Michael Rasmussen

In my previous articles, The Death of the CISO: A Eulogy & Reincarnation and Rise of the Digital Trust & Resilience Officer: Death of the CISO, Part 2, I introduced the evolving role of the Chief Information Security Officer (CISO), a shift that’s quickly becoming necessary across the digital landscape. The overwhelming response to these pieces—over 100,000 views on LinkedIn alone—showed that this transformation isn’t just a topic of interest, but one that resonates deeply across industries. While many remain attached to the CISO title, few deny that the role has grown far beyond its original scope.

In a world where regulations are constantly evolving, businesses must stay agile and informed to maintain compliance and drive innovation. The European Union (EU) and the United States (US) are two of the largest regulatory powerhouses globally, and understanding how their frameworks shape corporate strategy is crucial for any business with global ambitions. While both regions share common goals of promoting economic growth and corporate responsibility, their approaches to achieving these goals couldn’t be more different.

If you’ve been keeping up with the evolving world of Governance, Risk, and Compliance (GRC), you may have come across my recent article that argues many GRC programs are fundamentally backward by focusing too much on compliance and risk before objectives. The article makes the case that true GRC should always start with clear organizational objectives, and everything else—risk, governance, and compliance—should support those goals. But why does this matter, and how can organizations better align their GRC strategies?

With the clock ticking down to the 2025 implementation of Provision 29 under the revised UK Corporate Governance Code (UK CGC), companies are in a race to align their risk management and internal controls with the new requirements. The mandate, which calls for boards to provide a declaration on the effectiveness of their risk frameworks, has sparked widespread discussion among compliance professionals, corporate leaders, and risk strategists.

In J.R.R. Tolkien's The Lord of the Rings, the Palantír—a mystical seeing stone—gives its user the power to peer into distant lands and foresee possible futures. While this gift is fraught with danger in the story, it’s a fitting metaphor for today’s organizations facing a world of uncertainty. Just as the Palantír offers a glimpse into potential futures, modern risk management tools provide organizations with the ability to foresee emerging risks and prepare for the unexpected. In this article, we’ll explore how businesses can use a Palantír-like approach—combining foresight with strategic planning—to anticipate challenges and better navigate the evolving landscape of risk.

Environmental, Social, and Governance (ESG) has been generating immense pressure on organizations across various industries and around the globe in recent years. Corporate investors are now making capital investment decisions based on a company’s ESG commitments, metrics, and ratings. Legislators and regulators worldwide are introducing regulations that focus on both the broad scope of ESG and its specific aspects (e.g., modern slavery, carbon emissions). Potential employees are choosing workplaces aligned with their values, not just their benefits. Similarly, customers are favoring products and services that reflect their principles. ESG has captured the attention of every level of an organization, from the boardroom to the operational frontlines.

For professionals in the realm of risk, compliance, and IT security, the role of the Chief Information Security Officer (CISO) has long been a cornerstone of organizational defense. But as technology evolves and risks become more interconnected, the role itself is undergoing a significant transformation. In a recent analysis in my piece The Death of the CISO: A Eulogy & Reincarnation, I discussed the impending end of the traditional CISO in favor of a more expansive role — the Digital Risk & Resilience Officer (DRRO).