why organizations across industries and of all sizes choose it, and how the platform has expanded from Germany into the broader DACH region and across Europe. They unpack who typically uses CRISAM (from risk managers and compliance teams to IT, security, and audit) and why a single, method-based system matters when requirements keep multiplying. The episode also looks ahead to what’s coming next and how CRISAM is thinking about agentic AI, digital twins, and the future evolution of risk management without losing its practitioner-first DNA. In a galaxy full of complexity, acronyms, and impossible standards, this episode delivers a simple reminder straight from the Guide itself: don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with MetricStream to trace a long and improbable journey that began in the age of SOX spreadsheets and has evolved into something far more ambitious. They reflect on MetricStream’s early role in shaping enterprise GRC, how the platform grew alongside regulatory pressure, and why today’s MetricStream is fundamentally not the MetricStream of yesterday. The conversation explores what it really means to make GRC professionals’ jobs “easier”—not just saving time or money, but improving effectiveness, reducing exposure, increasing resilience, and enabling organizations to move faster and smarter in the face of uncertainty. Michael and the MetricStream team also unpack the company’s evolving identity, including the enduring relevance of “Thrive on Risk” and the newer focus on “GRC Simplified, Outcomes Amplified.” They discuss how simplification doesn’t mean dumbing things down, but rather removing friction, reducing duplication, and amplifying the outcomes that matter most to executives and boards. Finally, the episode looks ahead to where MetricStream sees itself in the coming years, how integrated GRC must continue to evolve, what legacy mindsets need to be left behind, and how organizations can shift from surviving risk to actually thriving because of it. In a galaxy crowded with frameworks, controls, and compliance noise, the Guide offers a reassuring reminder: don’t panic, evolve.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Gary Lynam, Managing Director for EMEA at Protecht, to trace the unlikely but influential journey of one of the GRC universe’s quiet constants. The conversation begins in Australia, a place with an outsized impact on modern risk thinking, exploring how the AS/NZS 4360 Standard laid the groundwork for what would later become ISO 31000, and how that legacy continues to shape Protecht’s philosophy today. From those roots, they unpack Protecht’s evolution from a strong mid-market specialist into a global platform increasingly serving large, complex enterprises. Gary and Michael dig into the difference between real risk management and checkbox compliance theater, discussing where organizations go wrong, what good risk management actually looks like in practice, and where Protecht fits across domains such as enterprise risk, operational risk, resilience, controls, and regulatory obligations. They also explore Protecht’s Marketplace model and how it differentiates the platform by allowing organizations to grow risk capability without forcing a one-size-fits-all approach. The discussion then turns to Protecht’s AI journey, including Cognita, and how the company is approaching AI deliberately as a decision-support capability grounded in risk expertise, not hype. Finally, Gary shares what to expect over the next one to two years, from platform evolution to market direction, and where Protecht sees itself heading as risk management continues to mature globally. In a galaxy crowded with frameworks, dashboards, and compliance noise, this episode offers a reassuring message straight from the Guide itself: Don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Kyle Martin of NAVEX to chart the company’s long arc, from its early days to the AI-powered, fully connected risk and compliance platform used by organizations across the world today. They explore how NAVEX has evolved alongside the market, why its integrated approach resonates with customers, and how the company's growth in Europe is reshaping its global footprint. Kyle breaks down the kinds of industries and organizational sizes where NAVEX thrives, and why so many customers choose NAVEX as their central nervous system for ethics, risk, whistleblowing, and compliance operations. The conversation also turns toward the future, and where AI sits in NAVEX’s strategy today, how it will transform risk and compliance in the years ahead, and what Kyle believes NAVEX will look like in five years as the platform continues to expand its intelligence and reach. And because even the GRC galaxy needs a little levity, the episode finishes with Kyle’s predictions for the rest of the NBA season, proving that while regulatory change may be unpredictable, basketball fandom is eternal. In a universe full of uncertainty, NAVEX offers something rare: connected intelligence, practical