This is what Happens When Security Stops Chasing Threats and Starts Managing Risk | A Brand Story with Rich Seiersen from Qualys | An On Location RSAC Conference 2025 Brand Story

In this episode, Sean Martin speaks with Richard Seiersen, Chief Risk Technology Officer at Qualys, about a new way to think about cybersecurity—one that puts value and business resilience at the center, not just threats.

Richard shares the thinking behind Qualys’ Risk Operations Center, a new approach that responds directly to a common pain point: organizations struggling to manage vast amounts of telemetry from dozens of security tools without clear direction on how to act. Instead of forcing companies to build and maintain massive internal platforms just to piece together asset, vulnerability, and threat data, Qualys is creating a system to operationalize risk as a real-time, measurable business function.

With a background that includes serving as Chief Risk Officer at a cyber insurance firm and co-authoring foundational books like How to Measure Anything in Cybersecurity Risk and The Metrics Manifesto, Richard frames the conversation in practical business terms. He emphasizes that success is not just about detecting threats, but about understanding where value exists in the business, and how to protect it efficiently.

From Security Operations to Risk Operations

While a traditional SOC focuses on attack surface and compromise detection, the Risk Operations Center is designed to understand, prioritize, and mitigate value at risk. Richard describes how this involves normalizing data across environments, connecting asset identities—including ephemeral and composite digital assets—and aligning technical activity to business impact.

The Risk Operations Center enables teams to think in terms of risk surface, not just threat surface, by giving security leaders visibility into what matters most—and the tools to act accordingly. And importantly, it does so without increasing headcount.

A CISO’s Role in the Business of Risk

Richard challenges security leaders to break away from purely tactical work and lean into business alignment. He argues that boards want CISOs who think strategically—who can talk about capital reserves, residual risk, and how mitigation and transfer can be measured against business outcomes. In his words, “A successful business is in the business of exposing more value to more people… security must understand and support that mission.”

This episode is packed with ideas worth listening to and sharing. What would your version of a Risk Operations Center look like?

Learn more about Qualys: https://itspm.ag/qualys-908446

Note: This story contains promotional content. Learn more.

Guest: Rich Seiersen, Chief Risk Technology Officer, Qualys | https://www.linkedin.com/in/richardseiersen/

Visit the Qualys Directory Page for the latest promotions and stories.

Stay Tuned on ITSPmagazine Podcasts

Broadcasting Ideas. Connecting Minds. A Modern Innovative Multi-Media Platform.
A Global Space Where Intellectual Exchange Is Encouraged.

Musing On: Technology | Cybersecurity | Society & Culture | Business | Space | Science | Leadership | Environment | Healthcare & Wellness | Storytelling & Storytellers | Artificial Intelligence & Generative AI | Ethics & Philosophy | Policy & Regulations | Hacking | Software Development | Sociology & Psychology | Founders & Start-Ups | Conferences & Events | Mentoring | Creativity | Writing | Space Exploration and Security | Music | Musicians | Musical Instruments | Arts | Brands & Brand Marketing | …

Subscribe to the main ITSPmagazine Podcast Channel to listen to all our conversations directly on your favorite podcast player.

Note: These are links to the General ITSPmagazine Podcast where MOST episodes from our individual Podcast Channels are published. To subscribe to your favorite shows, please visit Our Podcasts Page

If you do not see your favorite player above, open it and search for ITSPmagazine Podcast.