Working with veterans is a core part of our work and we love supporting them to apply their incredible transferable skills into the world of cyber. Our new learner and Sergeant in the Royal Marines, Guy Simpson has offered an insightful look into the similarities between risk management in the military and cyber. Guy discusses how no matter the industry, the risk manager’s role is crucial and the core principles remain the same. If you want to learn more about how we reskill passionate individuals into cyber then head to our website: https://capslock.ac #veterans #riskmanagement #cybersecurity #reskilling #transferableskills
Sergeant in the Royal Marines. Student at CAPSLOCK | Aspiring Cyber Security professional.
From Live Fire to Cyber Warfare: The Unexpected Similarities in Risk Management. My transition from the military into cyber through CAPSLOCK has opened my eyes to the surprising similarities between risk management in these two very different sectors. We often think of risk in silos - financial risk, operational risk, cybersecurity risk. But what if I told you the core principles of risk management are remarkably similar across vastly different industries? Think about a military exercise with Live Fire Tactical Training. The objective is to train soldiers (the critical asset) in a realistic environment as close to military operations as possible while minimising the risk of injury or death. This involves identifying potential hazards (Climatic conditions, terrain, friendly fire, weapon malfunctions), evaluating their severity, implementing control measures (safety protocols, training, communication), and prioritising risk mitigation over reducing training output. Sound familiar? Now consider cybersecurity. The asset we're protecting is data, both organisational and customer data. Just like in a live fire exercise, we need to protect our assets from potential risks, ensuring the organisation's productivity and the trust of our customers. This involves: Identifying potential hazards: These could include malware, phishing attacks, data breaches, or insider threats. Understanding and evaluating their severity: How much damage could each hazard cause? What are the potential consequences for the organisation and its customers? Implementing control measures: This includes firewalls, intrusion detection systems, data encryption, employee training, and incident response plans. Prioritising risk mitigation: Which hazards pose the greatest threat? Where should we allocate our resources to achieve the best results? In both cases, the role of a risk manager is crucial. We are responsible for identifying hazards, evaluating their impact, implementing controls, and prioritising risk mitigation. Ultimately, the level of risk an organisation is willing to accept is not my decision. My role is to understand and correctly identify the risks, advise the decision-makers, and act based on their choices. The Bottom Line: No matter the industry, the core principles of risk management remain constant: identify, evaluate, control, and prioritise. By understanding these principles and employing the right tools, we can build a more resilient and secure environment, whether on the battlefield or in the digital world. What are your thoughts on the similarities between risk management across different sectors? I'd love to hear your insights! #riskmanagement #cybersecurity #military #strategicrisk #datasecurity #CAPSLOCK