Glen Day is the visionary Founder and CEO of NVISIONx, a cutting-edge data risk intelligence and DSPM company revolutionizing how businesses manage and secure their data amidst the evolving landscape of complex privacy regulations, complicated data environments, and the rapid rise of Generative AI. Through NVISIONx, Glen has redefined enterprise data governance by enabling organizations to manage data as a strategic asset, empowering them to proactively control data throughout its lifecycle.
The NVISIONx platform delivers an integrated view of business intelligence and cybersecurity insights, supporting cross-functional teams in Cyber, Compliance, Legal, and Business to make informed decisions, reduce risk, optimize costs, and accelerate their strategic adoption of critical GenAI technologies.
A trusted advisor to Fortune 500 companies, Glen’s leadership is underpinned by decades of experience in both strategic advisory and operational roles. Before founding NVISIONx, he served as Cybersecurity & Information Governance for Technology Partner at Ernst & Young LLP, specializing in intellectual property (IP) protection and safeguarding high-value information assets. His strategic expertise in data privacy and security has positioned him as a forward-thinking leader in the industry.
Glen’s professional journey also includes a distinguished career as a U.S. Navy Commander, where he specialized in Information Warfare. His military service, combined with his tenure as the first-ever Chief Privacy Officer for Los Angeles County, has equipped him with exceptional expertise in designing and implementing data governance frameworks for large-scale, complex organizations.
Under Glen’s leadership, NVISIONx has become a critical partner for businesses grappling with data management challenges intensified by the rapid growth of AI technologies. He is passionate about helping companies navigate this new frontier, offering innovative solutions that address both the risks and opportunities presented by AI-driven data environments.
Glen holds a Bachelor of Science in Applied Mathematics from the University of Southern California and a Masters in Management Information Systems from the Naval Postgraduate School. His commitment to data privacy, cybersecurity, and business intelligence continues to shape the future of data governance, making him a recognized industry thought leader.
NVISIONx is redefining how businesses approach data risk intelligence. Can you share the story behind the company’s vision and what sets it apart from traditional data management solutions?
When I was a partner at Ernst and Young, I had broad exposure across several different industries and saw how every company is struggling with this same data protection issue. My “aha” moment for NVISIONx came when we began working with a high-tech customer at E&Y, doing a massive data carveout as they were selling one of its largest intellectual property (IP) data sets to another leading global software company. The dataset consisted of over 5 billion files which were comingled other critical IP datasets that they were retaining. We were also dealing with a very aggressive deadline of less than 90 days to complete the carveout. If they didn’t deliver the acquired files, they’d face extreme contractual financial penalties, ranging as high as $100 million a month in this $8 billion deal. We successfully devised a strategy and methodology which we were able to complete well in advance of a 90-day deadline with 100% acceptance by both our direct client and the acquiring clients. The deal closed ahead of schedule, without any monetary penalties.
Now, with NVSIONx, we’ve built a platform that takes a unique approach to data classification by focusing on the sensitivity of the data. We developed new patented automation methodologies to determine not only which data is confidential but also confirms why it is confidential in business terms. This is the basis for our unique contextual classification capabilities that fuses data sensitivities with business record types. For example, a social security number within an employee application should be controlled and managed differently than a social number within a patient or customer request. Simply depending upon simple privacy attributes is not actionable. More business context is needed, and that context is derived uniquely from our new RexAI module. No one else is doing this.
We provide contextual classification for every file in the data ecosystem, which provides business context for different record types with specific privacy attributes that may or may not exist. This makes it easier to then accurately define the data protection rules. We can enable data files on need-to-know access so that only certain folks have access to sensitive records. With contextual classifiers, the security team can reconfigure their business rules with higher accuracy in a matter of minutes.
