In this insightful segment from RSAC 2025, Ryan Knisley, Chief Product Strategist of Axonius, provides their seasoned perspective to theCUBE. Joining industry voices such as Jackie McGuire of theCUBE Research and John Furrier, co-founder and co-CEO of SiliconANGLE Media Inc., the discussion delves into the intricate landscape of cybersecurity from a Chief Information Security Officer's viewpoint.
Knisley, a former Chief Information Security Officer now with Axonius, shares their expertise on the evolving challenges faced by CISOs, prompted by an ever-expanding array of tools and platforms. With experiences at organizations such as Costco and Disney, Knisley discusses critical areas for the present-day CISO, including managing a constrained security budget and leveraging existing tools effectively. Hosted by McGuire and Furrier, the conversation navigates through how modern security teams adapt their strategies amidst emerging technologies, such as artificial intelligence.
Key takeaways from the discussion include insights into cost management in cybersecurity and the importance of integrated tools rather than maintaining a sprawling inventory of solutions. According to Knisley, actionable intelligence is crucial, underscoring Axonius's role in providing that clarity and control. The conversation also touches on the cultural shift within organizations towards a more collaborative security approach, as highlighted by analysts and hosts at the event.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Ryan Knisley, Axonious
Exploring CISO Challenges and Insights at RSAC 2025
In this insightful segment from RSAC 2025, Ryan Knisley, chief product strategist of Axonius, provides their seasoned perspective to TheCUBE. Joining industry voices such as Jackie McGuire of theCUBE Research and John Furrier, co-founder and co-CEO of SiliconANGLE Media Inc., the discussion delves into the intricate landscape of cybersecurity from a Chief Information Security Officer's viewpoint.
Knisley, a former Chief Information Security Officer now with Axonius, shares their expertise on the evolving challenges faced by CISOs, prompted by an ever-expanding array of tools and platforms. With experiences at organizations such as Costco and Disney, Knisley discusses critical areas for the present-day CISO, including managing a constrained security budget and leveraging existing tools effectively. Hosted by McGuire and Furrier, the conversation navigates through how modern security teams adapt their strategies amidst emerging technologies, such as artificial intelligence.
Key takeaways from the discussion include insights into cost management in cybersecurity and the importance of integrated tools rather than maintaining a sprawling inventory of solutions. According to Knisley, actionable intelligence is crucial, underscoring Axonius's role in providing that clarity and control. The conversation also touches on the cultural shift within organizations towards a more collaborative security approach, as highlighted by analysts and hosts at the event.
Ryan Knisley, chief product strategist at Axonius, joins theCUBE’s Jackie McGuire and John Furrier at the RSAC 2025 Conference to discuss how CISOs can do more with less in an increasingly complex security landscape. Drawing on experience at companies such as Costco and Disney, Knisley shares a pragmatic take on today’s CISO priorities.
The conversation explores how budget pressure and tool sprawl challenge security teams trying to maintain visibility and control. Knisley explains how Axonius helps unify data and improve decision-making by focusing o...Read more
exploreKeep Exploring
What are some challenges that CISOs are currently facing in the cybersecurity industry?add
What are customers looking to integrate into Axonius and how is it being used as a source of truth for all things?add
What is being discussed in regard to creating shared missions across partnerships and stakeholders within a company?add
What is the role of the individual at Axonius and how do they stay connected to the cyber industry and CISO community?add
What was the positive feedback that the CISO gave about Axonius during dinner?add
>> Welcome back to The Cube's live coverage here at RSAC 2025 here. Day four. The show is really many voices. One community is the theme, but we're getting all the vibes here in The Cube. Jackie McGuire is my co-host, Dave Allante, John Olsik. Ryan's here, chief product strategist at Axonius. Ryan, we were just riffing on camera, before we came on camera about your role as a CISO, now chief strategist at Axonius. Big fan of the company. I've interviewed Dean, you did the conference. Small conference, but you guys are growing very, very fast. Love the team. Love the action. Thanks for coming on The Cube.
