The Hitchhiker’s Guide to the GRC Technology Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Stas Bojoukha, founder and CEO of Compyl, to explore a different way of thinking about governance, risk, and compliance.
The conversation begins with what makes Compyl stand out in a crowded market and the kinds of real-world use cases organizations rely on it to solve today. From there, Michael and Stas dive into the idea of GRC Engineering and what it actually means, who it’s for, and why it extends far beyond the IT security function.
Along the way, they unpack a bigger shift happening in the industry. If the role of “information security” alone is no longer enough, what comes next? Michael makes the case that the CISO role is evolving toward something broader, a digital risk and resilience leader responsible for delivering digital trust—a concept that closely aligns with how Compyl approaches GRC.
They also tackle AI, one of the most discussed and misunderstood topics in the market. The discussion separates real, practical applications of agentic AI in GRC from the marketing smoke and mirrors surrounding it, highlighting where Compyl sees genuine value today and where the industry still has work to do.
The episode closes with some of Compyl’s most challenging use cases and a look toward the future, and discuss how the platform may evolve by 2030 as organizations continue to rethink how they manage risk, resilience, and trust in an increasingly digital world.
In a galaxy full of frameworks, acronyms, and automation promises, this conversation focuses on building GRC systems that actually work.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen explores a familiar but evolving constellation in the GRC universe: Mitratech.
Long associated with what Michael calls “Legal GRC,” Mitratech has steadily expanded its orbit, moving from legal operations into enterprise-wide risk, compliance, and HR governance. The conversation examines what separates Mitratech in a market filled with specialists and generalists alike: not just breadth, but a deliberate effort to connect disciplines that are too often treated as separate planets.
They unpack how Mitratech balances its deep legal roots with enterprise GRC capabilities, how HR has become an essential governance frontier, and how integration, rather than replacement, shapes its strategy. AI enters the discussion as well. What’s real today, what’s emerging tomorrow, and how Mitratech is positioning itself for the next phase of intelligent automation.
Finally, they look ahead to 2030. What does the GRC galaxy look like then? What will organizations expect from platforms that span legal, risk, and people operations? And how does a company evolve without losing its gravitational center?
In a universe of accelerating regulation and complexity, this episode considers what it takes not just to expand but to expand wisely.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen speaks with David Fisher, President of TDI Solutions, about something that often gets lost in the noise of modern GRC—Intelligence.
They begin by exploring what makes TDI Solutions different in a crowded landscape. While many platforms lead with automation and AI, TDI starts with intelligence (human expertise, investigative depth, geopolitical awareness, and regulatory context) and then uses AI to enhance, scale, and accelerate that foundation.
The conversation dives into TDI’s due diligence capabilities, what distinguishes their approach, and how intelligence-led analysis improves executive decision-making across jurisdictions and value chains. From there, they unpack how TDI’s technology platforms, including third-party monitoring and regulatory navigation, are built to support and operationalize that intelligence, not replace it.
They also discuss why clients typically engage TDI, the caliber of analysts behind the work, and how the firm balances SaaS scalability with advisory depth. The episode closes with a look ahead at how TDI sees its intelligence-driven model evolving over the next several years.
In a galaxy increasingly powered by algorithms, AI may be fast but intelligence still comes first.

In this episode, field researcher and galactic GRC hitchhiker for the Guide, Michael Rasmussen, talks with Aadesh Gawde, Founder and CEO of Optimas.ai, about a different way of thinking about GRC—not as workflows to manage, but as systems to engineer.
The conversation begins with Aadesh’s analogy of Optimas as a Jarvis-like concierge for cybersecurity and resilience, a way of describing how the platform supports executive decision-making by continuously working in the background. From there, he explains why Optimas positions itself as both a GRC engineering platform and a GRC data platform, and why that distinction matters in a landscape crowded with tools built primarily to automate tasks and workflows.
They discuss Optimas’ deterministic approach to understanding exposure, how that differs from probabilistic risk models, and why Optimas doesn’t see itself as a replacement for traditional GRC platforms. Instead, it’s designed to sit alongside them, answering a different class of questions about exposure, readiness, and confidence as conditions change.
Along the way, they unpack what makes Optimas distinct, the kinds of use cases it’s solving today, and how Aadesh sees the platform evolving over the next few years.
It’s a conversation very much in the spirit of the Guide itself, curious and quietly confident that some of the hardest problems become easier once you stop panicking and start thinking like an engineer.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Michael Campbell, Chief Executive Officer of Fusion Risk Management, to make sense of a GRC universe that has expanded to well over a thousand solutions (many trying to be everything, and a few choosing to be very precise).
Michael shares his journey to Fusion and how decades of leading technology companies through growth and transformation shaped his view of risk, scale, and operational reality. From there, the conversation widens to the modern GRC landscape: why it has become so fragmented, why focus matters, and why Fusion has deliberately centered its strategy on resilience rather than generic compliance or catch-all risk tooling.
They unpack what resilience really means today, far beyond business continuity plans and disaster recovery binders, spanning operational, cyber, organizational, and decision resilience. They also explore where risk and resilience overlap, where they diverge, and why confusing the two often leaves organizations exposed at the worst possible moment.
Michael and Michael discuss what truly sets Fusion apart, how customers are pushing the platform in increasingly sophisticated ways, and what’s coming next as resilience becomes a board-level priority rather than a back-office function.