On the other side, contextual classification also enables defensible data disposal in which every record type has an assigned expiration date based on the designated record’s retention schedule. For example, if a company needs its invoices to be kept in its system for six years after the invoice was created, we can select for all the invoices that were created more than six years ago, enabling a clear defensible target for invoices that can be deleted, barring any necessary legal holds. We can apply this same principle to any record set supporting a broad list of use cases.
Without contextual classification, companies will continue to rely on legacy data classifications treating all data as one-size-fits-all. Our platform allows you to create custom rules based on the needs of the business: specific rules for credit cards related to employees, a different set of rules for credit cards related to customers, another set of rules for third parties, etc. We give answers to the question “What kind of record is it?” We enable “smart” controls in a way that doesn’t impair business operations because we prevent data from going to the wrong people, which is why they bought the controls to prevent in the first place.
Your platform integrates business intelligence and cybersecurity insights for cross-functional teams. How does this approach improve decision-making across departments like Cyber, Compliance, and Legal?
We break down the silos between cyber, legal, and the business.
First, we break down the technical siloes — this is the easiest one for us to do. The different repositories between OneDrive, SharePoint, Salesforce, and network files create different limiting views. When you can only see data in one system but not the other simultaneously, you can’t see the trends to understand the bigger picture.
Next, we break down the silos between people. We get teams working together from different perspectives and allow them to communicate effectively. We’re able to display data visually in a way that the business, cyber teams, legal, and compliance teams can understand based on how the data relates to their unique business functions.
Lastly, we break down the process siloes. Teams need to communicate together so that processes like data disposal and data classification can be treated like a team sport. Sometimes, you have to have multiple conversations and when you can display different scenarios of data sets within the platform, teams can more reliably determine which record types and give more insight as to which data is truly sensitive, which data is misclassified, etc.
These are critical business functions that cover the life cycle of data. However, if they remain in silos, then these business decisions are left to the IT or cyber teams. They won’t know how to classify certain record types because they do not understand the specifics of complex business operations for data in each department. Specifically, to data disposal efforts, it takes a number of stakeholders to reliably retire expired data. We break down all the barriers between these departments so that they can do so effectively and efficiently.
With data volumes growing exponentially and AI becoming more prevalent, what are the biggest challenges businesses face in maintaining effective data governance today?
The biggest challenge is the fact that the data is changing every day and with that comes new risk concerns. However, if you have a sustainable program in place, you can take these changes into consideration head-on so that it doesn’t become a risk concern over time.
Most companies don’t even have a playbook for how this is supposed to work. They love the potential of Gen AI, but if their records aren’t properly classified and governed, when they try to put a number of files into Gen AI for trend analysis, they end up combining different records that aren’t even related. Gen AI will analyze this data to the best of its ability but since it doesn’t know the context, if certain files don’t belong together, it’ll likely lead to bad outcomes.
For example, if you’re putting in worker compensation records to do a trend analysis on what causes most accidents in the workplace, these records could potentially go back 40 years. You’re going to be capturing many incidents that aren’t relevant to today.
Another issue that comes up is the problem of redundant data. If you’ve never governed your data, you’ll be dealing with many replicated and duplicated files that taint the quality of analysis because it sees multiple instances of the same thing without giving the AI proper instruction.
Last, if you don’t understand which data sensitive and which data is not, the GenAI could potentially expose such information to employees who should not be viewing certain data. There have been cases where executive salaries have been exposed when HR analyzes records without an understanding of data sensitivity before having it processed in GenAI.
Without having a strong data governance program to determine record types, data sensitivity, duplicates, and outdated files that shouldn’t be processed into the model, the GenAI program will never deliver the right outcomes that companies are seeking and be viewed more as a risk concern than a business benefit.
Regulatory compliance is a top concern for many organizations. How does NVISIONx help companies ensure they remain compliant while managing the complexity of modern data environments?
The beauty of our tool is that it’s built for large enterprises with dynamic data. We monitor data wherever it is. Data is changing all the time and in order to keep up with that change, we keep track of the risk posture. This is where we do continuous scans on a daily, weekly, or monthly basis — particularly for sensitive data — so that companies can be proactive about risk concerns and catch fires at the first sign of smoke.
