Fragmentation isn’t just a technical issue in cybersecurity — it’s an existential one. Shadow IT, software-as-a-service sprawl and disconnected tools leave teams squinting at their environments through fractured lenses, with no clear cybersecurity visibility into what’s safe or exposed.

Axonius’ Dean Sysman talks with theCUBE during Axonius Adapt25.

“That’s led to dozens of different tools that organizations need to use, and each one only sees a part of the picture, a part of the one piece of that puzzle of the organization,” said Dean Sysman (pictured), co-founder and chief executive offer of Axonius Inc. “It’s led to a lot of fragmentation for security teams that they’re trying to manage and be able to secure their environments.”

Sysman and other cybersecurity leaders spoke with theCUBE’s Rob Strechay, Rebecca Knight and Jackie McGuire at Axonius Adapt25. Don’t miss exclusive interviews on theCUBE, SiliconANGLE Media’s livestreaming studio, as our analysts talk with cybersecurity experts about solutions for fragmented tooling and siloed data — and a mounting urgency to move from passive awareness to confident action. They also share key details on how Axonius’ platform addresses this directly, leveraging AI-powered insights, an expansive integration network and automation capabilities to provide security and IT teams with a unified asset data model, enabling proactive security measures at scale. (* Disclosure below.)

From fragmentation to foresight: Solving the cybersecurity visibility problem

Many organizations know their environments lack cybersecurity visibility — the harder part is figuring out what to do about it, according to Sysman, during an interview with theCUBE. The starting point isn’t visibility alone, but creating a single source of truth that can drive meaningful action. That action requires consolidating data from siloed tools and exposing relationships between often overlooked assets.

Forrester Research’s Erik Nost talks with theCUBE about cybersecurity visibility.

“We created what we called cyber asset management, which is ‘How do we connect to all the existing tools an organization has and then be able to correlate, aggregate [and] deduplicate all that data together, and then give them a singular truth, a singular answer over what they have to all the existing tools an organization has,’” Sysman said. “That’s expanded more and more over time.”

Achieving cybersecurity visibility opens the door to the next challenge: getting ahead of threats instead of constantly reacting to them. The industry has been stuck in reactive mode, always chasing the latest zero-day or headline-grabbing vulnerability, according to Erik Nost, senior analyst, security and risk, at Forrester Research Inc. That approach can’t scale with the volume and complexity of modern environments.

“What we’re seeing is a shift from reactive to proactive security,” Nost said. “But to get there, you have to understand what you’re dealing with, what your prioritization should be [and] what’s the context that feeds into that, and then ultimately get toward … actionability and remediating these weaknesses that have been prioritized.”

The softer side of cyber: Leadership, diplomacy and driving cultural change

Cybersecurity may be built on a foundation of controls and frameworks, but its success increasingly depends on “soft” skills — including communicating cybersecurity visibility across teams with emotional intelligence and trust. That shift has pushed security professionals beyond their technical roots and into roles that resemble business coaches and diplomats, according to Kara Keene, senior manager of ASR engineering at global commerce company TransUnion LLC, during an interview with theCUBE. The transformations she’s led aren’t related to architecture or tooling — they’re all about tone.

TransUnion’s Kara Keene talks with theCUBE about shifting her company’s security posture.

“When I first joined security here, it seemed adversarial, maybe to put it nicely,” she said. “Security barks commands and expects everyone to jump.”

Keene embedded diplomacy into daily operations to change that culture, shifting security’s posture through shared platforms and collaborative planning. Working with Axonius became an olive branch for Keene, empowering her team to approach others not with demands, but with practical solutions. By leveraging Axonius’ platform to identify and resolve real issues for other teams, security shifted from being the hall monitor to becoming a trusted partner.

“Instead of barking commands, it becomes a project together, which has been really nice,” Keene said. “Security’s reaching out to [ask], ‘How can we help you?’ Other teams are much more amenable to helping us when we do need it.”

That shift in expectations hasn’t always come with a matching shift in authority, according to Ryan Knisley, former CISO at The Walt Disney Co. and Costco Wholesale Corp., during an interview with theCUBE. At Disney, Knisley leaned on Axonius to “engineer out labor” by automating routine security tasks — freeing his team to focus on complex challenges and reducing burnout along the way. Disney even added character visits to boost morale and keep spirits high. At Costco, the Axonius platform played a different role, helping the company regain visibility and control over a sprawling digital footprint and fragmented IT environment. That clarity was essential in managing third-party risks, which Knisley identified as some of the most persistent and difficult to control.

