Episode 34

Applying IRMBOK to Risk Management

Published on: 3rd June, 2025

In this episode of The Smart IT podcast, I welcomed Jeff Lowder, a seasoned risk professional and author of the upcoming Information Risk Management Body of Knowledge (IRMBOK), to the show. The conversation centered on how risk management professionals must evolve beyond traditional roles to become strategic partners in decision-making. Modern IT demands a deeper understanding of business objectives, as technology is not just about infrastructure—it’s about enabling organizations to thrive while managing risk effectively.

Jeff reviewed IRMBOK, a comprehensive guide for information risk management, covering both process frameworks and practical techniques. It covers a lot of intuitive and useful tools that risk practitioners can utilize in their work.

A major theme of the episode is the inadequacy of conventional risk methods—such as high/medium/low risk matrices—and the push toward quantitative approaches.

Many cybersecurity professionals are trained to focus only on downside risk, but real-world decision-making involves balancing both risks and opportunities. This broader perspective, which Jeff calls "decision management," leads to better alignment with how executives and boards think and make choices.

He emphasized the need for upskilling in quantitative risk analysis, stating that most of the required math is basic and accessible. He advocated for a more rigorous, business-aligned, and outcome-focused approach to IT and cybersecurity risk management, underlining that better decisions—not just compliance—should be the end goal.

“Risk management is about helping the business make better decisions—not just saying no.”  - Jeff Lowder

Link to this episode: https://youtu.be/SRrvluPLuls


#SmartIT #IRMBOK #RiskManagment #CRQ #DecisionManagement #DecisionScience #CyberRisk #SiRA #SiRACon #SiRAcon25


Production: Brilliant Beam Media Syya Yasotornrat


Show Notes

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for The Smart IT Podcast

About the Podcast

The Smart IT Podcast
Where IT explores what's next...
The Smart IT Podcast, where IT professionals can assemble and hear from each other, industry leaders, thought leaders, and those in adjacent fields to collaborate and learn from each other and explore what’s next for IT.

The Smart IT Podcast explores what’s next for IT as it continues to find ways to get the important things done for our organizations.
Preparing for the next decade, we need to think differently about how we approach our work to continue to thrive into the future.

Smart IT is an approach, conceptual framework, and development model to getting the important things done by transforming the way traditional IT thinks, works, and leads. It supports the disruption of the status quo, simplifies the complex, reduces uncertainty, and improves risk mitigation.

There has never been more pressure to deliver for our organizations; but I know IT is up to the challenge.

That will require IT to lead by working smarter. Let’s do it together.

About your host

Profile picture for William D. Reed

William D. Reed

As someone who has spent decades bridging the gap between those who build solutions and the people who need them,I’ve seen firsthand why so many great ideas fail—not because they aren’t innovative, but because they never truly reach or work for the people they were meant to help.

Today, through my work at Willway Labs and my Frontline Innovation framework, I help enterprise leaders, product teams, and innovators dismantle real human problems at the frontline—where solutions are actually experienced, adopted, and trusted.
Because innovation isn’t complete when you launch… it’s complete when it works in someone’s life.

What I do is help organizations close that gap—so their ideas don’t just exist…they deliver real value.