From Cloud Visibility to Digital Viability: Wiz and DVMS in the Evolution of Cyber Resilience
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction: Two Responses to Digital Complexity
As enterprises accelerated their adoption of cloud-native architectures, they encountered a new order of complexity. Infrastructure dissolved into services, workloads became ephemeral, and security boundaries blurred. In that environment, Wiz emerged as a transformational force in cloud security, offering radical visibility and risk prioritization across multi-cloud ecosystems. At the same time, a broader and more systemic challenge has been unfolding—one that extends beyond misconfigurations and vulnerabilities. Organizations are now complex, living digital systems composed of interdependent technologies, processes, data flows, and human actors. Governing, assuring, and accounting for cyber resilience in such systems requires more than detection; it requires a management architecture. This is the domain in which the Digital Value Management System (DVMS) operates.
While Wiz redefined how organizations see and secure cloud environments, DVMS is redefining how enterprises govern, assure, and sustain cyber resilience as an integrated dimension of digital business performance.
Wiz: Transforming Cloud Security Through Unified Visibility
Wiz’s primary innovation was applying conceptual simplicity to technical complexity. Instead of deploying intrusive agents across cloud workloads, Wiz connected via APIs to cloud service providers and built a unified graph of cloud assets, identities, vulnerabilities, configurations, and network exposures. By correlating these elements into attack paths, Wiz shifted security from siloed alert streams to contextualized risk narratives.
Before Wiz, cloud security often meant juggling multiple tools—CSPM for misconfigurations, CWPP for workload protection, vulnerability scanners for code and containers. Security teams faced alert fatigue, fragmented dashboards, and unclear prioritization. Wiz collapsed these silos. It provided a single, agentless platform capable of mapping toxic combinations—such as a public-facing workload with a critical vulnerability and excessive identity privileges—into actionable findings.
This was more than product consolidation; it was cognitive consolidation. Wiz helped security teams answer a crucial question: What matters? By focusing on exploitable attack paths rather than isolated control failures, it aligned technical risk with real-world exposure. In doing so, Wiz significantly improved the operational efficiency of cloud security teams and accelerated remediation cycles.
Yet Wiz’s scope, by design, centers on cloud security posture and exposure management. It secures environments. It reduces technical risk. It informs operational action. What it does not attempt to do is govern the enterprise-wide cyber resilience of the digital business system.
The Limits of Tool-Centric Security
The success of platforms like Wiz highlights an important truth: visibility is foundational. However, visibility alone does not equate to governance, assurance, or accountability. A cloud may be well-configured and continuously monitored, yet the enterprise could still lack coherent policies linking cyber risk to business objectives, financial reporting, regulatory compliance, or board oversight.
Modern digital enterprises are not merely collections of cloud assets. They are dynamic systems in which digital capabilities generate economic value. Cyber resilience, therefore, is not simply a security function; it is an enterprise performance attribute. It influences revenue continuity, regulatory standing, brand trust, and shareholder value.
In complex living digital systems, resilience must be governed as a management discipline—defined in terms of objectives, measured against outcomes, assured through evidence, and accounted for within corporate structures. This is the conceptual terrain that DVMS addresses.
DVMS: Governing Cyber Resilience as a System Property
The Digital Value Management System (DVMS) operates at a different altitude than cloud security tooling. Rather than focusing primarily on identifying vulnerabilities or exposures, DVMS provides a structured framework for governing, assuring, and accounting for digital value and cyber resilience across the enterprise.
At its core, DVMS treats the organization as a living digital system—a network of interacting capabilities that produce and protect value. Cyber resilience is embedded in this system as a measurable, governable property. Instead of asking only, “Are we secure?” DVMS asks, “How does our digital system sustain value under stress, disruption, or attack?”
This shift reframes cybersecurity from a defensive cost center into a value-preserving and value-enabling function. DVMS integrates governance structures, performance metrics, risk management processes, and assurance mechanisms into a coherent management architecture. It aligns cyber resilience with business strategy, operational objectives, and regulatory obligations.
Where Wiz surfaces exploitable cloud exposures, DVMS establishes enterprise accountability for resilience outcomes.
From Detection to Assurance
One of the most significant distinctions between Wiz and DVMS lies in the concept of assurance. Wiz delivers near-real-time insight into cloud risk states. It enables rapid remediation and improves security posture. But it does not inherently provide structured assurance that resilience objectives are being met across business units, supply chains, or digital ecosystems.
DVMS introduces formal mechanisms for assurance. It defines resilience objectives, establishes measurable controls and performance indicators, and creates traceable evidence chains. This enables executive leadership and boards to understand—not just assume—the state of cyber resilience.