Ryan Knisley
>> No, thanks for having me. It's good to be here.>> I love the CISO perspective because you can talk now. With your other jobs, you didn't have a lot of PR. Security is very tightlipped. No one's really going to get on camera and say, "Hey, here's what our strategy is." But as a CISO, a lot of the conversations here is I want to simplify, I want cost ... Complexity's high, AI's here, they see value, but I still got to maintain my security. You hear about red teams on LLMs. You start to see models, apps, infrastructure, all being looked at. What is the mindset of the CISO right now? Your fellow brethren in the industry who are at home systems thinking around what they got to do. What is it in your view? What's the current state of the mindset of the CISO right now?
Ryan Knisley
>> Yeah, I'll tell you this. The CISOs I've talked with this week, and I'm still fairly new from that role out of that role. So I can speak as a-
Jackie McGuire
>> Still shaking off the trauma.
Ryan Knisley
>> Former CISO. Recovering CISO. But the ones I've talked to this week is there's excitement around the possibility of AI. I think there's some apprehensiveness still with it. A couple things. When you walk the floor, you see so many vendors and kind of talk ... I don't know if it's exciting or if it's depressing because there's just so many vendors and so many tools and so many solutions, yet every year it grows, but we're not getting better. Teams aren't getting better. Our jobs are getting harder as CISOs, our environments are becoming more complex. And so I would say we don't need more tools, we just need to use the tools we have better. We need more clarity, we need more confidence in the tools we have. And so the CISOs I've talked with this week, that's been a message that I've heard from them. The other one is budgets are highly constrained. I think your budget isn't ... If you're not being asked to give some money back this year, I think you're being asked to hold flat and push expenses into the second half of the year, and how can you do more with less or do more with what you already have? And I think this is where the platform game comes in, where we've got to use the tools to a fuller extent, the tools we have because I can't go buy new tools. I don't have money for new tools.>> Is the cost challenge just a macroeconomic factor, or is it the complexity and the, "Let's do some more thinking around how to efficiently run things." What's the cost driver or pressure, in your opinion?
Ryan Knisley
>> Yeah, I think it is macro. Just kind of what's happening right now with uncertainty, talking to friends and consulting. I know consulting has been challenged right now. People are holding projects to the later half of the year, that sort of thing. But I think it's also giving us an opportunity or giving CISOs an opportunity to really evaluate their spend and how do I maximize my spend in a super intelligent way to get the most from my money?
Jackie McGuire
>> Well in 2021 and 2022, the whole malware panic, I heard the term unlimited budget so often from security teams because everybody was like, "This could be an existential crisis for us." It was something where it was like ... It was easier to spend that money. And I think now we were talking about this, there's been this explosion of hypersegmented security products and now we're like, "Okay, we spent all of this money on all of these different tools, but we aren't achieving better outcomes." So I think we're kind of in the trough of disillusionment for security spending right now. I also imagine some of that money's being reallocated to AI projects.
Ryan Knisley
>> What I've seen, it certainly is. It's being reallocated. But you're right. In a sense, 2021 especially was a really heavy year of spend, kind of unlimited budget. CISOs got a lot of what they needed, but four years on from that, they're being asked hard questions, "What did that money get us?" And it's at times hard to justify the ROI spend.
Jackie McGuire
>> Yeah, it's like four times the log volume. That's what it got us.>> Let's talk about Axonius. Dean and I had a great chat at NYSE. You guys had a great conference. He's a product strategist. Given that you have the CISO perspective fresh in your mind and body, what attracted you to Axonius? Because you were a customer ... Before you were customer, probably a skeptic. I got the best diet, I got the best solution. It's going to change the game, it's going to move the needle. You hear that a lot, right? So you're now on board. Take us through what was the thing that attracted you to Axonius.
