Skip to main content

As the Information Security Program Owner at National Instruments, a $1.4B global enterprise, I've spent the past decade building a risk management program from the ground up.  As I shared in my Founder's Story,  I struggled in the early days with defining what our program would look like, and especially around the tooling I would use, but it wasn't long before I was able to demonstrate the value of risk management to the organization.  SimpleRisk quickly became our de facto tool of choice and, as my knowledge increased and my co

Before starting SimpleRisk, I sat in the CISO chair, on the other side of the negotiating table.  I learned the tricks that vendors played with pricing to get it up and had some tricks of my own that I'd use to get it back down.  Discounts of 50% or more were not uncommon and our procurement team mostly let me do my own thing because they knew they weren't going to be able to touch my pricing.  My team and my peers even used to half-jokingly say that I should do a talk on vendor price negotiations.  And while I still wear the discounts that I negotiated as a badge of honor, there's a part o

Every comic book superhero has a story behind them describing how they overcame some form of adversity in order to become the crime-fighting protector of all things good that we've come to know and love. Just like those champions of justice, SimpleRisk also has an origin story. It all started in 2012, when Josh Sokol was tasked with starting an enterprise risk management program at National Instruments.

Subscribe to governance