top of page
Into The Breach
The GRC-X Blog
For those who defend. Who step forward. Who lead under pressure.
Into the Breach is a space for practitioners and leaders in security, risk, and assurance who are willing to face complexity head on. It exists for those who carry the weight, make the call, and refuse to look away from what’s broken.
Here, we confront the uncomfortable truths the industry avoids. We challenge legacy thinking, face down black swans, and unpack what it really means to lead security where it matters most.
Recent Posts
There’s No Such Thing as Business Impact, Only Loss
Framing the Problem If there’s one aspect of risk assessment that’s the most misunderstood, least defined, and most misaligned, it’s the subject of business impact. Risk assessment methodologies are partly to blame. Three-letter acronyms like BIA - the good old Business Impact Assessment - have convinced many of us that impact is what really matters. But stop and think about it for a second. When we talk about impact , we’re really just describing the ripple effects of a b
Matt Kent
Nov 55 min read
What Is the Role of Security?
The Question We Rarely Stop to Ask What is the role of security? What’s our purpose? It sounds almost too fundamental to ask, but amid the routine cycles of weekly security work - patching, incident response, audits, awareness campaigns, access control reviews - how often do we stop and ask why we’re doing it all? Ask that question in any programme or leadership forum and the answers are usually the same: > “We’re here to protect the business.” > “To help it operate safely.
Matt Kent
Oct 244 min read
Lost in Translation: Why Security Messages Fail to Land with Business Leaders
The Communication Problem In a world where the security landscape evolves faster than most organisations can adapt, one issue consistently undermines progress: communication. Not the lack of it – but how it happens. Across five years of running security and risk training programmes, we’ve seen a recurring challenge. Security practitioners, technically strong and deeply committed, often struggle to communicate security in a way that resonates with business leaders. The result?
Matt Kent
Oct 233 min read
Mitigating Risk: Navigating a Landscape of Uncertainty
Effective risk mitigation is essential for maintaining business continuity. Security teams must focus not only on responding to incidents...
Matt Kent
Oct 94 min read
Security Consulting: From Defender to Strategic Business Partner
Security Consulting: Security Consulting: From Defender to Strategic Business Partner Security teams are often seen as 'incident...
Matt Kent
Oct 53 min read
Building Alliances: Why Security Teams Must Forge Strong Relationships Across the Business
In an increasingly complex risk landscape, security teams must go beyond silos and build strong alliances across the organisation....
Matt Kent
Oct 33 min read
Business Impact: Communicating Security Through the Lens of True Business Risk
Security is no longer just about protection - it’s about understanding how risks affect business outcomes. We explore why security...
Matt Kent
Oct 13 min read
Profiling Risk: Why Security Teams Must Look Beyond the Existing Estate
In today’s rapidly evolving business landscape, traditional risk profiling is no longer enough. Security teams must shift focus from known risks to emerging threats that will disrupt business continuity. We explore why profiling risk is now a crucial for security teams to protect the future of the organisation. Security teams often make the mistake of focusing too much on risks within their current estate and not enough on emerging risks. While managing known risks is import
Matt Kent
Sep 253 min read
On the Precipice: Security Leadership In Need of a Hard Reset
As pressure mounts across enterprise, security leadership is at a crossroads. We explore why only business-aligned, high-impact teams...
Matt Kent
Sep 244 min read
bottom of page