|
|
|
|
|
|
by bodz
3202 days ago
|
|
|
I don't necessarily think so. Just because he manages the risk management offering which is sold to other companies doesn't mean he would be aware of or involved in day-to-day risk management at his own company. At my consulting firm, the execs in charge of our cybersecurity consulting practice are absolutely not involved in any internal cybersec investigations that happen to our own firm. In fact, we have specific procedures which say that our cybersecurity consultants cannot be involved with internal incidents. All internal investigations have to be done by outside, impartial firms. |
|
|