Frank McGovern

As a security professional, it is important to remember that the work you perform is for the business. This means that what you do almost always applies holistically to the organization. Businesses work in risk management while achieving their business objectives. Security falls into that vertical of risk management; it exists as an enabler for the business so that it can thrive by continuing at full speed in a world full of cybersecurity risks.

When we look at an organization, the leaders of them are essentially the business itself. A good chief executive officer views the company as their own. In some cases, such as private companies, this is exactly the case since they are typically the founders or owners of the business. When looking at a public company, it is often a board that has chosen who is best to be the head of the business. Leading involves determining what is the best direction and management of the organization. A responsibility of having this role is defining how risks are managed. This can be through several ways: accepting risk, transferring risk, mitigating risk, or avoiding risk.

While risk includes many things beyond security, your role in security is to help manage those risks associated to security. Even though many organizations are not managing security risk properly yet (e.g., not having a security ...