Tools for accepting risk
I lead security, sitting under the CTO whom knows very little about security. It’s a setup many have faced. Incredible resistance to logical and established practices. Refusal to accept risk as present. Down right combative behavior when trying to highlight or review said risk.
This isn’t a new problem, it’s not a problem I haven’t faced before in my career, but this one feels a little different especially in the AI age. 20+ aayears in the industry with nearly 10 leading in security and operations.
What tools/tactics do you all use to CYA in these situations? I’m the only security minded person in management and leadership across a 100 person org and it feels hopeless at times I’m also the person who has to stamp my name on basically every security and compliance item that touches tech. It’s got me extremely nervous.