Ryan Knisley
>> I love telling the story. So it was around 2020 and my team at Costco at the time came to me and said, "Hey, we have this new tool. We need you to sign this contract." And I think it was day three for me as a CISO there. "This tool is going to fix everything, and it's called Axonius." And my first question was like, "How do you spell it? What does it do? I don't understand ..." I've heard this so many times. This is the tool to rule them all. But it was interesting coming from my team. So I started to really work with some trusted advisors that knew the solution well, and they all had the same feedback as, no, it's the real deal. It really is good, and so we went ahead and became customers. And I saw what it did for my teams both at Costco and Disney, and it was really transformative. I say there's four or five tools that I have to have as a CISO, and that is one of them. It's one that I really love my teams to use. And it was totally transformative. So when the time came and I no longer wanted to be a CISO and thought about joining a product company, when I met with Dean, I was already a fan of the company, the tech, the problem space they're going after. The addressable market, it's so foundational for security. It's really what I built my programs on. And then the opportunity to not be a CISO but yet work with CISOs and be the voice of the customer back to guide the roadmap of our product, it was just too compelling to miss.>> That's awesome. That's great story. And that's a great success story because that's a great kind of transition. You get to get the best of both worlds. I have to ask you. One of the things I was impressed with, Jackie I'd love to get your take too, you were at the conference, I couldn't make it, I really wanted to be, was there was this whole AI weighs all about best next action. And the idea that actions, you guys have that approach into the philosophy is huge. And that comes up a lot in the agent conversations. Automation has been around, but generative automation, non-deterministic is a big part of the security, figuring things out. But there's still some use cases. This action thing is really relevant. Talk about what's the secret sauce of Axonius. What's the magic? Is it action, is it the breadth of ... Looking at the assets? What is the key? Can you share-
Jackie McGuire
>> Let's get nerdy.>> Yeah.
Jackie McGuire
>> Let's get nerdy. So first degree psych, right? So we were talking neurology. So an axon is the thing that actually carries the electricity down the nerve cell into the cells. So Axonius, I assume, is supposed to be the string running through your entire architecture that carries the signals in and out, right? What I tended to find, I don't know whether it's alert fatigue in the soc, you've got 10,000 triaged alerts, or there's so much to do is that teams get stuck in analysis paralysis. So yeah, I think to John's point, how impactful was it for you to actually have a recommendation for what to do, not just being told something's wrong?
Ryan Knisley
>> Yeah. Highly impactful, first of all, I think you've heard this from security practitioners for the last several years is don't just highlight my problems for me. Don't just tell me ... Don't go find more vulnerabilities, because I don't have more people to throw at those and knock those down. Help me take action, help me get better. And that's been Axonius's approach now is we want to help empower security teams to solve problems, not just highlight problems. And so what my teams have done and what I've heard our customers, they want to integrate everything into Axonius. They're starting to use Axonius as their source of truth for all things. Just walking around here I've had Axonius shirts on and I'll get stopped and they'll say, "Hey, we're trying to figure out how we can get XYZ integrated into Axonius," and it's the power of these 1200 plus connectors that we've built where we can kind of connect into any application, any system, and if we can't, we'll build one really quickly so we can to help customers. And I think customers are finding the power behind that, so it's been fantastic.>> It's like the AI ground truth.
Ryan Knisley
>> Yeah.
Jackie McGuire
>> One of the interesting things you guys really help with is the thing I think is not often talked about, but license creep. So you guys help figure out what products are you using and how much are you actually utilizing of those products. And cynically, this is coming up I think and going to come up a lot more because I've had a couple CISOs the last few days talk about using other people's budgets for things. So I think that's also happening in security is that somebody will find this great security tool from your networking team, or your IT team, and all of a sudden your license is really skyrocketing. So as a CISO, how big of a problem is that for you in terms of we're not using the licenses we have, or we're using way more than we budgeted for?
