Michelle Wilson

I'm actually talking about risk almost all the time with my team.

There's very rare occasions that I have a conversation with anyone that I work with that risk doesn't come into play.

So I'd say that they're tired of hearing me talk about risk, but they definitely know that it's one of the things I'm most interested in.

They do tend to bring it to me.

Last week I got one.

We had a developer that noticed that they didn't follow some certain process and wanted to make sure we had it on our risk register and we're tracking it to complete.

So monthly meetings to discuss any new risks in the environment that we get risks sent to us from the teams throughout the month.

We don't wait for a meeting to discuss those and evaluate those, put them in our register, track them until they're gone or until they're gone enough.

let's divorce all the privacy and security issues it does sound darn cool but wow it is a nightmare isn't it it really is it's not just again you've got default deny for your for your corporate environment that's wonderful but if you're talking to any other human they're using it on their personal environment right and and that still makes them a target and makes them susceptible to having their their information taken and used

outside of your environment.

And what have you discovered?

We had to build a kill switch to be able to turn it off if it was doing something that we didn't want in the environment.

So that's part of our incident response plan now.

It actually behaved fine.

We just wanted to make sure we had that ready.

Okay, so my options are... Note the first case, you were actually in a breach.

Right.

You're in a breach.

In the breach and then accidentally send out a phishing campaign.

Second option is we phish too close to open enrollment and upset HR.