In a galaxy crowded with tools, frameworks, and noise, this episode offers a simple piece of guidance straight from the Guide itself: Don’t Panic

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andreas Schmitz, whose journey through the risk universe began not in a product roadmap, but deep in the practitioner trenches and eventually led him to CRISAM.
They explore what happens when someone who has actually lived with risk frameworks, audits, and regulatory pressure falls in love with a GRC platform because it finally makes sense. The conversation digs into why usability is not a “nice to have” in risk management, especially in environments like Germany, where standards such as IDW PS 340 set some of the most rigorous expectations in the world.
Michael and Andreas discuss what sets CRISAM apart, why organizations across industries and of all sizes choose it, and how the platform has expanded from Germany into the broader DACH region and across Europe. They unpack who typically uses CRISAM (from risk managers and compliance teams to IT, security, and audit) and why a single, method-based system matters when requirements keep multiplying.
The episode also looks ahead to what’s coming next and how CRISAM is thinking about agentic AI, digital twins, and the future evolution of risk management without losing its practitioner-first DNA.
In a galaxy full of complexity, acronyms, and impossible standards, this episode delivers a simple reminder straight from the Guide itself: don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with MetricStream to trace a long and improbable journey that began in the age of SOX spreadsheets and has evolved into something far more ambitious.
They reflect on MetricStream’s early role in shaping enterprise GRC, how the platform grew alongside regulatory pressure, and why today’s MetricStream is fundamentally not the MetricStream of yesterday. The conversation explores what it really means to make GRC professionals’ jobs “easier”—not just saving time or money, but improving effectiveness, reducing exposure, increasing resilience, and enabling organizations to move faster and smarter in the face of uncertainty.
Michael and the MetricStream team also unpack the company’s evolving identity, including the enduring relevance of “Thrive on Risk” and the newer focus on “GRC Simplified, Outcomes Amplified.” They discuss how simplification doesn’t mean dumbing things down, but rather removing friction, reducing duplication, and amplifying the outcomes that matter most to executives and boards.
Finally, the episode looks ahead to where MetricStream sees itself in the coming years, how integrated GRC must continue to evolve, what legacy mindsets need to be left behind, and how organizations can shift from surviving risk to actually thriving because of it.
In a galaxy crowded with frameworks, controls, and compliance noise, the Guide offers a reassuring reminder: don’t panic, evolve.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Gary Lynam, Managing Director for EMEA at Protecht, to trace the unlikely but influential journey of one of the GRC universe’s quiet constants.
The conversation begins in Australia, a place with an outsized impact on modern risk thinking, exploring how the AS/NZS 4360 Standard laid the groundwork for what would later become ISO 31000, and how that legacy continues to shape Protecht’s philosophy today. From those roots, they unpack Protecht’s evolution from a strong mid-market specialist into a global platform increasingly serving large, complex enterprises.
Gary and Michael dig into the difference between real risk management and checkbox compliance theater, discussing where organizations go wrong, what good risk management actually looks like in practice, and where Protecht fits across domains such as enterprise risk, operational risk, resilience, controls, and regulatory obligations. They also explore Protecht’s Marketplace model and how it differentiates the platform by allowing organizations to grow risk capability without forcing a one-size-fits-all approach.
The discussion then turns to Protecht’s AI journey, including Cognita, and how the company is approaching AI deliberately as a decision-support capability grounded in risk expertise, not hype. Finally, Gary shares what to expect over the next one to two years, from platform evolution to market direction, and where Protecht sees itself heading as risk management continues to mature globally.
In a galaxy crowded with frameworks, dashboards, and compliance noise, this episode offers a reassuring message straight from the Guide itself: Don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Kyle Martin of NAVEX to chart the company’s long arc, from its early days to the AI-powered, fully connected risk and compliance platform used by organizations across the world today.
They explore how NAVEX has evolved alongside the market, why its integrated approach resonates with customers, and how the company's growth in Europe is reshaping its global footprint. Kyle breaks down the kinds of industries and organizational sizes where NAVEX thrives, and why so many customers choose NAVEX as their central nervous system for ethics, risk, whistleblowing, and compliance operations.
The conversation also turns toward the future, and where AI sits in NAVEX’s strategy today, how it will transform risk and compliance in the years ahead, and what Kyle believes NAVEX will look like in five years as the platform continues to expand its intelligence and reach.
And because even the GRC galaxy needs a little levity, the episode finishes with Kyle’s predictions for the rest of the NBA season, proving that while regulatory change may be unpredictable, basketball fandom is eternal.
In a universe full of uncertainty, NAVEX offers something rare: connected intelligence, practical guidance, and just enough cosmic humor to remind listeners, don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andrew McIntyre, a veteran explorer of the GRC universe whose career in sales has been shaped by equal parts skill, serendipity, and outright improbability.
Andrew shares how he first found his way into sales, the capabilities that truly matter in a world where relationships carry more weight than pitch decks, and the mindset required to thrive in one of the most misunderstood professions in the GRC cosmos. Along the way, he opens his legendary rolodex of stories (the hilarious, the unexpected, the slightly unbelievable), each carrying a lesson for anyone navigating the complex orbit of GRC technology sales.
Andrew distills years of experience into practical wisdom for newcomers and seasoned practitioners alike. He also reflects on the craft of salesmanship, what today’s GRC buyers actually care about, and how to remain effective in an industry where trust is the rarest currency.
It’s an episode filled with humor, insight, and the kind of field-tested wisdom you won’t find in any sales training manual—proof that in the GRC galaxy, the journey is just as important as the close.