Ryan Knisley
>> Yeah. So my approach was always how can I be most efficient? And I heard this yesterday. We're delivering pizzas. We don't need to deliver them in a Ferrari. And I love that. We can deliver them in a Chevy and the pizza still gets there.
Jackie McGuire
>> That's Bay area culture. It's like your DoorDash who's driving a Range Rover.
Ryan Knisley
>> Yeah . And I love it because that was always my approach. Hey, look at the tool sets we have. Are they good enough to accomplish what we need to accomplish? And if so, let's leverage them to their fullest extent. And so I think we're seeing teams take that approach with their tool sets. Axonius certainly helps, and this is a use case of let's go out and look at the software we're actually ... Or look at the licensing that we're actually using because we're paying for 10,000, we're only using 6,000. There's some cost savings there and so we do have this cost-efficiency play behind it as well that we're seeing security teams starting to use, as well as IT teams.>> We were talking on our intro security analysis for the show. Jackie and I were talking about the culture change and vibes. Vibe coding, vibe marketing. She's a vibe analyst, I call her. Vibes is culture, is about harmony. And one of the things that comes up, you mentioned team. Harmony amongst team, whether it's inside the company and outside has been a big thing. What's your view on that? Because again, you're fresh off working with teams, you mentioned teams. How are the teams in this kind of vibe culture around missions, shared successes, are you guys trying to get-
Jackie McGuire
>> I think trust.>> Yeah. Talk about what's your feeling on that.
Jackie McGuire
>> Because you're talking about trust and tools, right?
Ryan Knisley
>> Yeah. Yes, certainly. I think shared mission is important. You talked about shared mission, and I talked a little bit about that in Dallas when I spoke, is how do we create more shared missions across our partnerships, our stakeholders in the company, where it's not security teams succeeding or failing in a silo. "I'm security and I'm going to succeed with or without you." But how do we build consensus and excitement around shared mission with IT teams or with finance teams or whomever? And so there's a few platforms out there that do that, and I think in this case, Axonius is one of them. I kind of give this example, is our IT teams love us as well because of licensing and asset visibility and all these things that we do really well and it makes security's job a lot easier. And so I always encourage security teams like, "Hey, bring in your IT partners." And we're actually finding ... I heard a story last night, they said, "Hey, IT, the CIO got ahold of Axonius and pulled it from me, and now the CIO owns it. And I'm like, "Oh, that's fantastic.">> Word gets around fast.
Jackie McGuire
>> We had one of your customers, Kara, on from TransUnion and we actually coined the term Axonius as an olive branch.
Ryan Knisley
>> Yeah, love that.
Jackie McGuire
>> Because that's a really great way to build olive branches into the other teams is to provide the value that Axonius is providing to security to those teams. Because a lot of times there's a contentious relationship there. And so I love ... That was one of my favorite things from the whole conference was Axonius as an olive branch.>> I love that. I'm going to take that. Jay and I were riffing on the .
Jackie McGuire
>> That'll be $3,000.>> . You're going to appreciate this Jackie, Jay and I were riffing about the security's not the no team, it's the go team. It used to be like, "Hey, no, hold on. Where's the guardrails? AppSec review." They still have the high bar for resilience, no doubt about it, but they have to go more. And the teamwork has always been like-
Jackie McGuire
>> .>> Security guys are blocking everything to harmony.
Jackie McGuire
>> Oh yeah. Kara's big ... Kara's phenomenal by the way. She's a very young security leader. And her big thing was, "It's not no. I can't say yes yet. Let's get to yes." And it's such a mindset shift, but I think because everything's a security problem now, if we can't do that, people will just work around security. I have kids. If I don't ... My kids are already figuring out how to hack their way around my security controls and their devices, so if I work with them to get them to buy into those boundaries, it's better. So I think being able to form better partnerships within the organization, and to demonstrate shared fate, because if the security team doesn't win now, it used to be like, oh, your network might go down. Now it's like if security doesn't win, it could be existential for the company.
