Posts By :

Paras Shah

People vs FUD

People vs FUD 1540 800 Paras Shah

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach or Uber CISO news.

Showing empathy to all involved, rather than arguing about right or wrong, goes a lot further in channeling the awareness created by any bad news in a better direction.

Please don’t be a ‘CyberVulture’ and exploit bad news. 


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...

ISO 27001 Certification is not a monolithic project

ISO 27001 Certification is not a monolithic project 1540 800 Paras Shah

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”

Jason Hellwege, our Principal Consultant in Risk Advisory, sheds some light on ISO 27001’s continuous improvement framework and the importance of taking incremental steps to achieve business ambitions. 

Jason, with his decades of experience in helping businesses perform in the best way they can, has a few tried and tested ideas.


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...

Benefits realisation as a driver for TechRisk Management

Benefits realisation as a driver for TechRisk Management 1540 800 Paras Shah

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification.

This short opening statement led to a long and very interesting conversation about effective business management as a whole.

I am a longtime believer that when it comes to Technology Risk Management, Cybersecurity is just the beginning. I was offering my advice on what the next three year’s continual improvement journey would look like for the TalentFirst AI team as they power through their growth in the near to medium term, one which promises to be very exciting for everyone involved.

We discussed challenges all organisations face, whether they were start-ups or  scale-ups, small or large, for profit and not for profits. And especially how to encourage the organisational leaders, business or technology, to invest in their Technology Risk Management capabilities as a strategic business enabler. 

That conversation was certainly an inspiration behind this video. Lawrence was also very kind to share with me his wisdom on this very important topic. Thanks mate!

Technology Governance, Technology Risk Management, and Technology Assurance are often perceived as dry and complex topics. They’re anything but.

I have tried using a simple analogy to justify why organisations must invest in their Technology Risk Management capabilities.


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...

What colour is security?

What colour is security? 1540 801 Paras Shah

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why?

This trick I have learnt from my colleague Garry Barnes (Vital Advisory), and I use this effectively, either as an ice-breaker during the ISO27001 training I deliver or during cybersecurity awareness sessions to get attendees to share their diverse pespectives on why information security or cybersecurity is a strategic capability for their organisations.


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...

Why should we manage technology risk?

Why should we manage technology risk? 1540 800 Paras Shah

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology risks. With the rapid advancements in technology we’re currently experiencing, this becomes increasingly essential for us to think about. 

Over the many decades of working in this field, we have been in awe of the growth opportunities that technology provides businesses and in shock about the risks that they come with, which when paid attention to, become fairly easy to manage. 

We’ve tried to explore some of these concepts in a new video series, because I believe this is important for all businesses to act upon. Come join us on this journey as we try to answer some of these pertinent questions. 

No matter how it sounds, if we want to continue using technology, we must manage our technology risks and opportunities well. 

Stay tuned!


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...

Resetting common beliefs on IT investment

Resetting common beliefs on IT investment 1540 792 Paras Shah

Taking a structured approach to IT decisions

One of the CIOs I have worked with challenged the common belief that finding money for IT investments or resources is always difficult.

In his experience, for the right reasons, he could justify an IT investment or spend provided there was sufficient data and supporting cost benefit analysis that helped business leaders make informed decisions.

Business leaders today are grappling with multiple challenges and unknowns at once tight labour market, geopolitical situations, and macro economic pressures.

The changing technological trends provide huge opportunities to any organisation. These can include investments in Artificial intelligence, Machine learning, Augmented reality, Quantum computing, Process Automation.

So when it comes to evaluating these options, a structured approach to decision-making for IT investments and spending can lead to significant rewards. It requires investing in the right Technology Governance, Technology Risk Management, and Technology Assurance capabilities.

By taking a proactive and informed approach, we can achieve significant benefits from our Technology Risk Management Capabilities.


Why should we manage technology risk?

We often get asked by business and organisation leaders why it’s important for them to create a formal structure to manage their technology...

What colour is security?

If you were to choose a colour for Cybersecurity, what colour will you choose? And, why? This trick I have learnt from my...

Resetting common beliefs on IT investment

Taking a structured approach to IT decisions One of the CIOs I have worked with challenged the common belief that finding money for...

People vs FUD

Often behind the technical jargon and FUD around Cybersecurity, we forget about the PEOPLE element in our conversations and thoughts. Be it OptusDataBreach...

ISO 27001 Certification is not a monolithic project

One of the things we focus on when we work with our clients is that their certification isn’t just a bunch of paper.”...

Benefits realisation as a driver for TechRisk Management

“Sell me Technology Risk Management,“ asked Lawrence Puang on our coffee catch up while celebrating TalentFirst.ai‘s achievement of ISO27001 certification. This short opening...