A former Chief Security Officer and lecturer at University of Connecticut School of Business MBA Program, he applies practical experience to an adaptable and flexible implementation of ESRM throughout any security practice.
Brian has trained executives, security practitioners, integrators, and manufacturers, throughout the security industry, on how ESRM applies a risk principle based security philosophy.
Over the course of his presentations and training, the audience comes to understand how ESRM can challenge their notions of how they think of and practice security, shifting from a task based approach to a comprehensive role based approach that applies to every application of their professional tasks.
Security leaders play a significant role in how the security practice within any environment is thought of and how each member of the security team thinks through and applies an approach to their daily functions. Frustration within the security field is common place, driven from not having a seat at the table to a lack of understanding what the security function does. ESRM training drives consistency in a common philosophy, defines the role of the security function, and teaches employees how to properly understand their role and communicate it to their business partners. As a department, using ESRM as a practice will challenge your current processes, provide strategic guidance, guide budgeting processes, and deliver proper executive risk based reporting.
Manufacturers and integrators play a significant role in driving the security industry forward. There isn’t often a common approach to applying a security risk management philosophy to a manufacturer’s or integrator’s approach to business. Understanding and applying ESRM trains these employees on how a CSO, CISO, or other buyer thinks through their decision-making process. Applying ESRM through training is relevant: strategic direction, marketing, sales, and how to work through a frustrating procurement process. ESRM training will develop a common use of risk principle terminology and understanding of those principles that will allow for better engagement and partnership with practitioners and buyers on a universal basis.
In many organizations security is often seen as a distributed task. Security risks though are becoming more disruptive to business and a change in how businesses approach security needs to adapt to minimize those potential disruptions. When approaching security as a task vs a strategic role many questions become difficult: What is the role of the Board and Executives when managing a security program? How do they define a successful security organization? What are the essential elements for a security organization to achieve its goals? Where should a security organization report to and why? Understanding and applying an ESRM approach provides clarity to these questions and establishes a framework of success and accountability.
ESRM can be applied to any security practice: physical, cyber, information, investigations, business continuity and crisis management. It will provide strategic direction in establishing governance models, properly defining risk tolerance levels specific to each risk and program, and implementing strategies that better coordinate with business partners objectives. ESRM will also provide guidance on identifying asset owners and stakeholders while defining each participants role in managing any security risk. Understanding the fundamentals of ESRM is essential to achieving a successful approach to business partner relationships, departmental effectiveness, and a satisfying career.