Ryan Knisley
>> Yeah. As an industry, we spent so many years saying no, building enemies, and it has been a mind shift the last several years to being a really collaborative partner. And there's a lot of teams out there doing it really well and have that mindset of we have customers and we need to have partnerships and internal stakeholders. And I think it's just so important. The speed at which we're moving with technology and with digital transformation, security teams can't afford to say no anymore.>> I want to get your thoughts on something that just made me think of the whole vibe thing and the data security. Here at the show a big focus we've heard is data security. You mentioned data sources. Build a connector if you need it. So you guys have built that context and unifying that. How do you control the data? Because the big conversation is, "Okay, I need to look at everything, and if I need to look at everything, then the bad guy can look at everything." So it's like, okay ... How do you guys look at the context of that piece of it? Because that's a big part of what you guys are doing, the data control plane, there's all kinds of harmonization layers. There's a zillion people trying to talk about this and solve this data security, source of the data. What's your view on that?
Ryan Knisley
>> Well first of all, it starts with intelligence. It starts with knowing what you have. And my approach as a CISO was always really, I thought, very simplistic. I would go in and I would say, "Okay, what do we have? What are the assets? What do we not know about? What is the software we're using?" Really sort of simplistic questions to try and answer that are super hard to answer actually. And boards, it's usually the first question. There's no worse question, I don't think, that you could be asked from a board than, "Are we good?" Never good, right?>> .
Jackie McGuire
>> Define good.
Ryan Knisley
>> By good do you mean ... But being able to go back to them and say, "Well, let me explain what we've done to mature our capabilities. We started with 75% visibility, we had pockets of unknown out there. Over the last two years, we've built that visibility to 96% of our environment." That's a really tangible metric that security teams can give to leaders and leaders feel really good about, and then from there you can start to say, and now that we have this visibility, here's what we're doing. So with data protection or really any kind of protection or resiliency, for me it just starts with visibility and intelligence.>> All right, so I have to ask the follow-up on that. Because when we were riffing day one with John Olsik and talking about, "Hey, every new wave there's always shadow something." Wifi came in, iPhones, shadow IT. Is there a shadow problem with AI? Because you're starting to see that piece ... And how are people in your community thinking about this? Because it is contextually a consumer product. There's a lot of shadow AI going on, sneaking in. LLMs, again, a whole other discussion. There's always a pretext to the trend, which is if it's not shadowing, it's not going to happen. So we saw that in a lot of these big waves. What's your view on and what are people talking about how to reign in the chaos or let it run? I don't know what to say.
Ryan Knisley
>> I think it's reign in the chaos, but let it run almost. Kind of what you said is ... I don't think we're going to solve this problem, nor should we try and solve the problem of let's eradicate shadow IT, period. I think it's how do we feel comfortable with the shadow IT that's taking place? How do we expose some light to it, maybe bring it in a managed way, or at least have comfort that it's being ran in an intelligent, safe way. That's my personal opinion on that, I think. Is there shadow AI? I would have to say, yeah. A lot. I don't have any studies to support that but->> The general sentiment is ...
Jackie McGuire
>> I mean that's the beauty of the cloud and the peril of the cloud is that you can spin up an S3 bucket or spin up a snowflake database in 10 seconds. And obviously it's not the policies that are usually a problem, it's the procedures that enforce the policies. So if you don't know that somebody in your sales team just spun up a bucket and dumped a bunch of customer data into it, it's really hard to protect that data.>> Well, this is a big debate. Old school, you'd say kill it. Okay, the new school is, it's an innovation signaling.
Jackie McGuire
>> Protect it.>> So it's a feature, not a bug, but you've got to look at it. Don't ignore it, but embrace it. Run to it, I think, right?
Ryan Knisley
>> Yeah. I think let's kill that process has led us to some really bad behavior, which is causing ... They're going to find ways to work around.
