What is the right way to do risk management?

As the Information Security Program Owner at National Instruments, a $1.4B global enterprise, I've spent the past decade building a risk management program from the ground up.  As I shared in my Founder's Story,  I struggled in the early days with defining what our program would look like, and especially around the tooling I would use, but it wasn't long before I was able to demonstrate the value of risk management to the organization.  SimpleRisk quickly became our de facto tool of choice and, as my knowledge increased and my co