The Pepperdine Graziadio Business School and ITSPmagazine have joined forces to provide a unique, online, dynamic learning program, tapping into the wealth of knowledge from the growing number of ITSPmagazine Subject Matter Experts (SMEs) willing to share their experience and learnings with the students taking part in the Cyber Risk Certification Program (CyRP).
Through this dynamic learning program, ITSPmagazine SMEs will answer questions posed by the CyRP students, providing them with real-world insights into the challenges they will face as cyber risk management professionals.
The question answered in this learning chronicle, which explores the issues of dealing with cyclical changes that can impact how risk is managed, was answered by Bryson Bort, Founder and CEO of SCYTHE.
Enjoy and share!
Higher education has a 4-year cyclical change of new people joining and others leaving. Are there other industries that have similar cycles and how does this impact how they deal with risk?
Everywhere has similar cycles! When I was a corporate executive, I used to joke that the new leadership (which seemed to be on a 2-year cycle) would just do the opposite of what was done before. Unfortunately, the humor was a little too real because this is exactly what happened with little historical context for the lessons learned, so we were doomed to repeat the mistakes. In the military, there is a 1-3 year lifecycle for officers (leadership). In government, we are changing out executive leadership every 4 or 8 years and legislative leadership every 2 (House) or 6 (Senate) years.
In my job, I have had the opportunity to assess risk at many companies around the world across many industries. I have seen different policies, technical solutions, processes and controls. I've even helped build a few. In my current role, I evaluate the efficacy of security products. And I'm often asked: what works best? There is no best. There isn't even what just works. There are two kinds of companies: those that care about risk and those that don't. It's a leadership-driven issue. You can't buy security or risk management.
In summary, the real problem for risk management is the turnover at the leadership level with changing priorities and the loss of historical knowledge. Organizational knowledge management would ameliorate this to some degree. Building a culture of risk management, cultivating it operationally, and ensuring that only leadership that buys into this understanding is the only way to consistently minimize organizational impact.
About Bryson Bort
Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. Prior to launching SCYTHE and GRIMM, Bryson led an elite research & development (R&D) division that directly contributed towards National Security priorities and interest. Before that, he developed an enterprise R&D program and supported creation of a cybersecurity strategy as a Deputy CTO and Program Director focused on supporting technology research and global infrastructure for the DoD and the Intelligence Community.