Assurance within DVMS is continuous and systemic. It is not limited to control validation; it encompasses governance effectiveness, operational performance, incident response capability, and recovery readiness. In this way, DVMS extends beyond technical telemetry into organizational accountability.
Wiz informs operators. DVMS informs decision-makers and fiduciaries.
Accounting for Cyber Resilience
A further distinction emerges in the domain of accounting. Modern regulatory and investor environments increasingly demand demonstrable oversight of cyber risk. Cyber resilience is becoming a reportable enterprise attribute, influencing financial disclosures and risk statements.
Wiz contributes data that may inform such reporting, but it is not designed as an accounting framework. DVMS, by contrast, embeds accounting principles into cyber resilience governance. It structures how resilience performance is documented, measured, and communicated. It creates traceability from digital risk conditions to enterprise impact metrics.
In a complex living digital system, resilience failures can cascade across operations, revenue streams, and stakeholder relationships. DVMS enables organizations to map these interdependencies and quantify exposure at the system level. This capability supports executive accountability and aligns cyber governance with enterprise risk management.
Thus, while Wiz strengthens operational security, DVMS strengthens institutional integrity.
System Thinking vs. Environment Scanning
Wiz excels at environment scanning—continuously analyzing cloud infrastructure for vulnerabilities, misconfigurations, and toxic combinations. It operates within the technical plane of the digital estate.
DVMS operates within the systemic plane. It views the enterprise as an adaptive organism composed of digital capabilities, governance mechanisms, and performance feedback loops. It does not replace tools like Wiz; rather, it situates them within a broader management context.
In this sense, Wiz can be understood as a high-performance sensor array within the digital system. DVMS is the nervous system and the executive cortex that interpret signals, set objectives, coordinate responses, and ensure long-term viability.
Both are necessary. One provides visibility into technical risk. The other ensures that resilience is governed as a strategic enterprise function.
The Evolution of Cyber Resilience
The progression from traditional perimeter security to cloud-native risk platforms marked a major evolution in cybersecurity. Wiz represents the maturation of that phase—bringing clarity and coherence to complex cloud environments.
DVMS represents the next evolution: integrating cyber resilience into digital business governance. As digital transformation deepens and systems become more interconnected, resilience must be managed not only as a technical state but as a systemic capability. It must be measurable, auditable, and accountable.
The future of cyber resilience will likely combine both paradigms. Advanced security platforms will continue to refine visibility and response. Simultaneously, management systems like DVMS will embed resilience into enterprise governance structures, linking digital risk to value creation and protection.
Conclusion: Complementary Transformations
Wiz revolutionized how organizations understand and secure their cloud environments. By unifying visibility and prioritizing real risk, it reduced complexity and empowered security teams to act decisively. Its contribution lies in operational clarity and technical precision.
DVMS addresses a broader and more strategic challenge. It governs, assures, and accounts for cyber resilience across the entire digital value system. It transforms resilience from a reactive security concern into a managed enterprise capability.
If Wiz answers the question, “Where are we exposed?” DVMS answers, “Are we structurally resilient as a digital enterprise?”
In an era defined by complex living digital systems, both perspectives are essential. Visibility without governance leaves gaps in accountability. Governance without visibility lacks operational grounding. Together, they reflect the maturation of cybersecurity from tool-centric defense to system-centric resilience.
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
DVMS Cyber Resilience Professional Accredited Certification Training
Teaching Enterprises How to Govern, Assure, and Account for Operational Resilience in Living Digital Ecosystems
Moving From Paper to Practice-Based Operational Resilience
Explainer Video – Governing By Assurance
Despite an abundance of frameworks, metrics, and dashboards, many leaders still lack a clear line of sight into how their digital value streams perform when conditions deteriorate.
Strategic intent, organizational structures, and day-to-day behaviors are evaluated separately, producing static snapshots that fail to reveal how decisions, dependencies, and human actions interact within a dynamic digital system.
The result is governance that appears comprehensive in documentation yet proves fragile under pressure, leaving leaders to reconcile disconnected controls rather than systematically strengthen operational resilience.
What is needed is a framework-agnostic operating overlay that enables operational resilience to be governed, assured, and accounted for coherently across complex, living digital ecosystems.
DVMS Institute White Papers – The Assurance Mandate Series
Explainer Video – From Compliance Rituals to Evidence-Based Resilience
The whitepapers below present a clear progression from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Together, they define an evidence-based approach to building and governing resilient digital enterprises.
