Two weeks ago, I told you AI security and governance had reclaimed the #1 theme, and pentesting had come out of nowhere as #3. The shape shifted again.
This period: 46 buying signals from 26 IT teams in 14 days. AI security and governance held at #1 with 8 signals. But identity and access management, which barely registered a quarter ago, surged to a tie with 8 signals of its own. Cost optimization and FinOps moved into the #3 slot with 7 signals. Pentesting cooled. The replacement cycle is the new constant: five different companies named the tool they're walking away from this period, Splunk, JIRA, Red Canary, an MSP, and Microsoft licensing.
Three quotes that explain what's actually happening.
We are currently relying on standard MS tools for IGA, but they are struggling to handle our complex hybrid setup, especially since the rapid growth of machine and AI identities has left my team buried in manual access reviews and slow provisioning.
We are re-looking at our architecture and tech stack for a larger cloud transformation overhaul and seriously considering switching from Splunk.
Looking for help managing AI use and privileged access in our environment.
The density signal of the period: one Senior Director of IT Infrastructure & Operations at a pharmaceuticals manufacturer submitted seven distinct active projects in 14 days: SAM, cloud observability, IoT security, Microsoft licensing reduction, secure access across user and lab bases, false-positive reduction in the SOC, and AI for CX. That isn't browsing. That's a budget owner clearing a roadmap.
Most vendors don't find out about projects like these until the RFP drops. By then, the shortlist is closed.
Who entered the network
These leaders joined in the last 14 days. They are actively requesting vendor conversations now.
IT Director — PPG Industries ($13.8B revenue, 46,900 employees)
Chief Information Security Officer — North Carolina Department of Revenue ($34.6B revenue)
Director, Enterprise IT Operations, Financial & Business — University of Maryland Medical System ($5.0B revenue, 15,864 employees)
Associate Director, IT Applications — Hikma Pharmaceuticals ($3.4B revenue, 10,506 employees)
Sr. Director of Cybersecurity and SecOps — CoreCivic ($1.98B revenue, 14,075 employees)
Senior Vice President of Information Technology — Gabe's Stores ($1.0B revenue, 3,810 employees)
CISO — Enpro Inc. ($1.0B revenue, 2,177 employees)
Chief Information Officer — City of Scottsdale ($470M revenue)
Information Technology Operations Manager — Phoenix Physical Therapy ($325M revenue)
Chief Technology Officer — SMART CARE ($205M revenue, 1,000 employees)
Director of IT Applications (Data, AI, BI) — ProDriven Global Brands ($162M revenue)
Chief Technology Officer — IVX Health ($152M revenue)
Members typically take 2-3 vendor meetings per quarter. Once those slots are filled, the window closes for the cycle.
What they're working on
Replacing standard Microsoft IGA tooling because machine and AI identities have buried the team in manual access reviews. (IT Director, Netcracker Technology Corp.)
Splunk replacement, paired with a larger cloud transformation and FinOps overhaul. (Senior Director, Tech Transformation, Pernod Ricard)
Active ITSM project for 2027 deployment — product not yet chosen. (VP IT Americas, Samsonite)
Replacing Red Canary as MDR provider — exploring new vendors now. (CIO, Strike, a $2.5B construction company)
Access reviews and remediation across 5 different ERPs — current process is unworkable. (Global IT Director, Vehicle Service Group)
Consolidating point solutions across security, access, and SRE — strategy for software rationalization. (IT Director, Infrastructure, Dell)
AI use governance plus privileged access plus app sec plus AI coding tools — looking for a national partner for helpdesk, cyber, and IT ops. (CIO, EoS Fitness)
Microsoft / Oracle Enterprise Agreement optimization for the 2027 planning cycle — right-sizing and rationalizing existing investments. (Director, Infrastructure & Operations, Delta Dental)
Unified visibility, security, and guardrails for AI agents — described as "exploding this year" inside the company. (Director, IT Security & Risk Management, U.S. Silica)
Cyber threat intelligence and secure AI adoption — actively evaluating named vendors. (Head of Security Operations, Wix.com)
Proof it works
Two data points from the last two weeks that matter more than the headline metrics.
A partner told us this period that 85–90% of the members they met with were actively seeking a solution, not researching, not informational, in-market with a named project. That's the answer to the question every vendor is actually stalling on: will the meetings I buy be with buyers?
A senior IT leader at a $3.6B consumer products company — a member, not a vendor — described our matching this period as "a curated approach to vendor discovery that reduces reliance on traditional channels and accelerates decision-making." That's the member-side version of the same statement. Members come because the brief targets their actual project. Vendors get the meeting because the matching is human-supported, not algorithmic. That's the wedge between us and the fully automated matching platforms.
The platform baseline holds underneath all of it: 78% of meetings advance to a next step, 22% turn into qualified pipeline, 8.2 of 10 average member rating across 2,188 recently completed meetings. The numbers don't move because the system selects for buyers.
The Close
You aren't choosing between DoGood and nothing. You're choosing between DoGood and one of four alternatives: an SDR team that can't cold-call a CISO, a conference where nobody's pre-qualified, an automated matching platform that sends you whoever clicks, or an intent list that tells you who might be researching.
We sit in front of all four. Our members are requesting meetings on projects they've already named. Our matching is human-supported, which is why 85–90% of the meetings hit a real buyer. And our partners stay because we iterate the qualification question with them after launch — we don't ship-and-forget.
These leaders are in the network right now. They've told us what they're replacing and when. The May matching cycle is open. The vendors who land in front of them this month are on the shortlist when the RFP drops in 60 days. The vendors who wait are the ones who write cold emails afterward.
Reply if you want in on the May cycle.
— Ryan