Cybersecurity professionals have an important role in organizations to help manage risk. However, many have gone down the path of saying “NO” to everything because we have to meet all of the Best Practices and “secure all the things all the time”.

We will never “secure all the things all the time”. It is unrealistic and not business friendly.

Business leaders understand risk. Bring the risk proposition to the leaders and help them see a clear picture. You will become a Trusted Advisor instead of a Subject Matter Expert and the invitations to be at the table for conversations will begin to happen. That is being a person who K-N-O-Ws what is happening.

What would it look like in your organization if you took the approach of being the department of K-N-O-W?

If you brought forward coherent conversations that involve asking great questions to determine what the business wants to do and figure out how to help the business leaders build the product in the most appropriately secure way.

Business is about risk mitigation. Saying No without understanding the business need isn’t thinking about risk, it is thinking myopically. Become a person who K-N-O-Ws and you will be invaluable to your organization!