Risk as Opportunity: A Collaborative Deep Dive with Shana Uhlmann

"If you're not terrified, you're not trying."

This quote stopped me in my tracks during a deep dive into risk exploitation with the brilliant Shana Uhlmann , IT Director at Tattarang and Chief Information Security Officer for Tattarang and the Minderoo Foundation. It perfectly captures the paradigm shift happening in cyber security leadership right now — one that challenges everything we think we know about risk management.

Here's the thing: most of us in cyber security have been taught to be risk-safe. We've created this culture where CISOs often find their comfort zone in holding technical knowledge that others don't understand. But what if we're looking at it all wrong?

Many CISOs come from technical backgrounds. And while technical expertise is valuable, it can sometimes lead people down a rabbit hole of seeking perfect security solutions rather than acceptable risk levels.

One of the most interesting points Shana raised is this: if you're not terrified, you're not trying. Operating in a space of discomfort isn't just okay but essential for growth.

More professionals should understand this: engaging with risk doesn't mean being reckless. It means understanding and operating within clear risk tolerances.

In the full article, we explore a practical framework for categorising risks:

1. Risks we've got well under control
2. Risks we could invest more in managing
3. Risks we simply can't control (and that's okay!)

This approach helps CISOs focus on what matters and communicate more effectively with stakeholders.

Here's a thought that might make some security professionals uncomfortable: in fast-paced, innovative environments, leaders can expect to make "wrong" decisions about 70% of the time. The key is not to panic but to create an environment where "wrong" decisions become learning opportunities rather than failures.

Our collaborative essay on risk as opportunity goes deeper into these concepts and provides practical frameworks for implementing this mindset shift in your organisation.

It's part of our ongoing work at Chaleit to challenge traditional thinking in cyber security and find ways to enable business growth while maintaining appropriate security controls.

If you're ready to transform your approach to cyber security leadership and risk management, Chaleit can help. Every organisation's journey is unique, and we can help you develop and implement a tailored approach that aligns with your business objectives while maintaining appropriate security controls. Let's talk.

You might also enjoy reading: The Art of Risk Management, a collaborative essay by Benjamin Stephan , CISO, and Prof. Dan Haagman , CEO of Chaleit.?

Disclaimer

The views expressed in this article represent the personal insights and opinions of Dan Haagman and Shana Uhlmann. Dan Haagman's views also reflect the official stance of Chaleit, while Shana Uhlmann's views are her own and do not necessarily represent the official position of her organisation. Both authors share their perspectives to foster learning and promote open dialogue.