Governance & Risk Management , Training & Security Leadership , Video

Spotting Cybersecurity Gaps, Becoming More Systems-Focused

Risk Management Expert Lisa Young on How Critical Thinking Improves Cybersecurity
Lisa, Young, vice president of cyber risk engineering at Axio Global Inc.

Too often, cybersecurity practitioners stick with the status quo instead of challenging outdated frameworks. But Lisa Young prepares security teams to protect and defend their organizations from cybercriminals by seeing the things that others miss and asking the questions that others are too afraid to ask.

See Also: Post-Transformation: Building a Culture of Security

"Especially in the business environment," she says, "it's important that we don't just accept what is. Part of the critical thinking mindset is to ask, 'Is there a better way? How are we doing this? Is there something that we're not doing that we should be doing? And is there something that we can practice getting better at?'"

In this interview with Brian Barnier, who is developing a course on critical thinking and design thinking in cybersecurity for, Young also discusses:

  • Using root cause analysis to continually improve systems and processes in cybersecurity;
  • Reframing cyber professionals' mindsets from hazard avoidance to business risk;
  • Simple exercises that your company can perform to start becoming more systems-focused.

Lisa Young is an operational risk and security metrics professional with a passion for solving problems with data. She has worked in government, military, industry and academia and is currently on sabbatical from her role as vice president of cyber risk engineering at Axio Global Inc., an integrated risk management software company. She works as part of the Cybersecurity and Infrastructure Security Agency's COVID Task Force as a risk management subject matter expert and is a board member of ISC(2), a global association of nearly 200,000 cybersecurity professionals. Young is also immediate past president of the Society of Information Risk Analysts.

About the Author

Brian Barnier

Brian Barnier

Director of Analytics, ValueBridge Advisors

Barnier is the director of analytics at ValueBridge Advisors. He is also professor of operations finance and economics at the graduate level across several U.S. universities. He has been a guest lecturer in Russia and Mexico and served on the faculty of the Wharton/MBA Stonier Graduate School of Banking. Prior to ValueBridge Advisors, he led teams to nine U.S. patents in technology with AT&T, Nokia and IBM. In 2021, Barnier earned the coveted Joseph J. Wasserman award presented by ISACA for outstanding achievement in information technology risk, governance and security.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.