The Hitchhiker’s Guide to the GRC Technology Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andreas Schmitz, whose journey through the risk universe began not in a product roadmap, but deep in the practitioner trenches and eventually led him to CRISAM.
They explore what happens when someone who has actually lived with risk frameworks, audits, and regulatory pressure falls in love with a GRC platform because it finally makes sense. The conversation digs into why usability is not a “nice to have” in risk management, especially in environments like Germany, where standards such as IDW PS 340 set some of the most rigorous expectations in the world.
Michael and Andreas discuss what sets CRISAM apart, why organizations across industries and of all sizes choose it, and how the platform has expanded from Germany into the broader DACH region and across Europe. They unpack who typically uses CRISAM (from risk managers and compliance teams to IT, security, and audit) and why a single, method-based system matters when requirements keep multiplying.
The episode also looks ahead to what’s coming next and how CRISAM is thinking about agentic AI, digital twins, and the future evolution of risk management without losing its practitioner-first DNA.
In a galaxy full of complexity, acronyms, and impossible standards, this episode delivers a simple reminder straight from the Guide itself: don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with MetricStream to trace a long and improbable journey that began in the age of SOX spreadsheets and has evolved into something far more ambitious.
They reflect on MetricStream’s early role in shaping enterprise GRC, how the platform grew alongside regulatory pressure, and why today’s MetricStream is fundamentally not the MetricStream of yesterday. The conversation explores what it really means to make GRC professionals’ jobs “easier”—not just saving time or money, but improving effectiveness, reducing exposure, increasing resilience, and enabling organizations to move faster and smarter in the face of uncertainty.
Michael and the MetricStream team also unpack the company’s evolving identity, including the enduring relevance of “Thrive on Risk” and the newer focus on “GRC Simplified, Outcomes Amplified.” They discuss how simplification doesn’t mean dumbing things down, but rather removing friction, reducing duplication, and amplifying the outcomes that matter most to executives and boards.
Finally, the episode looks ahead to where MetricStream sees itself in the coming years, how integrated GRC must continue to evolve, what legacy mindsets need to be left behind, and how organizations can shift from surviving risk to actually thriving because of it.
In a galaxy crowded with frameworks, controls, and compliance noise, the Guide offers a reassuring reminder: don’t panic, evolve.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Gary Lynam, Managing Director for EMEA at Protecht, to trace the unlikely but influential journey of one of the GRC universe’s quiet constants.
The conversation begins in Australia, a place with an outsized impact on modern risk thinking, exploring how the AS/NZS 4360 Standard laid the groundwork for what would later become ISO 31000, and how that legacy continues to shape Protecht’s philosophy today. From those roots, they unpack Protecht’s evolution from a strong mid-market specialist into a global platform increasingly serving large, complex enterprises.
Gary and Michael dig into the difference between real risk management and checkbox compliance theater, discussing where organizations go wrong, what good risk management actually looks like in practice, and where Protecht fits across domains such as enterprise risk, operational risk, resilience, controls, and regulatory obligations. They also explore Protecht’s Marketplace model and how it differentiates the platform by allowing organizations to grow risk capability without forcing a one-size-fits-all approach.
The discussion then turns to Protecht’s AI journey, including Cognita, and how the company is approaching AI deliberately as a decision-support capability grounded in risk expertise, not hype. Finally, Gary shares what to expect over the next one to two years, from platform evolution to market direction, and where Protecht sees itself heading as risk management continues to mature globally.
In a galaxy crowded with frameworks, dashboards, and compliance noise, this episode offers a reassuring message straight from the Guide itself: Don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Kyle Martin of NAVEX to chart the company’s long arc, from its early days to the AI-powered, fully connected risk and compliance platform used by organizations across the world today.
They explore how NAVEX has evolved alongside the market, why its integrated approach resonates with customers, and how the company's growth in Europe is reshaping its global footprint. Kyle breaks down the kinds of industries and organizational sizes where NAVEX thrives, and why so many customers choose NAVEX as their central nervous system for ethics, risk, whistleblowing, and compliance operations.
The conversation also turns toward the future, and where AI sits in NAVEX’s strategy today, how it will transform risk and compliance in the years ahead, and what Kyle believes NAVEX will look like in five years as the platform continues to expand its intelligence and reach.
And because even the GRC galaxy needs a little levity, the episode finishes with Kyle’s predictions for the rest of the NBA season, proving that while regulatory change may be unpredictable, basketball fandom is eternal.
In a universe full of uncertainty, NAVEX offers something rare: connected intelligence, practical guidance, and just enough cosmic humor to remind listeners, don’t panic.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andrew McIntyre, a veteran explorer of the GRC universe whose career in sales has been shaped by equal parts skill, serendipity, and outright improbability.
Andrew shares how he first found his way into sales, the capabilities that truly matter in a world where relationships carry more weight than pitch decks, and the mindset required to thrive in one of the most misunderstood professions in the GRC cosmos. Along the way, he opens his legendary rolodex of stories (the hilarious, the unexpected, the slightly unbelievable), each carrying a lesson for anyone navigating the complex orbit of GRC technology sales.
Andrew distills years of experience into practical wisdom for newcomers and seasoned practitioners alike. He also reflects on the craft of salesmanship, what today’s GRC buyers actually care about, and how to remain effective in an industry where trust is the rarest currency.
