Matt Kent

Framing the Problem If there’s one aspect of risk assessment that’s the most misunderstood, least defined, and most misaligned, it’s the subject of business impact. Risk assessment methodologies are partly to blame. Three-letter acronyms like BIA  - the good old Business Impact Assessment  - have convinced many of us that impact  is what really matters. But stop and think about it for a second. When we talk about impact , we’re really just describing the ripple effects of a breach - the...

The Question We Rarely Stop to Ask What is the role of security? What’s our purpose? It sounds almost too fundamental to ask, but amid the routine cycles of weekly security work  - patching, incident response, audits, awareness campaigns, access control reviews - how often do we stop and ask why  we’re doing it all? Ask that question in any programme or leadership forum and the answers are usually the same: > “We’re here to protect the business.” > “To help it operate safely.” > “To make sure...

The Communication Problem In a world where the security landscape evolves faster than most organisations can adapt, one issue consistently undermines progress: communication. Not the lack of it – but how it happens. Across five years of running security and risk training programmes, we’ve seen a recurring challenge. Security practitioners, technically strong and deeply committed, often struggle to communicate security in a way that resonates with business leaders. The result? Frustration,...