Gilles Rosset, Founder and CEO
Gilles Rosset, founder and CEO of Cognitechs, embodies the archetype of a self-seeker and a highly creative mind. As a seasoned risk management specialist, Rosset understands that some risks are inevitable, yet they can lead to better outcomes if managed well.
Today, Rosset helms Cognitechs to take on the most complex knowledge management challenges. The company has developed CogTL engine (pronounced as ‘cocktail’, because just like the beverage, the magic occurs when you mix multiple ingredients, viz. sources of data) that can be used as a standalone application, completely agnostic of the business domain, to analyse any data. Cognitechs also specialises in developing products like PeopleRisk powered by CogTL to address common domains. In essence, PeopleRisk focuses on Identity Governance and Analytics and equips risk managers and senior managers with a user-friendly interface to control all operational risks related to their company staff members. With PeopleRisk, users have complete, direct, immediate and always up-to-date access to all pertinent data. Every change in IT attributions, HR-related data, physical accesses, or any other source of data provided to PeopleRisk is analysed and translated to changes of risk indicators or exceptions to policies if toxic combinations are detected or compliance rules are breached. As a reaction, risk managers can decide to validate, comment, flag the various events, making PeopleRisk a core referential for risk management. Cognitechs also offers services to help companies dealing with the complexity of their data to solve specific issues with the power of its CogTL engine.
At the core, Cognitechs is singularly focused on offering a new way of doing risk management, which is more aligned with the business. “Overcoming the optimisation and evolution of risk management operations that were stuck with old tooling and recurrent and/or sub-optimal processes, our products provide a new holistic approach that offers risk managers a simple way to manage the complexity and speed of all changes, without a line of code and with a high agility, so that they can be in full control of their risks again,” states Rosset.
Risk Management Akin to the Inner Mechanisms of the Human Mind
When enterprises are faced with an ever-greater range of risks, Rosset has firsthand experience in embracing the radical shift in risk management, focused on understanding the new and unknown risks like never before. Back in the day, as the leader of the IT Security team of a Swiss financial institution, He was accountable for driving risk decisions—which included validating architecture of new projects, authorising or refusing changes, prioritising actions, and more—based on the key principles chosen to be applied—no communication between the production and test environments, or no storage of sensitive data outside of dedicated locations. Backed by this logical approach, he aimed to manage the cybersecurity or confidentiality risks consistently across the different projects and over the whole IT system.
However, during this stint, Rosset realised that every penetration test or ethical hacking exercise missed out on certain aspects due to the constant evolution of the IT ecosystem. “Either exceptions had been granted because of business imperatives, or conditions had changed that, leading to a situation where our base principles were violated, deriving a chain of consequences that led to an unexpected (and unseen) change of the risk posture,” he recalls. The apparent path to addressing this weakness entailed massive investment in governance, putting multiple controls and validation steps in place for every change so that the IT Security team had more chances to catch unforeseen consequences.
Overcoming the optimisation and evolution of risk management operations that were stuck with old tooling and recurrent and/or sub-optimal processes, our products provide a new holistic approach that offers risk managers a simple way to manage the complexity and speed of all changes, without a line of code and with a high agility, so that they can be in full control of their risks again
However, the approach has a high cost and slows down all processes and innovations—precisely why Rosset decided to take the road less travelled.
This is what spurred the idea of a virtual “brain” that can detect every significant change in the system, infer its consequences, and verify whether it impacted any risk principle or on the global risk posture of the company. With a clear objective to address the problems with brain-inspired algorithms, Rosset started experimenting with graph models and algorithms, developing a graph inference engine, a probabilistic risk calculation engine, and got an MVP after about 15 months: CogTL was born. After performing test cases on the company’s IT ecosystem, the team discovered that seeing the risk management would induce considerable gains to the risk approach.
On an innovative streak, Rosset had no plans of slowing down. He gave up the job to establish Cognitechs, to develop products based on this innovative engine, the first one being PeopleRisk, that applies the same principles for identity governance purposes.
Master Risks and Opportunities in a Complex and Constantly Evolving Ecosystem
Touching upon the value that CogTL brings to the table, Rosset emphasises that knowledge is not any more managed in silos. Data lake strategies, big data technologies, and algorithms have the same goal: to provide pertinent insights by considering data within its context. “This approach is at the core of CogTL, which organises all knowledge as a semantic graph, where all data elements are interconnected entities. Such modelling gives immediate benefits, in terms of not only information access, but also automatic analysis and data coherence control,” he adds.
In essence, CogTL’s unique approach to knowledge and risk management combines the power of a graph inference engine, big data technology to deal with millions of interconnected data points, fuzzy logic to deal with uncertainty, and a modern and intuitive user interface, offering a vast range of possibilities to the users. Besides exploring data through queries and dashboards, users can also visually explore the knowledge graph by navigating interactively from one data point to another. It is important to note that this real-time and event-based aspect of all calculations is a game-changer: risk management controls don’t need to be implemented as “recurrent reviews of long Excel files” anymore. Only the pertinent changes have to be reviewed, which significantly raises the efficiency level of risk management processes.
Further, Rosset also underscores the need to be proactive and react quickly in the wake of accelerating digital transformation. He stresses, “Even before having understood the risk and implemented ad-hoc governance around it, new services must be provided with a short time-to-market, information must be up-to-date and always available. Our products have been built with this requirement in mind: our engine works in real time, risks are re-calculated immediately as soon as a change occurs, and our products can even perform “what if” simulations, to anticipate all effects of any change, even if it did not occur yet.”
Besides its novel approach to risk management, the uniqueness of Cognitechs also stems from the high level of agility of its products, allowing the clients to start small with straightforward controls (and a limited licensing fee) and progressively refine them integrating more data and adding new rules.
The value proposition of Cognitechs can be best explained with a recent client success story. Reeling from the impact of COVID-19, a Swiss financial institution wanted to provide its employees and contractors with remote access solutions while still being subject to multiple regulatory (protection of clients personal data) or fiscal constraints in a short time. It was only a matter of days when the agility of CogTL and PeopleRisk enabled the client to set up the whole risk management framework to ensure that users could get the proper access at the right moment, taking into account all pertinent factors for risk calculation in real-time, and detecting any deviation. They could also comment and temporarily validate exceptions to the policy given the circumstances while keeping track of all risk decisions for audit purposes. Scripting similar success stories, Cognitechs will continue empowering its clients with its unique products like CogTL developed to be completely independent of the business domain. The company’s project takes advantage of its capabilities and simulation features to drag them miles away from the cyber or IT risks domain, and allows them to venture into the realms of insurance and diffusing silos across institutions. “Everywhere chains of causes and consequences have to be considered in a complex and evolving system, CogTL is a perfect fit,” concludes Rosset.