Steve Schlarman

A Theoretical Riskicist’s Guide to the Universe

Blog Post created by Steve Schlarman Employee on Dec 4, 2018

It’s that time of the year. As we wrap up another celestial measurement of time, people begin predicting things that will happen in the future. I don’t know why it is – but my crystal ball says over the next few weeks you will see a slew of predictions about what will be coming over the horizon of 2019. In the spirit of the season, I wanted to contribute my thoughts towards this time-honored tradition.

I must admit I do a lot of thinking about the future of risk management. Earlier this year, we held our 15th RSA Archer Summit. Last month, we also held our EMEA Summit. These events are highlights for the RSA Archer community - a time to gather and share insights – and I had the honor of addressing the community at both events on the future of risk management. That opportunity got my wheels turning as I contemplated this thought provoking topic.

We all know technology has moved blindingly fast and the coming years will be mind boggling. The way we do business today will not be how we conduct business in the future. The Digital Transformation is undeniable. For us in risk management, while the Digital Transformation is unfolding, there must be a Risk Transformation that moves at the same pace, and I would argue even faster. Risk has so many variables. It is really overwhelming as we try to investigate the future and predict how risk management will transform. When I started to think about the future of risk management, I knew I had to approach risk like something else really, really complex… like the universe.

And it hit me… If theoretical physicists can pose theories to understand the universe, a theoretical riskicist can pose theories on the future of risk management. I have been using Schrodinger’s cat as an analogy for Risk and Opportunity for years so it seemed like a good fit. Plus I have seen every Big Bang Theory episode numerous times… You know it’s bad when your wife says “Ok – Sheldon – just give me the cliff notes…” on a regular basis. But before one explores a universe – a Cartesian coordinate system to describe the space comes in handy.

The first dimension we can think of as our X axis is the different domains of risk. Security, compliance, operational risk, vendor management, audit, and business continuity - all of the functions in an organization we traditionally associate with risk management - must be horizontally aligned. Alignment across these domains means you are using the same language to discuss risk. It means that your data, your processes, and your discussions are focused and meaningful to each other.  RSA is blending security and risk management as part of its core strategy. We see these worlds converging. Communication and coordination across operational functions is absolutely critical in dealing with risk.


The second dimension of risk is our Y axis indicating the spectrum of strategic to operational risks.  Our risk management strategies must be vertically aligned to connect strategic objectives to day-to-day operations. Small events can quickly turn into major catastrophes and we have to connect those dots. We need the context to put an operational event into the big picture. We also need the ability to drill into more detail when looking at strategic business risks. RSA’s strategy of integrating threat detection and risk management is a great example of this alignment, for instance, by being able to connect a security alert to a business application that stores personal data. It is the connection between risk management at the strategic and operational levels that creates a true picture of what risks mean to your business.

The final dimension is our Z axis. It may sound cliché but the “People, Process and Technology” paradigm is even more crucial in managing risk today. Moving towards a digital world, the pressure to push the envelope will be on the technology front. There will be much more data for us to consider but we can’t forget the other two elements – we need the right talent pool and we need optimized processes.



This gives us our Cartesian space – our X, Y and Z – as a foundation. As your company matures in each of these dimensions, the view of risk gets clearer and clearer. This space gives us our guideposts to explore our universe. See, that wasn’t so bad…

Over the next several blogs, I will expound on three simple theories for you to contemplate for the future. I hope you join me for my Theoretical Riskicist’s Guide to the Universe.