Happy New Year!

I have really enjoyed reading some great blogs lately on both LinkedIn and Twitter.  From trade magazines to security companies, everyone is asking what 2015 has in store.

One meeting I was in recently had members from the public, private and DOD sectors.  We were discussing what terms appeal to different audiences in trying to get folks interested in security.  Cyber kept coming up.  Just like APT did last year.  Buzz words.

I am usually pretty quiet in meetings, unless I feel I can add value to a conversation, I don’t say anything.  But from visiting for the past few years with members of our ISSA chapter, they tend to really dislike the term cyber.  Cyber this and cyber that.  Most folks outside of the DOD don’t really have a clear definition when you mention that word.

So, the question was raised, if not cyber what do we call it?  What function or service do security professionals provide to their employers?

While it may not seem to be sexy, I believe we are risk managers.  We analyze and prioritize risk and advise the business on the risk level and the business decides how to best accept or mitigate it.

If you were attending a conference and saw a track for Cyber Security and one for Risk Management, which would you attend?  Would one title draw you more than the other or do you really treat them the same and look down to see who the speakers and topics are?

What about in your company?  Wouldn’t management respond to and understand risk management better than Cyber Security?