On the cybersecurity side, risk management is pretty tangible. It's technology governance, and security teams essentially act as a licensing body for tech in an organization, and provide intelligence about existential threats to the status quo of the line of business. Success is anticipating attempts on the org, and demonstrating how they were deflected or mitigated. There's very little that is vague about it. Just this week I discovered a new technique that some malware is using to bypass most sensors - we manage risk very concretely. I know portfolio risk managers who operate on instantaneous feedback about the P&L of their models and opportunity costs.
Where I disagree with the article is that I think the author is seeing an opportunity to frame ideological concerns that exploit uncertainty by calling it risk and equating it to disciplines that he doesn't realize have very concrete competencies and performance metrics. Also, we have technology and economic solutions for our climate impact already. I'm still of the view that if your plan doesn't work unless you take over the planet and deprive entire nations of people of their freedoms, it's an objectively evil plan, and somehow that makes me a counter-revolutionary denialist.
Where I disagree with the article is that I think the author is seeing an opportunity to frame ideological concerns that exploit uncertainty by calling it risk and equating it to disciplines that he doesn't realize have very concrete competencies and performance metrics. Also, we have technology and economic solutions for our climate impact already. I'm still of the view that if your plan doesn't work unless you take over the planet and deprive entire nations of people of their freedoms, it's an objectively evil plan, and somehow that makes me a counter-revolutionary denialist.
reply