WHY We Measure Risk w/ Sameer Sait

In this episode Allan interviews his friend Sameer Sait, former CISO at Amazon, Forcepoint and Arrow Electronics, who joins Allan for a discussion about WHY we measure risk. It is about more than just asking for money. (And who are you actually asking money from? Hint: It is not the Board). How does risk measurement change in the beginning of the CISO’s journey vs. later when the program is more mature? What is the goal of good risk metrics? What is the role of cyber insurance in all this? What about business traction and cooperation with other department’s goals and objectives? And finally, how does measuring risk affect disposition or risk? Key Takeaways: 01:20 Sammer's bio 02:30 Asking for money - it's not from the Board 05:58 Measuring risk: inside-out vs. outside-in 11:20 Approaching management with an objective, not a story 12:38 Working with your team, as a team 14:12 The effects of measuring risk 18:36Analyzing the priorities and their consequences 24:36 Good governance vs. good management 26:22 Transference, remediation, and acceptance 30:57 What surprise Sameer in cybersecurity? Links: Learn more about Sameer on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Uptycs