It’s an episode filled with humor, insight, and the kind of field-tested wisdom you won’t find in any sales training manual—proof that in the GRC galaxy, the journey is just as important as the close.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by iluminr to confront a hard truth: business continuity is dying, and resilience must take its place. Organizations today aren’t just facing power outages and weather events, they’re also preparing for ransomware, geopolitical escalation, misinformation, deepfakes, and a threat landscape evolving faster than any static plan can keep up with.
They discuss how iluminr’s Microsimulations deliver a modern approach to readiness, replacing binder-based optimism with data-driven capability intelligence. From 15-minute learning reps to immersive crisis scenarios, iluminr helps teams strengthen instinct, accelerate decisions under pressure, and produce tangible evidence for regulators, auditors, and boards.
The conversation also uncovers how iluminr is expanding simulations into boardrooms, and how AI plays a dual role of powering new exercises and preparing organizations for AI-driven threats. And with large-scale events like Gameday Ready London, iluminr is bringing a risk and resilience Holodeck to life, giving organizations a glimpse of tomorrow’s crisis before it arrives.
In a galaxy where uncertainty is inevitable, iluminr offers a powerful promise: resilience you can prove.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with apexanalytix to chart a course through the sprawling universe of third-party and vendor relationships—where complexity multiplies, risks hide in plain sight, and organizations often panic at the wrong end of the lifecycle.
Unlike many in the space, apexanalytix begins not with risk, but with supplier governance, the foundational understanding of who a supplier is, what they do, and the context of the relationship. From there, they layer on a full constellation of risk domains, such as cybersecurity and IT, anti-bribery and corruption, financial viability, fraud, sanctions, politically exposed persons, negative media, ESG factors, and more. They explore how apexanalytix blends its own proprietary intelligence with external data sources to give organizations a richer, more accurate view of their supply base.
The conversation also examines some of the big challenges facing organizations today, from survey and questionnaire fatigue to redundancy across assurance processes, and how apexanalytix is working to make these steps smarter, lighter, and less painful. They dive into the often-neglected universe of offboarding, where many organizations unintentionally create exposure, and how a true lifecycle approach prevents risk from slipping through the cracks.
Michael and the team also unpack who apexanalytix is ideal for, why large enterprises and smaller organizations alike choose them, and how AI fits into their roadmap as they continue to expand automation, insight, and intelligent action across the supplier ecosystem.
As the conversation wraps, apexanalytix looks ahead to a future where supplier governance, risk intelligence, and AI-driven automation converge to give organizations greater clarity, stronger relationships, and fewer unpleasant surprises in the extended enterprise. In a universe crowded with unknowns, apexanalytix makes the case that the smartest path forward begins not with panic, but with a complete understanding of who your suppliers are, and what they mean to your mission.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Cura Software Solutions to explore how a platform that began as a focused risk tool has evolved into a global, end-to-end GRC ecosystem. From enterprise risk to operational resilience, audit, compliance, legal, analytics, and more, Cura now spans an entire constellation of capabilities used by organizations across Africa, the UK, the US, India, Australia, Malaysia, and beyond.
The conversation dives into the timing of South Africa’s newly released King V corporate governance code, how it reshapes expectations for accountability and transparency, and how Cura is helping organizations operationalize these principles in practice. They also explore the types of clients where Cura is gaining the most traction, the reasons those organizations choose Cura, and what truly sets the platform apart.
Cura shares its vision for the next few years, from deeper globalization to expanding solution breadth, and the emerging role of agentic AI, including what the company is delivering today and what customers can expect tomorrow.
In a galaxy crowded with tools that overcomplicate the basics, Cura’s story is one of evolution, clarity, and continuous reinvention, an ever-expanding guide to governance in an improbable universe.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with the team at Decision Focus to explore why the future of GRC isn’t about more features, it’s about better decisions. They discuss how culture, values, and the people building and using the technology shape outcomes far more than checklists or templates ever could.
The conversation examines how Decision Focus’s platform is designed not to simply enforce compliance, but to support judgment, clarity, and meaningful collaboration across the business. They break down how the company’s culture informs its product philosophy, how that philosophy encourages a culture of risk awareness and accountability, and how naming the company “Decision Focus” wasn’t branding, it was intention.
The team also reflects on how the company and product will evolve in the coming years, and how the next era of GRC will be defined less by box-ticking and more by confident, evidence-backed choices made at every level of the organization.
In a galaxy full of complexity, noise, and endless dashboards, Decision Focus makes the case for clarity, culture, and decisions that matter.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Jason Sechrist of AuditBoard to explore how the company has transformed from an audit tool into one of the most intelligent platforms in the GRC cosmos. They discuss what makes AuditBoard distinctly improbable—a platform that’s as beautiful as it is powerful, blending a clean, intuitive UX with the analytical depth needed to quantify, automate, and orchestrate assurance at scale.
Jason dives into how AuditBoard unites Monte Carlo and bow-tie analysis for next-generation risk quantification, delivers a no-code environment built for flexibility, and uses AI not as a shortcut but as an amplifier, powering smarter assurance and accelerating insight across the enterprise.
The conversation also explores who AuditBoard is built for, where it’s growing next, and how its people and culture fuel the platform’s evolution. Three years from now, AuditBoard envisions a connected GRC universe where usability, intelligence, and human ingenuity work together, proving that even in an improbable galaxy, assurance can be both art and science.