How to go From Collecting Risk Data to Actually Reducing Risk?

The author discusses the need for organizations to transition from a firefighting approach to a proactive approach in managing risk reduction. The article outlines seven steps to achieve this transition, including creating a centralized backlog of findings, normalizing and deduplicating the findings, choosing how and who will perform remediation actions, routing the remediation items to the appropriate teams, automating backlog management, completing the actual fixes, and measuring performance and risk reduction through reporting. This shift in approach allows for better scalability and collaboration between security and remediation teams.