A career in Information Security will lead to failures and setbacks. If you are not prepared for that reality please look at a different profession. Unfortunately, setbacks will be true of most professions so maybe stick around until the end of this short piece.
There will be days where you fail to demonstrate risk in a meaningful way. Those days will feel like bashing yourself in the head with the metaphorical hammer because “the risk is so obvious how anyone can not see this?” But I already gave you a potential answer. You failed to demonstrate risk in a meaningful way.
When this happens you have a few options. You can walk away. This may be the correct solution. The organization may actually understand the risk and simple accept that risk. If you have not read my article on risk acceptance, do so.
It’s also possible you are pointing out a risk that you do not understand and truly is below the threshold of importance. These are okay to walk away from until the underlying risk changes or the acceptable risk threshold changes.
But, you say, this is important and the business does not understand. Now we are back to our previous explanation. You failed to make the risk understood. When that happens it is your job, as a professional, to go back to your toolbox to look for a new hammer and bash your own head again if need be. Then go through the whole process again until there is understanding that leads to remediation, acceptance, or a new understanding on your part that leads you to walk away. Any of these will likely leave you with a headache and may leave you with scars but you will also come away wiser as to how to build and when to leave the lumber untouched.
In an effort not to allow the metaphor get in the way of the point, I should clarify that when you walk away you should not immediately charge back with a new argument (hammer). That will simply lead to colleagues dismissing you sooner. Let time pass. Pick your opening. That’s all part of picking the right hammer.
I’m going to go buy stock in Metaphorical Hammers Inc. I see no end to their profitability. Sometimes, repeating yourself is the only way forward and we are paid to help our companies move forward.