Wrong Data, Wrong Move: Why Trustworthy Data is the Foundation of Every Smart Move

Ryan Knisley, Chief Product Strategist at Axonius detangles what trustworthy data can bring to security and teams. With an exceptional career spanning positions at The Walt Disney Company, Costco Wholesale, PwC, Accenture, the U.S. Secret Service, and the U.S. Army, Knisley brings a blend of enterprise strategy and frontline security.

Knisley outlines the ultimate goal of leadership teams, and explains how at each step, attackers exploit the intelligence gap. It is critical to know the difference between what you think you're managing and what actually exists in your environment. 

It is imperative for organizations to know the foundation that lets them validate exposure across every layer and close gaps before attackers chain them together. Read the interview to know how integrating features for a consolidated source of truth simplifies security for customers and more.

Vishwa: You’ve discussed how platformization helps reduce tool fatigue. How do you determine when to expand versus integrate capabilities so that growth still feels cohesive and focused for users?

Ryan: That’s the essential question every security leader should be asking. 

As a former CISO, I was constantly wary of platforms that just became bloated. I developed a simple test for any new capability, whether we were building it or buying it. I’d ask three questions:

• If we add this, what can we retire? 
  • True platforms create consolidation; they don’t just add another tab to a crowded browser.
• Will this improve decision-making, or just create new decisions to manage?
  • The goal must be clarity, not more alerts. We need to shorten the path from detection to a confident decision.
• Can we take action directly from the insight, or does this create another manual handoff? 
  • If it doesn’t accelerate action, it's contributing to the problem.

If a new capability didn’t pass that test, we didn’t do it. It wasn’t true platformization; it was what I call “expansion theater.” It is this discipline that has allowed us to thoughtfully evolve from being the pioneer in CAASM to building the industry’s definitive Exposure Assessment Platform. 

Our entire product strategy is built around passing that three-part test for our customers, every single time. This isn’t just our product philosophy; it’s our business strategy. It ensures we are building value that is sticky and defensible, leading to sustainable growth and clear ROI for our customers.

Vishwa: How has your transition from CISO roles at large enterprises shaped your approach to building cybersecurity product strategy? Which leadership lesson continues to influence how you design for practitioners today?

Ryan: My time as a CISO taught me a fundamental truth: incomplete information doesn’t just slow you down, it points you in the wrong direction. This is the “dirty data” problem that plagues our industry. 

You see it in the statistics – while 90 percent of leaders feel prepared to act, only a quarter of them actually trust their data. That’s why our approach has always been to start with the foundation. You cannot have trustworthy AI or automation in cybersecurity without trustworthy data. 

My experience taught me you need a verifiable foundation of truth before you can act with confidence. That’s the principle that drives our strategy. Every feature we build is designed to create a complete, accurate, and always up-to-date asset data model. 

It’s about giving security and IT teams the one thing they need most under pressure: ground truth they can build on. In essence, asset intelligence provides the certainty that businesses need to operate. When you have that grounding in truth, you don't just reduce security risk; you create a more predictable and resilient business, which is the ultimate goal of any leadership team.

Vishwa: How do customer insights and field experiences influence product decisions? Can you share an example where feedback or observation led to a stronger or more intuitive solution?

Ryan: Our product roadmap is written in the field. A perfect example is the journey of our Exposures product. Initially, CISOs told us, “We have vulnerability scanners, but we lack the connective tissue to remediation.” 

They couldn't answer: 

• Which exposures matter in our context? 
• Who owns the asset? 

That feedback led us to pioneer the CAASM space. But as we solved that problem, our customers presented us with the next one: the “actionability gap.” 

They had the insights, but were still struggling to neutralize threats at scale due to limited resources. Just this week (Oct. 22-23) at our CTRL/ACT conference, we announced how we're solving this with the introduction of Axonius AI.

Axonius AI is not another generic assistant; it is an operational engine grounded in a verifiable foundation of truth – our asset intelligence platform. It allows security operators to ask complex questions in natural language and get immediate, actionable answers. 

More importantly, its AI-driven risk engine intelligently prioritizes findings and can orchestrate trusted remediation, like deploying a missing agent or creating a verified ticket, all from one place. This move doesn't just deepen our relationship with existing customers; it significantly expands our total addressable market. 

By embedding an operational AI engine on this foundation of truth, we are creating a new category of intelligent exposure management and establishing a durable competitive advantage. This evolution, from providing asset context to automating analysis and response, is what takes us from being the pioneer in CAASM to becoming a world-class Exposure Assessment Platform (EAP).

