Talk about eating your own dog food. As CTO of compliance software vendor Consul risk management, Kristin Lovejoy conjures her company’s product vision. In her role as the company’s CIO, she uses that same software every day with the firm belief that being your own customer is the best way to develop. Her flagship product, InSight, monitors regulatory compliance as users interact with applications, operating systems, and databases, triggering alerts based on company policies and business rules. Lovejoy believes in risk management based on user identity and activity monitoring, rather than on the prevailing approach of enforcing procedures that protect assets but inhibit access. “People are the hazard,” she says. “All these regulations, when you come down to it, are protecting things from people.” Ultimately, Lovejoy aims to make the organizing framework of compliance a business asset rather than an inhibitor.