Risk Managers Are Just Like Security People
Or is that vice-versa? A few weeks ago, Security Retentive posted about an article in the Economist: “Confessions of a Risk Manager”. Both his analysis and the original story are quite interesting and I encourage you to read them as well as a letter to the editor that was published in last week’s print edition of the Economist. In “Risky Business”, David Howat, a self described past risk manager share his thoughts on the roles of risk managers:
Risk managers can’t do a proper job if they aren’t part of the team that develops the proposal. They are enablers, not gatekeepers: their job is to ensure that each new transaction, product and service is developed with safety as well as profitability in mind. Weaknesses need to be identified early so that, if they can’t be corrected, the proposal can be dropped before anyone gets too attached to it.
Sounds familiar doesn’t it? I can’t count the number of times I’ve used a similar argument for security being involved from the beginning. It’s heartbreaking to hear that an industry that’s been around much longer then ours is still fighting the same battles. Yet on the plus side, it’s yet another group that we can learn from to improve our own stance and hopefully avoid making some of the same mistakes. Time to go re-read the original article again.