On April 22, 2006, I bought a brand new 2007 Toyota Camry XLE V6. The car was bright red, spotless, and had that intoxicating “you just signed papers for something more expensive than you should have” energy. I, on the other hand, looked like a kid who had just wandered out of a college computer lab and had somehow mistakenly been handed keys to a grown-up car. My fiancée and I christened “her” Scarlett – because the Nav system had a female voice.

Today, that car turns twenty years old. I still drive it daily. It’s been my car the whole time.

If you do this often enough, people will eventually realize that may not be as talented or in-the-know as they once believed you to be. While it may be simple for you to just say, “I don’t know” when they ask you something you don’t immediately know the answer to, that would be too embarrassing - so just wing it in real-time.

It's easy to see that in any organization larger than a sole proprietorship, there needs to be a common understanding of what the level of acceptable risk is. For sure, industry plays into this, with a large multinational financial services firm likely being on the more conservative end, and a small graphic design firm potentially being comfortable with living more on the edge. However, with no universal standard to point to, how do you define where the line is to ensure that an IT shop is using some sort of objective benchmark instead of leaving it to each various staff member to try to harmonize their own risk tolerance with that of their employer? First, you have to break down risk into its components.