BankInfoSecurity.com

The Psychology of Risk

Akamai CSO Andy Ellis on Mind Over Matter


The Psychology of Risk

Risk management is an art, not a science. That is the contention of Andy Ellis, CSO of Akamai and a keynote speaker at RSA Conference 2013. How can psychology change one's approach to risk and security management?

It's a sea-change for security and risk leaders, Ellis says.

"Really, it's sort of like using judo - use your mind to move the business and be intelligent about what you're doing," he says, "and not just use brute force to manipulate the business, which is what we've done historically."

For Ellis, the transition started with the realization that, as a security leader, he was failing in his efforts to raise business executives' awareness of security risks.

"Often, my attempts to communicate how dangerous something might be didn't really work," he says. "What I was realizing is that when you try to give someone an example - 'Here's how bad what you're doing might be' - you haven't let them understand how you get to that. So, you sound sort of like Chicken Little."

Through study of psychology and risk, Ellis came to realize that the issue wasn't one of risk tolerance, but rather risk awareness. And so he now works to ensure that risks are communicated better and upfront, so they can be considered appropriately by leaders making business decisions.

"How do we make it so that security risk is part of the equation - that when someone is making a decision, they own the security risk and the awareness of it?" Ellis says. "And that doesn't always mean they'll do better things. But over the long run, we see them improving significantly."

In a pre-RSA Conference interview about his keynote topic, "Mind Over Matter: Managing Risk with Psychology Instead of Brute Force," Ellis discusses:

  • What he's learned about the psychology of risk;
  • How the concept changed his approach to security management;
  • How to instill the approach in your organization.

Ellis is Akamai's chief security officer, responsible for overseeing the security architecture and compliance of the company's massive, globally distributed network. He is the designer and patentholder of Akamai's SSL acceleration network, as well as several of the critical technologies underpinning the company's Kona Security Solutions.

Ellis is at the forefront of Internet policy - as a speaker, blogger, member of the FCC CSRIC, supporting Akamai's CEO on the NIAC and NSTAC, and an advisory board member of HacKid.

Follow Follow Tom Field on Twitter: @SecurityEditor






Security Agenda

RSA Conference Highlights and Insights

This compilation provides an overview of ISMG’s RSA 2014 coverage, from pre-event promotional materials to excerpts of our exclusive interviews.

Download Now
The State of Information Security

In this year's issue of Security Agenda, we explain why 2014 is finally the "The Year of Security."

Download Now





Latest Tweets and Mentions

Security Agenda

RSA Conference Highlights and Insights

This compilation provides an overview of ISMG’s RSA 2014 coverage, from pre-event promotional materials to excerpts of our exclusive interviews.

Download Now
The State of Information Security

In this year's issue of Security Agenda, we explain why 2014 is finally the "The Year of Security."

Download Now

close

Sign In

close

Create a FREE account

Tell us about yourself

(All Fields Required)

Create your user ID and password

Choose your subscription preferences

Select the Industries and Topics, Type of email content you would like to receive, and Region. (Leave all blank to receive none)

Step 1. Industries & Topics

Step 2. Choose Content

Step 3. Choose Region (s)

close
or
You'll have an opportunity to create your account later.
close
close
close