guidance, and just enough cosmic humor to remind listeners, don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andrew McIntyre, a veteran explorer of the GRC universe whose career in sales has been shaped by equal parts skill, serendipity, and outright improbability. Andrew shares how he first found his way into sales, the capabilities that truly matter in a world where relationships carry more weight than pitch decks, and the mindset required to thrive in one of the most misunderstood professions in the GRC cosmos. Along the way, he opens his legendary rolodex of stories (the hilarious, the unexpected, the slightly unbelievable), each carrying a lesson for anyone navigating the complex orbit of GRC technology sales. Andrew distills years of experience into practical wisdom for newcomers and seasoned practitioners alike. He also reflects on the craft of salesmanship, what today’s GRC buyers actually care about, and how to remain effective in an industry where trust is the rarest currency. It’s an episode filled with humor, insight, and the kind of field-tested wisdom you won’t find in any sales training manual—proof that in the GRC galaxy, the journey is just as important as the close.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by iluminr to confront a hard truth: business continuity is dying, and resilience must take its place. Organizations today aren’t just facing power outages and weather events, they’re also preparing for ransomware, geopolitical escalation, misinformation, deepfakes, and a threat landscape evolving faster than any static plan can keep up with. They discuss how iluminr’s Microsimulations deliver a modern approach to readiness, replacing binder-based optimism with data-driven capability intelligence. From 15-minute learning reps to immersive crisis scenarios, iluminr helps teams strengthen instinct, accelerate decisions under pressure, and produce tangible evidence for regulators, auditors, and boards. The conversation also uncovers how iluminr is expanding simulations into boardrooms, and how AI plays a dual role of powering new exercises and preparing organizations for AI-driven threats. And with large-scale events like Gameday Ready London, iluminr is bringing a risk and resilience Holodeck to life, giving organizations a glimpse of tomorrow’s crisis before it arrives. In a galaxy where uncertainty is inevitable, iluminr offers a powerful promise: resilience you can prove.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with apexanalytix to chart a course through the sprawling universe of third-party and vendor relationships—where complexity multiplies, risks hide in plain sight, and organizations often panic at the wrong end of the lifecycle. Unlike many in the space, apexanalytix begins not with risk, but with supplier governance, the foundational understanding of who a supplier is, what they do, and the context of the relationship. From there, they layer on a full constellation of risk domains, such as cybersecurity and IT, anti-bribery and corruption, financial viability, fraud, sanctions, politically exposed persons, negative media, ESG factors, and more. They explore how apexanalytix blends its own proprietary intelligence with external data sources to give organizations a richer, more accurate view of their supply base. The conversation also examines some of the big challenges facing organizations today, from survey and questionnaire fatigue to redundancy across assurance processes, and how apexanalytix is working to make these steps smarter, lighter, and less painful. They dive into the often-neglected universe of offboarding, where many organizations unintentionally create exposure, and how a true lifecycle approach prevents risk from slipping through the cracks. Michael and the team also unpack who apexanalytix is ideal for, why large enterprises and smaller organizations alike choose them, and how AI fits into their roadmap as they continue to expand automation, insight, and intelligent action across the supplier ecosystem. As the conversation wraps, apexanalytix looks ahead to a future where supplier governance, risk intelligence, and AI-driven automation converge to give organizations greater clarity, stronger relationships, and fewer unpleasant surprises in the extended enterprise. In a universe crowded with unknowns, apexanalytix makes the case that the smartest path forward begins not with panic, but with a complete understanding of who your suppliers are, and what they mean to your mission.