Your work is where the security rubber meets the road - vulnerabilities and exploits, input validation and hardening. But your boss uses boring terms like risks, controls, standards, and audit. Fixing vulns reduces risk but enterprise security is a function of consistency and velocity of process - the realm of audit.
John Nye is Director of Technology Risk Solutions for ProcessUnity, a GRC software firm. During his nearly two -decade career as a risk management professional, John has worked in a variety of consulting and management roles, specializing in information security, business continuity, corporate risk, internal audit, and compliance. He thinks all consultants should try their hand at security operations at least once during their careers.