The Hitchhiker’s Guide to the GRC Technology Galaxy

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Guru Sethupathy of Optro to explore a question many organizations are still struggling to answer. What does AI governance actually mean in practice?
The conversation starts with what keeps clients up at night. Not just risk, but the pace of change. AI is moving faster than most governance models were designed to handle, leaving organizations trying to define guardrails while the technology keeps evolving underneath them.
From there, Guru breaks down what good AI governance looks like beyond the buzzwords. They unpack why nearly every platform now claims to offer AI governance, and how to separate meaningful capability from surface-level features. The discussion focuses on what organizations really need, including governance models that are effective, efficient, resilient, and adaptable enough to keep up with constant change.
They also explore how Optro is approaching this challenge, how its AI governance module is designed to operationalize these principles, and what organizations should expect as AI governance matures over the next several years.
The episode closes with a look toward 2030 and how governance itself may need to evolve as AI becomes embedded in everyday decision-making.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Anders Søborg, co-founder and co-CEO of E-V-E AI, in an unusual setting at the Glyptoteket Museum in Copenhagen.
Surrounded by a space that blends art, architecture, and atmosphere into a single experience, the conversation begins with a simple idea. Context changes how you see everything. It turns out that same idea applies to GRC, where meaning is often buried in documents, dashboards, and disconnected processes.
From there, Anders explains what E-V-E AI is and why it approaches compliance differently. Instead of layering automation onto existing workflows, E-V-E is built to analyze evidence directly. It maps controls, identifies gaps, and produces audit-ready outputs without the usual friction. The goal is not just speed but clarity.
They then discuss the role of agentic AI, where it is already delivering value and where it may take GRC in the near future. The conversation also explores how organizations should think about value across four dimensions. Efficiency, effectiveness, resilience, and agility. Not just cost savings.
The episode closes with a look ahead to 2030 and how platforms like E-V-E AI may reshape compliance into something more continuous and embedded in how organizations actually operate.
In a galaxy full of rules and reports, this conversation lands on something simpler. When you understand the context, the rest starts to make sense.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Adil Khan, CEO of SafePaaS, to explore what governance looks like when the enterprise is no longer neatly contained.
They begin with the story of SafePaaS, including where it came from, what it set out to solve, and why it has taken a different path from many other GRC platforms. At its core, SafePaaS focuses on one of the most immediate and material risks organizations face today: cybersecurity risk, and how controls around identity, transactions, and access can be continuously governed rather than periodically checked.
The conversation moves into real-world use cases, from IT general controls and segregation of duties to continuous monitoring across complex ERP and cloud environments. Along the way, Adil explains how SafePaaS delivers not just compliance, but efficiency, effectiveness, resilience, and agility and why those outcomes matter more than features alone.
They also explore how SafePaaS is approaching AI and where it’s being applied today, what’s practical versus speculative, and how automation is reshaping control environments. Finally, they look ahead to 2030 and what governance may need to become as enterprises grow more distributed, systems more autonomous, and risk more dynamic.
In a universe where complexity tends to expand faster than control, staying “under control” may require rethinking how control itself is designed.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Anthony Habayeb, co-founder and CEO of Monitaur, for a conversation that begins with mythology and quickly finds its way into the realities of governing artificial intelligence.
Anthony explains the origin of the name Monitaur, and why the image of navigating a labyrinth isn’t such a bad metaphor for the world organizations now face as they deploy AI systems. From there, the discussion moves into what AI governance actually looks like in practice, and why too many organizations still think of GRC as little more than a compliance exercise.
Michael and Anthony explore a broader idea—governance, risk, and compliance shouldn’t be episodic or checkbox-driven. In an AI-enabled world, it has to become a continuous, orchestrated system that connects risk, controls, performance, and business objectives.
Along the way, Anthony shares advice for organizations just beginning their AI governance journey, explains how companies can measure the value of a platform like Monitaur through real operational outcomes, and offers examples of how customers are already putting these ideas into practice.
The episode wraps with a look ahead to where AI governance may be headed by 2030, and how organizations can prepare for a future where AI systems are no longer experiments, but part of everyday decision-making.
Because in a galaxy full of models, algorithms, and acronyms, governing AI responsibly may turn out to be the most important journey of all.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Stas Bojoukha, founder and CEO of Compyl, to explore a different way of thinking about governance, risk, and compliance.
The conversation begins with what makes Compyl stand out in a crowded market and the kinds of real-world use cases organizations rely on it to solve today. From there, Michael and Stas dive into the idea of GRC Engineering and what it actually means, who it’s for, and why it extends far beyond the IT security function.
Along the way, they unpack a bigger shift happening in the industry. If the role of “information security” alone is no longer enough, what comes next? Michael makes the case that the CISO role is evolving toward something broader, a digital risk and resilience leader responsible for delivering digital trust—a concept that closely aligns with how Compyl approaches GRC.
They also tackle AI, one of the most discussed and misunderstood topics in the market. The discussion separates real, practical applications of agentic AI in GRC from the marketing smoke and mirrors surrounding it, highlighting where Compyl sees genuine value today and where the industry still has work to do.
The episode closes with some of Compyl’s most challenging use cases and a look toward the future, and discuss how the platform may evolve by 2030 as organizations continue to rethink how they manage risk, resilience, and trust in an increasingly digital world.
In a galaxy full of frameworks, acronyms, and automation promises, this conversation focuses on building GRC systems that actually work.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen explores a familiar but evolving constellation in the GRC universe: Mitratech.
Long associated with what Michael calls “Legal GRC,” Mitratech has steadily expanded its orbit, moving from legal operations into enterprise-wide risk, compliance, and HR governance. The conversation examines what separates Mitratech in a market filled with specialists and generalists alike: not just breadth, but a deliberate effort to connect disciplines that are too often treated as separate planets.
They unpack how Mitratech balances its deep legal roots with enterprise GRC capabilities, how HR has become an essential governance frontier, and how integration, rather than replacement, shapes its strategy. AI enters the discussion as well. What’s real today, what’s emerging tomorrow, and how Mitratech is positioning itself for the next phase of intelligent automation.
Finally, they look ahead to 2030. What does the GRC galaxy look like then? What will organizations expect from platforms that span legal, risk, and people operations? And how does a company evolve without losing its gravitational center?
In a universe of accelerating regulation and complexity, this episode considers what it takes not just to expand but to expand wisely.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen speaks with David Fisher, President of TDI Solutions, about something that often gets lost in the noise of modern GRC—Intelligence.
They begin by exploring what makes TDI Solutions different in a crowded landscape. While many platforms lead with automation and AI, TDI starts with intelligence (human expertise, investigative depth, geopolitical awareness, and regulatory context) and then uses AI to enhance, scale, and accelerate that foundation.
The conversation dives into TDI’s due diligence capabilities, what distinguishes their approach, and how intelligence-led analysis improves executive decision-making across jurisdictions and value chains. From there, they unpack how TDI’s technology platforms, including third-party monitoring and regulatory navigation, are built to support and operationalize that intelligence, not replace it.
They also discuss why clients typically engage TDI, the caliber of analysts behind the work, and how the firm balances SaaS scalability with advisory depth. The episode closes with a look ahead at how TDI sees its intelligence-driven model evolving over the next several years.
In a galaxy increasingly powered by algorithms, AI may be fast but intelligence still comes first.

