If you’re someone who always accomplishes your New Year’s Resolutions, the time to look away from this post is now! Sometimes it feels like I should put the “Maybe next year 🙂” alert as a recurring calendar event every year around May…I’m even a little late doing that!
I took the bold stance at the end of last year to say that I was going to post frequently on this blog, and it is now….*looks at the 4 calendars that I have open constantly, both digitally and on paper*…halfway through the year without a post. This means that I have missed commenting on the trends, peaks, and valleys of our industry over the last 6 months (Delve is the main one that comes to mind….just because I didn’t write about my feelings on the topic doesn’t mean I don’t have any!!!) and the myriad of topics that people are posting on Substack and LinkedIn to keep us thinking and reflecting in our ever-changing industry.
As I think back on the first half of the year, there are a few ways that I could approach this. I could talk about what’s changed and changing, what’s different, the reflections I have on them, or where I think we’re going next.
Instead, I want to focus on what hasn’t changed (besides the fact that I literally cannot do New Year’s Resolutions – that’s been true for my whole life):
-Security and technology risk still matter to a lot of people’s business
-GRC & information security is a difficult thing to do well – everyone could use a little help and perspective when they’re going through the trenches of implementing a new framework, product, service, GRC tool, or improving their control environment.
-GRC broadly is an art. When we try to make it a science, we miss the important things, like tying the controls and mitigating activities we’re doing to risk, or remembering why we’re doing all these things and spending all this money in the first place! Don’t try to make GRC overly rigid and predictable if that doesn’t work for you – allow yourself to become immersed in the beauty of the GRC artwork!
If you find yourself struggling with where to go next on your GRC journey, even if nothing’s changed for you recently, let’s chat! I’m happy to help navigate the strategic, operational, financial, and human aspects of GRC, Information Security, and Technology Risk Management. I pinky promise I’m much better at those than keeping my New Year’s Resolutions.
Leave a comment