In our previous episode of Risk Journeys with Lisa Young, Axio’s VP of Cyber Risk Engineering, we discussed Lisa’s background in cybersecurity and ended the conversation by discussing how she transitioned to the world of risk management. We continue the conversation with part 2 just where we left off, on Lisa’s approach to cybersecurity mental models…
Axio
What does that change in cybersecurity mental models mean? What were you thinking?
Lisa Young
So, instead of spending my time focusing on threats over which I had little control, I began thinking about what actions to take that really matter. For starters, we can plan and direct our cyber programs, understand control initiatives, and quantify our risk in dollars and cents. This gives senior leaders the ability to make informed decisions to apply resources to the risks that would have the greatest impact to the enterprise should they actually materialize. Impact analysis of events, incidents, risks, on our environment is the real value a cybersecurity leader can show to their management, because the decisions about how to respond to those scenarios are something they have total control over. Some of these important…