In this episode, field researcher and galactic GRC hitchhiker for the Guide, Michael Rasmussen, talks with Aadesh Gawde, Founder and CEO of Optimas.ai, about a different way of thinking about GRC—not as workflows to manage, but as systems to engineer.
The conversation begins with Aadesh’s analogy of Optimas as a Jarvis-like concierge for cybersecurity and resilience, a way of describing how the platform supports executive decision-making by continuously working in the background. From there, he explains why Optimas positions itself as both a GRC engineering platform and a GRC data platform, and why that distinction matters in a landscape crowded with tools built primarily to automate tasks and workflows.
They discuss Optimas’ deterministic approach to understanding exposure, how that differs from probabilistic risk models, and why Optimas doesn’t see itself as a replacement for traditional GRC platforms. Instead, it’s designed to sit alongside them, answering a different class of questions about exposure, readiness, and confidence as conditions change.
Along the way, they unpack what makes Optimas distinct, the kinds of use cases it’s solving today, and how Aadesh sees the platform evolving over the next few years.
It’s a conversation very much in the spirit of the Guide itself, curious and quietly confident that some of the hardest problems become easier once you stop panicking and start thinking like an engineer.

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen sits down with Michael Campbell, Chief Executive Officer of Fusion Risk Management, to make sense of a GRC universe that has expanded to well over a thousand solutions (many trying to be everything, and a few choosing to be very precise).
Michael shares his journey to Fusion and how decades of leading technology companies through growth and transformation shaped his view of risk, scale, and operational reality. From there, the conversation widens to the modern GRC landscape: why it has become so fragmented, why focus matters, and why Fusion has deliberately centered its strategy on resilience rather than generic compliance or catch-all risk tooling.
They unpack what resilience really means today, far beyond business continuity plans and disaster recovery binders, spanning operational, cyber, organizational, and decision resilience. They also explore where risk and resilience overlap, where they diverge, and why confusing the two often leaves organizations exposed at the worst possible moment.
Michael and Michael discuss what truly sets Fusion apart, how customers are pushing the platform in increasingly sophisticated ways, and what’s coming next as resilience becomes a board-level priority rather than a back-office function.
In a galaxy crowded with tools, frameworks, and noise, this episode offers a simple piece of guidance straight from the Guide itself: Don’t Panic

In this episode of The Hitchhiker’s Guide to the GRC Technology Galaxy, Michael Rasmussen is joined by Andreas Schmitz, whose journey through the risk universe began not in a product roadmap, but deep in the practitioner trenches and eventually led him to CRISAM.
They explore what happens when someone who has actually lived with risk frameworks, audits, and regulatory pressure falls in love with a GRC platform because it finally makes sense. The conversation digs into why usability is not a “nice to have” in risk management, especially in environments like Germany, where standards such as IDW PS 340 set some of the most rigorous expectations in the world.
Michael and Andreas discuss what sets CRISAM apart, why organizations across industries and of all sizes choose it, and how the platform has expanded from Germany into the broader DACH region and across Europe. They unpack who typically uses CRISAM (from risk managers and compliance teams to IT, security, and audit) and why a single, method-based system matters when requirements keep multiplying.
The episode also looks ahead to what’s coming next and how CRISAM is thinking about agentic AI, digital twins, and the future evolution of risk management without losing its practitioner-first DNA.
In a galaxy full of complexity, acronyms, and impossible standards, this episode delivers a simple reminder straight from the Guide itself: don’t panic.