The Assurance Mandate Paper explains why traditional compliance artifacts offer reassurance, not proof, and challenges boards to demand evidence that value can be created, protected, and delivered under stress.
The Assurance in Action Paper shows how DVMS turns intent into execution by translating outcomes into Minimum Viable Capabilities, aligning frameworks through the Create–Protect–Deliver model, and producing measurable assurance evidence of real performance.
The Governing by Assurance Paper extends this model to policy and regulation, positioning DVMS as a learning overlay that links governance intent, operational capability, and auditable evidence—enabling outcome-based governance and proof of resilience through measurable performance data.
The Digital Value Management System® (DVMS)
Explainer Video – What is a Digital Value Management System (DVMS)
The DVMS is an overlay management system that governs, assures, and accounts for operational resilience in complex, living digital ecosystems. It does so by ensuring living-system outcomes account for paper-system intent.
At its core, the DVMS is a simple but powerful integration of:
- Governance Intent – shared expectations and accountabilities
- Operational Capabilities – how the digital business performs
- Assurance Evidence – proof that outcomes are achieved and accountable
- Cultural Learning – for governance intent and operational capability fine-tuning
Underpinning this integration are three distinctive DVMS models
Create, Protect, and Deliver (CPD) – The CPD Model™ is a systems-based model within the DVMS that links strategy-risk and governance to execution to create, protect, and deliver digital business value as an integrated, continuously adaptive capability.
3D Knowledge (3DK) – The 3D Knowledge Model is a systems-thinking framework that maps team knowledge over time (past, present, future), cross-team collaboration, and alignment to strategic intent to ensure that organizational behavior, learning, and execution remain integrated and adaptive in delivering digital business value.
Minimum Viable Capabilities (MVC) – The Minimum Viable Capabilities (MVCs) model supports the seven essential, system-level organizational capabilities—Govern, Assure, Plan, Design, Change, Execute, and Innovate—required to reliably create, protect, and deliver digital business value in alignment with strategy-risk intent.
The models work together to enable the following organizational capabilities:
A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance across every system responsible for digital value.
A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.
A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset—not an abstract concept. The DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.
DVMS Benefits – Organizational and Leadership
Explainer Video – DVMS Organization and Leadership Benefits
Instead of replacing existing operational frameworks and platforms, the DVMS elevates them, connecting and contextualizing their data into actionable intelligence that validates performance and exposes the reasons behind unmet outcomes.
By adopting a DVMS, enterprises are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
The Digital Value Management System (DVMS) provides leaders with a unified, evidence-based approach to governing and enhancing their digital enterprise, aligning with regulatory requirements and stakeholder expectations.
For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
For the CIO, CRO, CISO, and Auditors, an integrated, adaptive, and culture-driven governance and assurance management system that enhances digital business performance, resilience, trust, and accountability.
DVMS – Accredited Certification Training Program
Explainer Video – The DVMS Training Pathway to Cyber Resilience
The Digital Value Management System® (DVMS) training programs teach leadership, practitioners, and employees how to integrate fragmented systems into a unified, culture-driven governance and assurance system that accounts for the resilience of digital value within a living digital ecosystem.
DVMS Cyber Resilience Awareness Training
The DVMS Cyber Resilience Awareness course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
DVMS NISTCSF Cyber Resilience Foundation Certification Training
The DVMS NISTCSF Cyber Resilience Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
DVMS Cyber Resilience Practitioner Certification Training
The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to elevate investments in ITSM, GRC, Cybersecurity, and AI business systems by integrating them into a unified governance, resilience, assurance, and accountability system designed to proactively identify and mitigate the cyber risks that could disrupt operations, erode resilience, or diminish client trust.
A FastTrack Approach to Launching Your DVMS Program
Explainer Video – Scaling a DVMS Program
The DVMS FastTrack approach is a phased, iterative approach that helps organizations mature their DVMS over time, rather than trying to do everything simultaneously.
This approach breaks the DVMS journey into manageable phases of success. It all starts with selecting the first digital service you want to make cyber resilient. Once that service becomes resilient, it becomes the blueprint for operationalizing cyber resilience across the enterprise and its supply chain.
Company Brochures and Presentation
Explainer Videos
- DVMS Architecture Video: David Moskowitz explains the DVMS System
- DVMS Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- DVMS Overlay Model – What is an Overlay Model
- DVMS MVC ZX Model – Powers the CPD
- DVMS CPD Model – Powers DVMS Operations
- DVMS 3D Knowledge Model – Powers the DVMS Culture
- DVMS FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
