Understanding Security Risk Level Security Risks are like having a hole in your shield: no matter the side, the hole is still there. You can raise your shields, but until you fix the hole, you are living under a false sense of security. IT folks enter risk conversations much like the blind men describing an elephant ( https://en.wikipedia.org/wiki/Blind_men_and_an_elephant ). Each person is trying to convince everyone else and each one's statement is true to their perception but may be missing the overall perspective. A security professional is required to think through all stacks, layers, phases, control standards, and baselines. It is not optional. They may know the elephant, but they may not know its purpose and value! Add the daunting task of keeping up with rapidly-evolving technologies and you have a very difficult task. How do we help all stakeholders get onto the same page and reduce risk due to ...