“We have all the accountability for cyber, but we don’t truly have the responsibility of C-suite leadership, sometimes, to make these big grand decisions for our organization,” Knisley said. “We still have to go ask for permission to do things because it’s tech.”

Getting buy-in, then, becomes less about frameworks and more about human behavior. Trust doesn’t grow through authority alone — it’s built through listening, mutual goals and follow-through, according to Keene. Empathetic leadership and cross-functional credibility can make or break a security program, especially as risks grow more diffuse and human-driven.

“I think when people feel listened to, they’re just immediately open to working together more,” Keene said. “You listen, affirm and then do what you are going to do. It just gets a lot of trust in people, and in a peaceful manner. There’s no yelling needed when everyone feels like they’re on the same team.”

In high-stakes environments, internal credibility is the linchpin that determines whether security programs thrive or stall. CISOs must evolve from technical enforcers into behavior-change agents, especially as security risks grow more diffuse and more tied to human error, according to Knisley

“What we need to do is really evolve behaviors for the companies that we support,” he said. “I think cyber … sometimes gets a bad rap. If I think about some of the government regulatory stuff that’s come down, really focused on CISOs, the frustration we have is these are your biggest champions for cyber at the company, yet you’re pointing your regulatory efforts against them. It’s just a weird situation … but I am hopeful that we’re progressing to the next generation of true business leaders.”

Governance first: Taming data chaos and scaling risk oversight

As artificial intelligence adoption accelerates, data governance teams must navigate a minefield of compliance gaps, unvetted tools and accidental exposures. For InComm Payments, a technology innovator for prepaid products such as gift cards and other payment devices, the Axonius platform has been central to closing those gaps by uncovering blind spots, identifying sensitive data and providing the kind of actionable insights needed to enforce effective policies, according to Luis Valenzuela, director of data governance and data loss prevention at InComm Payments. The platform also supports the company’s AI governance efforts, helping its internal committee evaluate application risks and implement guardrails that strike a balance between innovation and compliance.

InComm Payments’ Luis Valenzuela talks with theCUBE about solving for compliance gaps as AI adoption accelerates.

“We started from governance, so we created those directives where we tell people, ‘This is against the rules, number one,’” Valenzuela said, during an interview with theCUBE. “Number two, we try to promote that across the company with pictures, with posts [and] with links so people are aware that there’s a danger there.”

Beyond cybersecurity visibility, governance must now address the messy sprawl of data across software-as-a-service apps, cloud services and partner ecosystems. Context-aware prioritization and real-world risk quantification are essential for making defensible trade-offs that keep the business both secure and operational, according to Valenzuela. Fixing known vulnerabilities takes precedence over chasing hypothetical ones in a landscape where new threats constantly emerge.

“The problem is not that we don’t know of vulnerabilities … the problem is that we don’t know what to do with what we already know,” he said. “At some point, I ask in a meeting, ‘Do we really need more evidence, or do we need to fix first what we know exists?’”

This same prioritization mindset applies beyond the enterprise, all the way to the geopolitical level. National risk governance starts with recognizing the scale of modern threats and understanding that they’re already here. Organizations can’t prepare for what they refuse to see, according to Robert Skinner, chief executive officer of Skinner’s Strategies LLC. Holding internal teams and external partners accountable is central to national resilience, but so is education — making the threat real to people who may not yet feel its impact.

“The People’s Republic of China is focused on being the world order,” Skinner told theCUBE. “They are targeting our critical infrastructure and putting in implants to be able to exploit at the time and place of their choosing.”

Managing risk at scale requires integrated technologies and simplified processes that cut through noise and provide true situational awareness, according to Skinner. That’s where the Axonius platform played a critical role: It helped tame data chaos by correlating disparate information into a coherent view of the environment, the threat and the company’s posture. With correct configuration and AI-enhanced capabilities, the platform enabled Skinner’s team to solve specific problems instead of getting lost in the noise.

“One of the biggest shortfalls … is understanding,” Skinner said. “That’s where you need technology to be able to sift through all of this data, to sift through the chaos, to bring an understanding of what the environment is really like, what the threat is, and are you in a position of advantage or not?”

To watch theCUBE’s full coverage of Axonius Adapt25, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for Axonius Adapt25. Neither Axonius Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE