Enterprise Security Risk Management: Defining Security’s Role

Brian Allen advises business executives on security organizational strategy through the implementation of ESRM principles. He is the author of two books on ESRM and speaks globally on the topic.

Brian Allen

Thought Leader, Speaker, And Author

Brian Allen, security leader and author of ESRM books, is a sought-after expert in security risk management, offering global speaking engagements and practical implementation guidance.

Enterprise Security Risk Management


ESRM drives a risk-based approach to managing security risks and is applicable to every security process in a holistic manner. Successful adaptation of ESRM processes defines a progressive security program, drives strategic initiatives, builds business understanding, develops a budgeting strategy, and initiates risk-based reporting.



Brian Allen, the author of two books on ESRM, offers speaking presentations globally, training security executives, integrators, and manufacturers on implementing ESRM’s risk-based security philosophy. His topics include security leadership, executive/board-level roles, ESRM implementation, and manufacturer/integration.

Speaking Engagements
Building a Cyber Risk Management Program


Discover ESRM through books by Brian Allen and Rachelle Loyear. The Enterprise Security Risk Management book offers practical experience and research while The Manager’s Guide to Enterprise Security Risk Management provides a step-by-step guide to implementing ESRM enterprise-wide.


Publications & Posts​

Stay up-to-date on the latest security trends and strategies with insights. Explore topics such as ESRM implementation, risk-based security, and leadership in the security industry.

ESRM and ERM…Clarifying the Differences

I used to write “ESRM vs ERM”, but as this ESRM conversation continues to mature, I see I was wrong.  It’s faulty logic to think that there is a binary...

A Professional Path

The security industry is at a crossroads, with two potential paths: maintaining the status quo or advancing towards a respected profession. To progress, the industry needs a clear definition of...

Introducing Enterprise Security Risk Management (ESRM)

In the course of a security career that now stretches back decades, I’ve spoken with hundreds and hundreds of security practitioners. They were people in very different roles, with very...

Connect With Brian

Questions or comments for Brian? Click on the button below to give us your details.

Get in Touch

Fill in your details in the spaces below and we'll get back to you as soon as possible.

This field is for validation purposes and should be left unchanged.
Scroll to Top