The Industrial Security Podcast I don't sign s**t [The Industrial Security Podcast]
4 snips
Aug 11, 2025 Tim McCreight, CEO and founder of Tailcraft Security, brings over 40 years of security experience to the conversation. He argues against accepting unchecked risks in organizations, emphasizing the need for strategic risk management. With insights from his upcoming book, Tim discusses the power of storytelling to influence executive decisions, particularly in cybersecurity. He shares valuable lessons from experiences like the Vancouver Olympics, advocating for collaboration between security professionals and leadership to effectively navigate risks and improve communication.
AI Snips
Chapters
Transcript
Episode notes
Security Shouldn't Accept Business Risk
- Tim McCreight refuses to accept organizational risk on security's behalf.
- He instructs teams to identify risks, propose mitigations, and escalate for executive decisions.
Escalate New Risks To Budget Owners
- Andrew Ginter warns security teams to escalate decisions about budget to business owners.
- He says only budget holders can compare industrial risks to other business priorities.
Start With 'No' To Force Business Decisions
- Tim McCreight starts every risk request with 'no' to force escalation.
- This shifts the decision to executives who control budget and tolerance.