Vishwa: With modern attack chains evolving rapidly, how do you see validation and exposure management adapting to keep pace with real-world threats such as identity abuse or chained exploits?

Ryan: Traditional exposure management assumes you know what you're protecting. But identity abuse and chained exploits succeed because attackers find the assets, identities, and connections that defenders don't know about, or worse, think they know but don't have accurate asset intelligence.

Here's an example of how modern attacks actually work:

• An attacker compromises an old service account that still has access but isn't in your identity governance system. 
• They jump to an unmanaged cloud instance your CMDB doesn't track. 
• They exploit a misconfigured API that security assumed was behind proper controls.

At each step, the attacker is exploiting the intelligence gap – the difference between what you think you're managing and what actually exists in your environment.

You can't validate exposure on assets you can't see. And you can't prioritize risk on identities you don't know are active. This is where continuous validation becomes critical. 

You need a system that constantly answers: 

• What assets exist? 
• Who owns them? 
• Which identities have access? 
• And when any of those answers change, can you detect it and respond before an attacker exploits the gap?

The organizations that are keeping pace with evolving threats aren't the ones with the most security tools. They're the ones with the most accurate, complete, and current understanding of their environment. 

That foundation lets them validate exposure across every layer and close gaps before attackers chain them together.

Vishwa: When organizations evaluate or integrate security tools, how can they ensure alignment and prevent redundancy?

Ryan: The key is to shift the evaluation lens from “Do we have coverage?” to “Do we have clarity?” For years, security stacks grew out of a shiny-object approach, acquiring specialized tools that addressed single threats or checked specific compliance boxes. 

The result was redundancy, higher cost, and in many cases, more complexity rather than more protection. Security teams end up spending more time reconciling different tools’ conflicting data than actually reducing risk.

To ensure alignment and prevent redundancy, organizations should prioritize platforms that deliver visibility across environments and integrate with existing workflows. Real integration means the platform consolidates fragmented data into a single, trustworthy view, which we refer to as a shared operating picture. 

This is where IT knows what assets exist, security knows what’s protecting them, and leadership can see risk posture without needing to translate between five different dashboards.

When evaluating any tool, the question I ask isn’t: “What does it do?” but:

• Does it reduce uncertainty? 
• Does it make our other tools smarter through bidirectional integration? 
• Does it consolidate our understanding of risk? 

Our acquisition and integration of capabilities, like what we’ve done in the healthcare and IoT space, is a testament to this philosophy. We don’t just add features; we integrate them deeply to provide a single, consolidated source of truth, eliminating redundancy and simplifying the security stack for our customers. 

The goal should be to build toward an Exposure Assessment Platform – a central hub that provides an aggregated and prioritized view to improve decision-making, just as analyst firms like Gartner recommend.

Vishwa: You often connect product features to business outcomes. How do you translate technical performance metrics into leadership language that clearly communicates risk reduction or operational impact?

Ryan: This is one of the most important jobs of a security leader. Boards and executives care about one thing: business resilience. They want to know, “Can the business operate securely and without interruption?”

As a CISO the job is to translate security work into that language. Instead of saying, “We patched 10,000 vulnerabilities,” we should be saying, “We reduced exposure on revenue-generating assets by 60% and closed all control gaps on customer data systems.” 

The first statement is a technical activity; the second combines a quantified security improvement with a direct statement about protecting the business’s most critical assets – revenue and customer data.

That’s the translation right there. By correlating asset data, vulnerability findings, and business context, like which applications are customer-facing or process payments, we provide the metrics that matter to leadership. 

A customer recently told me they went from reporting on patching velocity to showing the board a 75% reduction in the quantifiable attack surface of their crown jewel applications. That’s how you demonstrate a return on investment. 

It’s how security moves from being perceived as a cost center to being recognized as the function that enables the business to innovate with speed and confidence. Our platform provides that system of record for resilience, connecting tactical security work directly to the risk and performance measures that every board and C-suite demands.

Vishwa: During Cybersecurity Awareness Month, how can product leaders meaningfully contribute to awareness efforts? 

Ryan: Product leaders, like CISOs, have a responsibility to make security's value visible across the business. Awareness Month is our chance to reinforce that security is a team sport, not a spectator sport. 

It’s about showing how an accurate asset inventory from IT, combined with a validated security posture, allows the entire business to innovate faster and safer.

At Axonius, our purpose is “To Bring Truth to Action in Cybersecurity.” As product leaders, we have a megaphone and we should use Awareness Month to amplify the fundamentals that work: knowing what you have, validating what's protecting it, and empowering every team with the data they need to act confidently. 

That’s how we move awareness from posters and training videos to measurable business resilience.