I’m often asked why I run a team entirely dedicated to researching, developing and implementing various program frameworks – when so many security organizations get by just fine without them. However, the phrase “get by just fine without them” is part of the answer. The challenge with helping security leaders and professionals understand why what they’re doing requires a model to follow when there are few visible consequences to simply winging it.
