From “No” to “Whoa!”: The Cybersecurity Tightrope of Saying “Yes” Too Often
Security teams are ditching their “Department of No” reputation for a more yes-oriented approach. But cybersecurity expert Rami McCarthy warns against swinging too far, reminding us that a well-placed “no” is essential for managing risks. Balancing guidance with enabling business means saying “no” strategically, aligning decisions with goals, and fostering trust.

Hot Take:
It seems cybersecurity has gone from being the grumpy old man yelling “no” at the kids to the overindulgent parent who lets them eat ice cream for dinner. The moral of the story? Sometimes you need to be the broccoli of the business world: not always welcomed, but definitely necessary for a healthy organization!
Key Points:
- The shift from “Department of No” to “Department of Yes” may have gone too far, risking security gaps.
- Rami McCarthy argues for the strategic use of “no” to manage risks effectively.
- Security should align with business goals and focus on high-ROI opportunities.
- Effective communication and empathy are key to saying “no” constructively.
- Avoiding “no” can lead to shadow IT and uncontrolled environments.
Already a member? Log in here