How the DVMS FastTrack Model Supports a DVMS Program
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction
The Digital Value Management System® (DVMS) is a systems-based overlay designed to help organizations create, protect, and deliver digital business value in an increasingly complex and volatile cyber landscape. While the DVMS provides the conceptual and structural foundation, the DVMS FastTrack™ Model offers a pragmatic pathway for implementation. FastTrack provides a phased, iterative approach that allows organizations to begin where they are, stabilize their environment, and progressively mature toward resilience and innovation. Rather than attempting a wholesale transformation, it emphasizes incremental, risk-informed, and adaptable progress, ensuring that organizations can align governance, culture, and execution with strategic objectives.
The Role of FastTrack in a DVMS Program
At its core, a DVMS program enables organizations to manage digital business risk through enterprise risk management, systems thinking, and cultural adaptation. The challenge is that many organizations struggle with the “how” of operationalizing such a holistic model. The DVMS FastTrack approach addresses this challenge by providing a phased adoption roadmap. It shifts the focus away from static compliance toward adaptive resilience, embedding cyber risk management into daily business practices. FastTrack ensures that organizations take manageable steps that build upon each other, creating tangible value while maintaining momentum.
The Four Phases of FastTrack
The FastTrack Model is structured into four iterative phases: Initiate, Basic Hygiene, Expand, and Innovate.
- Phase 0 – Initiate: Often called “getting ready to get ready,” this stage establishes the foundation for subsequent phases. It may require implementing early-stage controls, clarifying governance responsibilities, or conducting baseline risk assessments. It stabilizes organizational awareness of digital value and sets expectations for cultural and structural change.
- Phase 1 – Basic Hygiene: This phase focuses on stabilizing the environment. It includes essential cybersecurity practices such as patch management, identity controls, and ensuring critical assets are inventoried and protected. By securing the basics, the organization builds the confidence of stakeholders while reducing exposure to common, preventable risks.
- Phase 2—Expand: Once stability is achieved, organizations can expand by optimizing the environment. This may involve maturing assurance practices, strengthening risk governance, and broadening protective measures across more systems, processes, and supply chain elements. Expansion requires tighter integration of risk-informed governance with enterprise operations.
- Phase 3—Innovate: At this phase, the organization embeds continual innovation and adaptation into its culture. Innovation becomes a core capability, allowing the enterprise to protect value and create competitive advantage through resilience. Continuous feedback loops between governance, assurance, and execution ensure that learning and adaptation are institutionalized.
These phases are not strictly linear. Governance, assurance, and risk assessment occur across all stages, and improvements in one phase may cascade backward to strengthen earlier work. This cyclical nature reinforces the DVMS principle of treating organizations as complex adaptive systems.
Aligning FastTrack with the DVMS Z-X and CPD Models
FastTrack is more than a stepwise checklist; it is embedded within the MVC–Z-X Model and the Create, Protect, Deliver (CPD) Model of the DVMS. The MVC-Z-X Model describes seven minimum viable capabilities (MVCs)—Govern, Assure, Plan, Design, Change, Execute, and Innovate—that every organization must master. FastTrack provides the temporal rhythm for maturing these capabilities. For example, the emphasis falls on Govern, Assure, and Plan in the Initiate and Basic Hygiene phases. When an organization reaches Innovate, the Execute and Innovate capabilities dominate, supported by continual governance and assurance.
The CPD Model reinforces that unprotected value has no value. FastTrack operationalizes this principle by ensuring that value creation and protection occur concurrently. Instead of a “create then protect” sequence, organizations learn to protect value as it is created, embedding resilience into processes from the outset.
Systems Thinking and FastTrack
One of the FastTrack Model’s most significant contributions to a DVMS program is its reliance on systems thinking. Organizations are not static entities but complex adaptive systems, where small changes in structure or culture can disproportionately impact behavior and outcomes. FastTrack encourages leaders to “see the whole, not the hole,” using iterative cycles to test and adapt. By applying leverage at critical points, organizations can coax systemic change without triggering destabilizing unintended consequences.
Embedding Culture and Leadership
A DVMS program succeeds or fails on culture, and FastTrack supports this by integrating cultural adaptation into each phase. In the Initiate stage, leadership signals accountability and aligns governance with enterprise risk management. In Basic Hygiene, employees across departments are engaged in establishing protective behaviors. By the Expand and Innovate phases, a questioning culture, continuous learning, and transparent accountability are institutionalized. FastTrack thus acts as a cultural scaffold, enabling leadership to cascade values, policies, and expectations from the boardroom to the front line.
Supporting Cyber Resilience and NIST CSF Adoption
The FastTrack Model is explicitly designed to help organizations operationalize the NIST Cybersecurity Framework (CSF) 2.0. The CSF provides the “what” and “why” of cybersecurity outcomes, but not the “how.” FastTrack fills this gap by giving organizations a practical, phased method to adopt CSF outcomes within their DVMS overlay. For example, the CSF’s GOVERN and IDENTIFY functions align naturally with the Initiate and Basic Hygiene phases. At the same time, PROTECT and DETECT are emphasized in Expand, and RESPOND and RECOVER are refined in Innovate.
In this way, FastTrack ensures that organizations do not treat the CSF as a compliance checklist but as a living, adaptive governance system integrated into strategy, risk, and culture.
Continuous Innovation and Competitive Advantage
The ultimate goal of FastTrack within a DVMS program is not mere compliance or even cybersecurity. It is operational resilience, sustainable digital business value, regulatory compliance, and client digital trust. By embedding a culture of continual innovation, FastTrack ensures that organizations can adapt to evolving threats, technological change, and shifting stakeholder expectations. The ability to create and protect digital business value concurrently becomes a source of competitive differentiation, allowing organizations to withstand disruption and thrive on the edge of chaos.
Conclusion
The DVMS FastTrack Model provides the structured, yet flexible path organizations need to implement a DVMS program effectively. It stabilizes environments by offering incremental, iterative phases, embeds cultural change, and enables continuous innovation. More importantly, FastTrack operationalizes the systems-based principles of the DVMS, aligning with the NIST CSF 2.0 and ensuring that value creation and value protection are inseparable. In doing so, it transforms cybersecurity from a technical silo into an enterprise-wide governance practice, fostering resilience, adaptability, and long-term success.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”
The DVMS Institute Certified Training Programs teach organizations how to transform static, fragmented, and control-based Governance, Risk, and Compliance (GRC) frameworks (NIST, ISO, ITSM, COSO ERM, COBIT, etc.) into a GRC Digital Value Management System® (DVMS).
Through its MVC, CPD, 3D Knowledge, and FastTrack Models, the DVMS transforms GRC frameworks into an integrated, adaptive, and culture-powered overlay system that drives Operational Resilience, Digital Trust, and Regulatory Compliance across complex digital supply chains.
Enabling resilience, compliance, and trust requires more than static frameworks—it requires the seamless connection of organizational Strategy, Governance, and Operations, supported by a forward-looking culture dedicated to identifying, classifying, and mitigating the systemic risks that threaten daily digital business operations.
By adopting this integrated, adaptive, and culture-driven approach to GRC, businesses are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- MVC ZX Model – Powers the CPD
- CPD Model – Powers DVMS Operations
- 3D Knowledge Model – Powers the DVMS Culture
- FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
