Field CTO

Graham Rance

Field CTO

Graham Rance is the Field CTO at CyCognito. With more than 20+ years of security and infrastructure experience, Graham and his team are responsible for technical pre-sales responsibilities covering the globe.

Perspectives

External Attack Surface Management Promised Visibility — But Did It Deliver?

By Graham Rance ・ May 12, 2025

External Attack Surface Management (EASM) promised to illuminate the unknown, but early tools barely scratched the surface, relying on what security teams already knew. Today’s attacker-centric EASM flips the script, discovering unknown assets, mapping them to the business, and validating real-world risk with zero input. The result isn’t just visibility—it’s proof of exposure, and a clear path to action.

Research

Web Application Security Testing: Struggles, Shortfalls and Solutions

By Graham Rance ・ June 3, 2024

A survey of cybersecurity professionals in the U.S. and U.K. reveals challenges in web application security testing. Key findings include extensive attack surfaces due to numerous in-house and third-party applications, frequent security incidents, concerns about the effectiveness of existing tools, and inadequate testing coverage. Additionally, over half of respondents struggle to remediate discovered vulnerabilities. These findings highlight the need for improved web application security testing strategies.

Perspectives

The Truth About How Security Ratings Work

By Graham Rance ・ August 6, 2021

Security ratings platforms provide a view of your security posture they – do not provide tools required to for operations nor do they reduce cyber risk.

Posts by Graham Rance

Search the Blog

Graham Rance

External Attack Surface Management Promised Visibility — But Did It Deliver?

Web Application Security Testing: Struggles, Shortfalls and Solutions

The Truth About How Security Ratings Work