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Cura Software Solutions to explore how a platform that began as a focused risk tool has evolved into a global, end-to-end GRC ecosystem. From enterprise risk to operational resilience, audit, compliance, legal, analytics, and more, Cura now spans an entire constellation of capabilities used by organizations across Africa, the UK, the US, India, Australia, Malaysia, and beyond. The conversation dives into the timing of South Africa’s newly released King V corporate governance code, how it reshapes expectations for accountability and transparency, and how Cura is helping organizations operationalize these principles in practice. They also explore the types of clients where Cura is gaining the most traction, the reasons those organizations choose Cura, and what truly sets the platform apart. Cura shares its vision for the next few years, from deeper globalization to expanding solution breadth, and the emerging role of agentic AI, including what the company is delivering today and what customers can expect tomorrow. In a galaxy crowded with tools that overcomplicate the basics, Cura’s story is one of evolution, clarity, and continuous reinvention, an ever-expanding guide to governance in an improbable universe.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with the team at Decision Focus to explore why the future of GRC isn’t about more features, it’s about better decisions. They discuss how culture, values, and the people building and using the technology shape outcomes far more than checklists or templates ever could. The conversation examines how Decision Focus’s platform is designed not to simply enforce compliance, but to support judgment, clarity, and meaningful collaboration across the business. They break down how the company’s culture informs its product philosophy, how that philosophy encourages a culture of risk awareness and accountability, and how naming the company “Decision Focus” wasn’t branding, it was intention. The team also reflects on how the company and product will evolve in the coming years, and how the next era of GRC will be defined less by box-ticking and more by confident, evidence-backed choices made at every level of the organization. In a galaxy full of complexity, noise, and endless dashboards, Decision Focus makes the case for clarity, culture, and decisions that matter.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Jason Sechrist of AuditBoard to explore how the company has transformed from an audit tool into one of the most intelligent platforms in the GRC cosmos. They discuss what makes AuditBoard distinctly improbable—a platform that’s as beautiful as it is powerful, blending a clean, intuitive UX with the analytical depth needed to quantify, automate, and orchestrate assurance at scale. Jason dives into how AuditBoard unites Monte Carlo and bow-tie analysis for next-generation risk quantification, delivers a no-code environment built for flexibility, and uses AI not as a shortcut but as an amplifier, powering smarter assurance and accelerating insight across the enterprise. The conversation also explores who AuditBoard is built for, where it’s growing next, and how its people and culture fuel the platform’s evolution. Three years from now, AuditBoard envisions a connected GRC universe where usability, intelligence, and human ingenuity work together, proving that even in an improbable galaxy, assurance can be both art and science.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen connects with the Riskonnect CEO, Jim Wetekamp, to explore how the company is helping organizations see through the code of risk, from insurable exposures and geopolitical volatility to AI-driven analysis and quantified decision-making. The discussion dives into what Riskonnect delivers across the GRC universe today, what it’s building for tomorrow, and how agentic AI is accelerating the maturity of the entire field. From risk quantification and scenario analysis to integrated insights across enterprise, compliance, and continuity, Riskonnect’s approach helps organizations understand not just individual risks, but how they interconnect and evolve in real time. The team also shares a glimpse into Konnect 2025, Riskonnect’s annual conference, and its Matrix-inspired theme: learning to see beyond the surface and decode what’s really happening in the world of risk. In an era defined by complexity and uncertainty, this episode shows why clarity may be the most improbable superpower of all.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Alex Hollis of SureCloud to discuss how the company is rewriting the rules of digital risk and resilience. SureCloud’s event-sourced architecture captures everything that ever happens in the system (every change, every control, every decision) allowing organizations to recreate their compliance universe at any point in time. The conversation explores what SureCloud does best, what problems it solves most effectively, and where it fits across enterprise risk, IT, compliance, and legal functions. Alex shares how this architecture enables true evidence-based compliance, what’s next for the platform, and how SureCloud is leveraging AI to enhance intelligence and automation without losing the human partnership that defines its culture. As most GRC platforms orbit predictably around static frameworks, SureCloud’s event-driven approach represents something rarer—a living, evolving system built for resilience, context, and confidence in an improbable universe.