Jackie McGuire
>> That's why people are circumventing you. Yeah.
Ryan Knisley
>> So again, how do we embrace it? How do we bring it into the fold and support it? I think what are CISOs worried about with AI? I think they're all over the map. They have lots of concerns, whether it's what AI tools are being used, what freemium accounts are being created, and our company information might be exposed in those freemium AI solutions. What is prompt engineering security, the output of the prompt, how do we secure that? So we've not settled on the framework yet of what should we really focus on? What's the most important aspect that we need to be concerned about to secure AI?>> I'm just curious, what's your job like? Because product strategist, you have the keys to the kingdom, product strategy, you're playing 3D chess in a market that's evolving. What are some of the things you work on? Take us through a day in the life of what you do because you've got to look at the landscape. You've got to understand what Axonius brings to it. You've got to work with customers. Share a story. What's the coolest thing you're working on? What's a day in the life? Set some light into what's going on in your world.
Ryan Knisley
>> Why I was drawn to the role with Axonius was it keeps me connected to the cyber industry, the CISO community. So I spend a lot of my time talking with our customers, and our customers really like us. I was a very happy customer and I hear that a lot, but I also want to know what's not working. I want the bad news. And so I spend a lot of time talking with customers on not just feature enhancements, but where's the industry going? What do they want to see from us? We want to meet them ahead of where they're going, so they're not waiting on us to get there. So my job is really to guide the future of the product to meet the needs of CISOs and security teams.>> What are some of the things customers are saying? "Hey man, I love it. My life changed. I got the weekend back." Or what are some of the comments that you hear from the customers that like what's going on with you guys? What's the vibe?
Ryan Knisley
>> Last night we were at dinner and I had a CISO come up and said, "I love your tech," and it was just out of nowhere. "I love your tech." And it's great to hear that. I think truly the visibility that it gives them, and I hear people describe Axonius as, "Oh, you're an aggregator." And I'm like "No, that's not what we do." So we really expose what's happening in your environment in a really intelligent way, and once customers use that, they want more of it. And that's why we start to see this, "Hey, how can I connect this? How can I connect this into Axonius?" And Axonius becomes truly this hub, and I never want to say single pane of glass because we've said that for 20 years in cyber, Jackie.
Jackie McGuire
>> I said yesterday, if somebody said it again, I would throw them through one.>> Single choke the throat. That's another one.
Jackie McGuire
>> I literally said, if somebody says single pane of glass again, I will throw you through one.>> Single throat to choke another one.
Ryan Knisley
>> I never want to say that because we've heard it for so long, but it really is becoming kind of the central hub to take action on your environment.>> I think the mission control vibe of you got to see things and not let someone just sneak in and get full access to everything in the network has come up. But you got to control the data. That's a big part of it.
Jackie McGuire
>> You can't protect what you can't see.
Ryan Knisley
>> That point. I make that point is at its most basic level, every executive or board member knows that. And that's usually what they'll say, is when they say, "Are we good? What do we not know about? Because we can't protect what we don't know about." And so that was always the question I would try and ask, or try and answer for them is, "Hey, we feel really good about ... We know about a lot of things." We're still not perfect, we still have work to do, but we kind of know everything in our environment.>> And you got to know what you don't know and kind of keep your ears open. Ryan, thanks for coming on The Cube.
Ryan Knisley
>> Thank you.>> Congratulations on the new role. Excited to keep the conversation going. Big fan of what you guys are doing. Love the context angle you guys have. And say hello to Dean for me.
Ryan Knisley
>> I will.>> Dean . See you next time. Thanks for coming on. Appreciate it.
Ryan Knisley
>> Thank you.>> All right. I'm John Furrier with Jackie McGuire here, day four, grinding it out, and we've got tons of coverage. Check out siliconangle.com of course. Check out thecube.net. We'll be right back.
Jackie McGuire