Shimon

The Access Request Dilemma: A Trust Game in Disguise
by Shimon|15 October 2025|Embedded GRC, GRC Economics, Models in the Wild, SAFe GRC
Every access request begins as a technical act: a permission ticket, a role adjustment, a key rotation. But what it really represents is a negotiation of trust. Whether it’s a developer requesting a production role, an analyst seeking a restricted...
continue reading
Policy as a Signal: Credibility, Cost, and Aspirational Signaling
by Shimon|10 October 2025|Embedded GRC, GRC Economics, Models in the Wild
Policies are meant to clarify behavior, but in most organizations, they act as signals—broadcasts of seriousness, maturity, and compliance posture. A well-written policy feels like progress: an artifact that turns ambiguity into structure. Yet beneath the formatting and formal language...
continue reading
Governance Reversibility Assessment
by Shimon|07 October 2025|Models in the Wild, Strategy & Theory
Every governance system faces a moment when the map stops matching the terrain. A control that once made sense becomes ceremonial. A framework that once signaled maturity begins to slow delivery. A policy written for one architecture quietly constrains another....
continue reading
Why GRC Feels Like a Monty Hall Problem
by Shimon|06 October 2025|Models in the Wild, Strategy & Theory
Most GRC teams assume they’re operating inside a machine designed for clarity: controls are documented, policies are published, frameworks are mapped, and dashboards glow with confidence. The closer you get to the real decision points—access reviews, risk acceptances, policy updates,...
continue reading
Welcome to the Work: What This Site Is, and What It Isn’t
by Shimon|02 October 2025|Thinking Like an Economist
This site began with a simple goal: to give shape to the kinds of conversations that often unfold outside formal channels—after the meeting has ended, between functions navigating ambiguity, or once the audit has concluded but the discomfort still lingers....
continue reading