We’ve seen extreme cases where companies aren’t consistently monitoring their data and they weren’t even aware of the breach until it was front-page news. One customer had to actually go to WikiLeaks to determine which data was taken and had no internal indicators that hackers were in their system.
We continuously track data without having to move it. We monitor who is accessing the data and if there’s ever a case where foreign interferers are getting access to things they shouldn’t, we can catch those anomalies and alert you in a matter of minutes.
How do you see data privacy regulations evolving in the next five years, and what implications will this have for businesses?
Five years is like a lifetime in this world. Everything is moving so dynamically. Europe’s GDPR regulations has been globally adopted but are is now defined at a national level. For international businesses, this means navigating a web of global regulations with local tweaks, requiring a deep understanding of both local and global compliance requirements.
Regulators are shifting focus from financial penalties, which have become just another business expense, to executive accountability. They’re adopting a model similar to Sarbanes-Oxley, targeting individual executives rather than just companies. This means executives could face personal legal consequences, including jail time. The FTC, for example, has started naming CEOs in orders, making them personally liable and effectively tainting their future career prospects.
At the state level, regulators in places like New York and California are taking strong, independent stances, ensuring that data privacy remains a priority regardless of federal actions. This creates a dual regulatory environment where businesses must comply with both state and federal requirements.
Regulators are also demanding more accuracy and proof of compliance. They’re not just looking at policies anymore; they’re digging into actual practices. If there’s a breach, they want to see that what you say you’re doing matches what you’re actually doing. This means businesses need to ensure their practices align with their policies and that governance structures are in place to monitor compliance effectively.
For businesses, this evolving landscape means they need robust compliance frameworks and governance tools. Boards and CEOs, often intimidated by the complexity of cybersecurity, need to engage more deeply with these issues. They should use tools that translate complex data into understandable business insights, allowing them to manage risk across departments and hold individuals accountable for non-compliance.
Tell us about RexAI’s ability to identify, prioritize, and secure sensitive data effectively?
RexAI essentially automates the contextual classification of billions of files into business records by giving them actionable sensitivity labels. Data is being created at greater volumes than what manpower can keep up with alone. We simply can no longer manually classify records and apply record types using spreadsheets and a small army of people. It’s such a tedious job that leads to inaccuracies and lost time.
RexAI leverages private LLMs so companies can securely process large volumes of files and database tables securely in their own trusted environment in a matter of minutes. It compares each file to your record schedule and identifies the most accurate record based on metadata and its contents. This provides a magnitude of maturity into records management so that companies don’t have to rely on spreadsheets and humans to do these tasks, which is ultimately not scalable when it comes to the amounts of data volumes companies have to keep up with.
Drawing from your military background in Information Warfare, how have those experiences influenced your approach to building data governance frameworks?
I would not be here without that military experience. In the military, data is a matter of life and death. Whoever has the best intel wins the battle. We had to deal with a number of different disparate, complex data sets. This data includes intel from ships’ radars, sonar, telemetry data from jet fighters, data from satellites and signals from soldiers on land. To prevent the bad guys from killing us, we had to understand with certainty that cross correlating these multiple sensors increases the accuracy of both the intelligence and the targeting. Oftentimes, our troops and NATO partners are positioned right next to the bad guys. We had to make sure that we hit our intended targets when we fired our missiles and that takes quality data to make precise decisions with limited time.
Data was more than just an audit report. If we get it wrong, people die. That’s why I have such an emotional connection to data because, with the right approach and attitude, I understand just how important it is to deliver meaningful outcomes to those who need it through quality data.
What are some of the most common data governance misconceptions you encounter from customers, and how do you address them?
