RIMS-CRMP Stories

Dan Elliott: Staying Cybersecure with the RIMS-CRMP

Dan Elliott

Search or scroll for “cybersecurity” through LinkedIn and you will likely find Dan Elliott, one of the most vocal proponents of this critical risk practice. Previously a Canadian Security Intelligence Service officer and RIMS Canadian Capital Region Board Member, he is now the Head of Cyber Resilience, ZRS Australia and a global Cybersecurity Advisors Network member. He discussed why the RIMS-CRMP stands out among his many certifications and how it can be leveraged to remain cyber secure.

 

RIMS: What inspired you to pursue the RIMS-CRMP certification?

Elliott: I came from an area of the Canadian government where I couldn’t readily advertise the skills and experience, but could advertise the public certifications that I received. So, when I was considering leaving the public sector for opportunities in the private sector, the RIMS-CRMP quickly translated certain aspects of my experience.

 

RIMS: When did you earn your certifications?

Elliott: I earned my Canadian Risk Management (CRM) and my RIMS-Certified Risk Management Professional (RIMS-CRMP) certifications in 2022, and my RIMS Risk Fellow (RF) designation in 2023.

 

RIMS: I know you as someone who puts their cyber experience and expertise forward. How big of a role do you feel cyber plays in the regular responsibilities of a risk manager or enterprise risk manager?

Elliott: Cyber risk is a ubiquitous across nearly every organization. I speak with tradespeople who have one truck and think that they are immune but change their tune when we talk about their company domain and cloud storage for email and invoicing. That goes all the way up to multinationals. The number of risks and their impact to the organization may shift, but cyber risk is everywhere. Every risk manager (or enterprise risk manager) should have a “topsoil deep” understanding of how their organization collects, stores, and uses data, and what hardware (or virtual hardware) is employed in operational activities. And if they don’t have an in-house cyber professional to help understand these concepts, call someone.

 

RIMS: How did your career experience at the CSIS and other agencies lend to your knowledge base for taking the exam?

Elliott: I am extremely grateful for all the career opportunities that I have had thus far. Working at CSIS, I had to assess, manage, and report risks in a manner beyond what most other professionals would ever require. It forced me to study risk deeply and understand how different types of risks interplay so that I could effectively explain them to people outside of that operational environment. In my career, I’ve also been fortunate enough to build foundational policies, practices, and training programs, all of which increased my depth of understanding and made the exam much easier.

 

RIMS: Did some of the questions or scenarios of the exam remind of you of your daily work?

Elliott: At the time, no. The risk management program for a government intelligence agency was quite different from that of a traditional (or even non-traditional) organization elsewhere. However, I now have the good fortune to support organizations across a wide variety of industries and the studying and preparation I did for the RIMS-CRMP exam have often come to mind as I work through novel challenges.

 

RIMS: Why should more risk professionals in Australia consider studying for the RIMS-CRMP?

Elliott: It’s a recognition that you share an understanding of risk management principles, and they don’t greatly change from one industry to another. For those early in their career (or even at the mid-point), I think it’s less about the certification, but more about what knowledge you must gain and what you become to prepare for the RIMS-CRMP. I read once that if you want to understand a concept, go back to its core principles before you build onto it with newer ideas. I’ve seen a lot of interesting ways to assess and report risk, but I think studying the core principles, which is part and parcel of the RIMS-CRMP exam, leaves you with a more solid foundation on which to build.

 

RIMS: How has the RIMS-CRMP elevated your professional profile? How do you feel the RIMS-CRMP complements other certifications?

Elliott: I believe the RIMS-CRMP, and my association with RIMS more widely, adds credibility when I speak to a Board or executives about cyber security or cyber risk. It alters some preconceived notions that cyber is a tech problem and allows them to see it as a risk management challenge. The RIMS courses and certification were, again, a great foundation of risk management concepts on which to build more specialized training in cyber risk and project management risk.

 

RIMS: How did you study for the exam?

Elliott: I’d probably study differently today than the way I did 2+ years ago. At the time I read manuals and spoke with colleagues. I tried to teach other non-risk members of my team about risk principles. I think now, I’d leverage other technologies. I’d listen to podcast interviews, I’d ask ChatGPT to build me a practice exam, I’d find people on LinkedIn and have virtual chats about how risk is assessed in their industry/organization. At the time, I studied the way I was taught to study 20+ years ago—maybe efficient for a exam, but less useful for long-term application.

 

RIMS: What is your preferred method(s) for accruing recertification points? For example, attending/planning conferences like RISKWORLD or RIMS Australasia events, attending webinars, or contributing articles?

Elliott: I’ve only been on the ground in Australia for a few months now, and still finding my footing with my local RIMS community. I consider myself a continuous learner though, so my points come from everywhere—I listen to RIMScast and other podcasts. My role with Zurich Resilience Solutions (ZRS) also affords me the opportunity to participate in webinars and podcasts; I present and teach, and I enjoy writing, whether shortform on LinkedIn or longer form articles and whitepapers.

 

RIMS: Feel free to add any other details/perspective/anecdotes you’d like.

Elliott: One thing I believe strongly is the importance of collaboration. I always say that cyber security, as a field, is extremely wide and deep and no single professional will know it all. I advise several very talented and experienced cyber and risk management professionals, but we each bring something different to the conversation. I think through collaboration, whether social events, training, or formal advisory, we can make our organizations better and more successful. No one should “go it alone.”

 

See the full RIMS-CRMP Exam Prep calendar.

Interview by Justin Smulison, RIMS Business Content Manager