What assumptions about our cybersecurity program were challenged by the SPI 360 baseline?
Which stakeholder surprised me—positively or negatively—in our early conversations?
Where is trust missing in our current governance structure, and how do we know?
What did the entropy signals reveal about the “hidden system” behind the formal org chart?
How aligned is our stated strategy with the lived experience of our teams?