Last week I had the pleasure of sitting with the very first Chief Information Security Officer, Steve Katz. The highlight of my week was to receive the opportunity to intently listened and learn from him for 48 hours. The most impactful statement he made to the attendees in the room was, ‘We make the music, you do the dance”. I have been thinking about his statement ever since.
In my transition from a Third-Party Risk Governance Practitioner at a large healthcare company to the critical side of software solutioning, Steve’s statement resonated with how my transition is like making music for the customers to do what I would call the risk management dance. Writing music can be constructed as a solo or written for an orchestra with many instruments using different tempos all required to play together in harmony creating a cohesive sound.
As a third party risk professional and practitioner I worried about information security breaches and vulnerabilities that could potentially cause my CISO and I to lose our jobs. The music sheet was created for the third parties to complete a risk assessment, for us to successfully identify control standard risks, and for all involved to track remediation continuously throughout the assessment lifecycle. Moving into the software solution side, the music sheet is to help all verticals, starting with healthcare, broadening my fundamental composition. Thankfully, I can help my previous company and at the same time help all verticals, starting with healthcare and pharma of course. I will be re-writing the sheet music to fit the needs of the customer by way of looking at what risk management dance they are currently performing and help them to receive the right framework of music to perform their customized collaborative dance.
I remember way back in the day where I played the flute and piccolo from 4th grade through 9th grade. I also remember practicing with other band or orchestra sections over and over again until we all played the music with precision. We were new to the sheet music, we learned together, and we accomplished precision over time. There were moments we made mistakes and with repetition we performed our piece with pride. If you look at the type of dance that would have taken place it could be for the simple box step to the waltz, but none-the-less it was music played for others to dance.
Looking at dancing to music from the perspective of building relationships, I would equate the importance of success by way of knowing there is a leader, a follower, and sometimes a soloist. This is synonymous to companies that perform assessments. Some consumers of a software solution may be third party risk governance leaders in the industry, some may be learning from scratch on how to build a third-party risk program, and some may be small and only need minimum necessary to realize their risk posture. I prefer to dance to eclectic music, I have a friend that absolutely loves country music, whereas my father would listen to the classical genre. I realize the importance to building relationships and the importance of being flexible is what is needed to successfully apply the proper due diligence on assessments.
The Prevalent healthcare and pharma industry is listening to our music to lead the risk management dance. The music must allow similar control standards using different frameworks conducted in harmony for the third-party risk remediation dance to receive a standing ovation. Whether you are a leader or a newbie, please help me in the quest to become the third-party flash mob of the century. Prevalent will create the music for the industry to dance with flexibility, ease, and precision. Whereas you become the dancers, using the interpretation of your choice to perform the risk management dance!