Yesterday I went on a guided hike to teach people how to safely hike through bear country. Specifically grizzy bear country. Unfortunately, we didn’t see any bears, but we did learn an amazing amount about them, and saw some spectacular glaciers and alpine terrain.
Why would I sign up for something like this? Because this is basic risk management. I routinely hike in bear country (albeit mostly black bears and not grizzlies) and to effectively manage the risks, I have to know how to prepare and how to react in a dangerous situation.
I can’t just trust that everything will be ok. I need to prepare for reasonable situations so that if something does go wrong, I can still safely get through it. I don’t expect to know absolutely everything, but I do expect to know the fundamentals of hiking safely.
How can I avoid situations where I’m putting myself in unnecessary danger? How will I call for help if I do get stuck?
This is risk management. I’m not eliminating every risk, I’m managing them through education and practice.
In all the discussions about “Vibe coding” these days, I’m seeing a complete absence of basic risk management, and that’s alarming.
There is story after story of sites that were built with GenAI tools that are lacking any of the security features that we would consider basic risk management. Some of these have already been hacked and others will be in the future.
People who don’t have the education or skills around risk management have suddenly been given tools that appear to do all the thinking for them, and yet they don’t. We need to do better.
Risk management requires regular education and practice and we can’t delegate that to a tool, no matter how convenient it might seem.
