You have a penetration testing process. You have a risk management department. You have an internal audit team. Yet you are still vulnerable. Why? Because most teams are not evolving as fast as the threat landscape. At Summit Consulting, our VAPT approach is simple and brutal: Inception meeting: Define timelines, expectations, and failure points up front. Blackbox penetration testing: Simulate a real-world external attack without insider knowledge. Vulnerability assessment: Identify cracks before the enemy does. Whitebox penetration testing: Simulate insider threats with full access. Internal vulnerabilities assessment: Your weakest links are always inside. Final report compilation: No sugar-coating. Just the…

In 2008, I sat at the back of the Institute boardroom, clutching my notebook like a talisman. I wasn’t a board member yet. I was just “Member, Member Services Committee,” but you could not have convinced me otherwise. Every meeting was a masterclass. Every whisper from the Committee Chairman was a lesson in agenda control. Every casual joke from the Institute’s CEO / Secretary was a calculated move to steer decisions without raising alarms. I learned something most people never figure out until it’s too late: Boardroom success is not about having a seat. It’s about having a spine. You…

To unlearn bad habits, first experience them. I have shared a lot about the RxI scores. R × I — Risk × Impact — was invented to make risk feel manageable. But in real life, it’s the biggest scam in risk management. It is time to transform it. You can either ditch it or overcome its limitations by providing more context i.e. using the following risk register – by including a story in your risk assessment. Here’s why and how: 1. Risk is not arithmetic. A risk scored 3×5 is not the same as 5×3. One could wipe you out…

Five years ago, I sat across a board chair in the agriculture value addition space. The CEO had been sacked after a procurement scandal involving ghost suppliers and inflated invoices. But here’s the twist: six months earlier, the board had praised this same CEO for “excellent turnaround results.” Why? The numbers looked good. Profits were up. No one asked what fuelled the miracle. That, right there, is the silent rot that boards allow to fester. The point is simple: the tone of ethics is set by the board, not the CEO. When the board fails to ask the uncomfortable questions,…

I visited Karamoja in 2017 as part of the World Health Organization (WHO), anti-fraud risk management experts. In the evening, we had dinner with old men, one of them told us of a hunter who clutched his father’s map, drawn with charcoal on bark cloth. Every morning, he set out with pride, tracing the same route. But the rivers had moved. The forest had burned. The buffalo no longer grazed there. He returned empty-handed every day. Until he died, not of hunger, but of refusing to see the change, and adapt. That’s the story of many modern professionals. Especially risk…

Oil of Olay was a tired lotion brand of no edge, no sizzle. Just memories. Yet Lafley didn’t see a product. He saw a strategic choice. Martin helped him frame it using five killer questions: What is our winning aspiration? Not survival. Domination. They aimed for $1 billion in sales and leadership in the North American skincare market. Where will we play? They drew a new battlefield between luxury creams (like Estée Lauder) and basic drugstore brands (like Nivea). The space between prestige and price. A new masstige category. How will we win? By being better, not cheaper. Formulate actual…