This first misconception comes from the belief that they have too much data to even start to governance program. Many customers believe that managing their vast amounts of data is impossible, leading to skepticism about achieving complete data governance. They often think it’s too complex to even start. We counter this by demonstrating that with the right processes, leadership, and technologies, effective data governance is very achievable and even fun. It not only enhances security and proactivity but also saves significant costs related to storage and inefficient processes.
This second misconception has to do with an overreliance on IT and Cyber. Customers believe that data governance is solely an IT or cybersecurity issue. This narrow view is why many competitors struggle. We emphasize that data governance requires involvement from all critical stakeholders, including business and legal teams. It must be accessible and straightforward enough for non-technical users, like accountants, to engage with minimal training. This broad involvement is crucial for elevating data governance practices.
Third, customers underestimate the financial impact of poor data quality. Customers often don’t realize the financial waste of lacking a data governance program. We use an embedded ROI calculator to illustrate the costs, particularly focusing on storage. Companies typically double their data volumes every two years, leading to escalating storage costs. While storage might seem cheap to buy, the ongoing costs of compliance, protection, backup, and accessibility quickly add up. We help customers identify and retire toxic data, such as outdated or redundant files, to mitigate these costs.
The last misconception has to do with the mismanagement of data. Many organizations fail to manage data from terminated employees or contractors, leaving behind abandoned data that no longer provides value. We address this by identifying redundant, outdated, trivial, and abandoned data (ROTA) to help customers understand that surplus data is not only costly but also potentially risky.
NVISIONx works with Fortune 500 companies. Can you share an example of how your platform has helped a major organization overcome a significant data management or security challenge?
Right now, we work with several Global Fortune 500 companies with a strong international presence that also experienced data breaches, impacting their international operations. The breaches require them to report the incident to regulators, their C-suite, the board, the public, and the individuals whose data was compromised in a very short period. Given the aggressive breach notification requirements that vary by nation and region, companies face daunting task of quickly identifying whose data was taken and what exactly was compromised.
For new customers, our platform is often brought in to address these challenges. Within days, not weeks, we rapidly ingested and processed their data, providing a clear context of the breach’s impact. We quickly identify the affected individuals, whether it was a million people in a database or across 100 million files, allowing companies to meet their notification timelines and avoid large regulatory fines.
Beyond incident response, our platform helps large companies proactively manage their entire data estate, whether in the cloud, in data centers, or on laptops. We handle both structured databases and unstructured files, providing insights into what data they have, who owns it, its sensitivity, and access permissions. Our technology offers full transparency and actionable insights, enabling organizations to manage their data proactively and productively.
What excites you most about the future of data governance, and how is NVISIONx preparing to lead the way in a landscape increasingly shaped by AI and advanced technologies?
My team and I are excited about how the future of data governance is intersecting with AI and advanced technologies. Our platform was designed from the ground up to align with how data is governed, used, and consumed, making it more powerful, intelligent, and user-friendly for our customers. We never shy from taking on new, complex data-driven business challenges.
One of the most exciting reasons why is the opportunity to transform legacy business functions that have remained stagnant despite technological advancements. Take records management, for example—it’s a critical function often still reliant on spreadsheets and manual labor. This approach is neither smart nor sustainable. We’re automating and enhancing records management to meet the highest standards based on our customers’ needs.
Another area we’re addressing is data hoarding. Our platform provides workflow automation that allows business, IT, and legal stakeholders to confidently eliminate unnecessary files. We offer full transparency, building trust and confidence that actions align with company policies.
We’re also rethinking audit and compliance processes. Traditional static audit reports, which are costly and limited in scope, are being replaced by our platform’s comprehensive, near-real-time data audits. This shift not only reduces costs but also provides a more complete and timely view of data.
As generative AI drives the demand for real-time, on-demand data transactions, any data-driven function not embracing AI becomes a risk and inefficiency for businesses. We’re aligned with these advancements, using logic, process, and automation to solve global business challenges. Companies that fail to treat data as an asset risk falling behind, while those leveraging data effectively will become more efficient and competitive. We’re prepared to lead the way in this transformative landscape.
