Welcome to Compromising Positions!

The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats!

This week we are joined by Sabrina Segal, an integrity, risk, and compliance advisor, with almost 20 years of experience in the public, private, and third-sectors.

In this week’s episode, Bringing the Curtain Down on Risk Theatre and Applauding objective-centred Risk Management, Sabrina shares with us, a quite frankly amazing model to work from: The OCRM, Objective-centred Risk Management.

This model a great antidote to what Sabrina describes as ‘risk theatre’ which is the performance of risk governance activities, without real substance or accountability but with the dangerous consequence of making an organisation still feel like they have ‘done something’ when really it’s not worth the paper, or Excel doc, it is written on. This approach is scalable, practical, and effective, and it can help you achieve your goals while managing your risks and opportunities.

Key Takeaways:

Shift the Focus: Ditch the risk register and start with your objectives. What are you trying to achieve? What could stop you? This simple change aligns risk with your mission and drives informed decision-making.

Price Your Risks: Don't just identify risks, quantify them. Calculate the resource and software costs associated with each. This transparency reveals your true risk appetite and exposes gaps between rhetoric and reality.

Go-No-Go Decisions: OCRM empowers you to make clear, objective decisions based on risk pricing. Is the potential upside worth the cost? This eliminates wasted time and resources on low-impact risks.

Psychological safety: How to create an environment where employees feel empowered to speak up and challenge the status quo, even about risks.

The "halo effect": How the good work of charities and non-profits can sometimes mask poor risk management practices.

Utilising External Board Members: How to ensure they have the full picture and can effectively advise on cyber risks.

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes.

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’

Keywords: cybersecurity, risk management, objective-centred, OCRM, risk appetite, RACI, psychological safety, halo effect, board members, third sector, technical challenges.

SHOW NOTES

Tim Leech’s LinkedIn

A Post Sabrina did on Objective Mapping

The Halo-effect with Isabel de Bruin Cardoso - Tolerable Risk Podcast

Governance, Strategy and Risk with Claris D’Cruz - Tolerable Risk Podcast

ABOUT SABRINA M. SEGAL

Sabrina M. Segal is an integrity, risk, and compliance advisor, international development and humanitarian assistance professional, licensed US attorney, and Certified Fraud Examiner with almost 20 years of experience in the public, private, and third-sectors.

Sabrina's focus is risk in the third-sector as the impact of risk management, when done poorly, can be devastating to both third-sector organizations and the beneficiaries they serve. Sabrina is an active writer on LinkedIn and hosts the Tolerable Risk podcast.

LINKS FOR SABRINA M. SEGAL

Sabrina’s LinkedIn

Sabrina’s Podcast, Tolerable Risk