From “No” to “Whoa!”: The Cybersecurity Tightrope of Saying “Yes” Too Often

Security teams are ditching their “Department of No” reputation for a more yes-oriented approach. But cybersecurity expert Rami McCarthy warns against swinging too far, reminding us that a well-placed “no” is essential for managing risks. Balancing guidance with enabling business means saying “no” strategically, aligning decisions with goals, and fostering trust.

Pro Dashboard

Hot Take:

It seems cybersecurity has gone from being the grumpy old man yelling “no” at the kids to the overindulgent parent who lets them eat ice cream for dinner. The moral of the story? Sometimes you need to be the broccoli of the business world: not always welcomed, but definitely necessary for a healthy organization!

Key Points:

  • The shift from “Department of No” to “Department of Yes” may have gone too far, risking security gaps.
  • Rami McCarthy argues for the strategic use of “no” to manage risks effectively.
  • Security should align with business goals and focus on high-ROI opportunities.
  • Effective communication and empathy are key to saying “no” constructively.
  • Avoiding “no” can lead to shadow IT and uncontrolled environments.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?