Enterprise Risk Management: Lessons Learned from Captain Jean-Luc Picard and Spock

Lawrence M. Zacarese, JD, MPA, CCEP, CHSP, CHCM
Vice President for Enterprise Risk Management & Chief Security Officer, Stony Brook University
background image

To be honest, I am more of a Star Wars guy than a Star Trek fan but when life gives you the opportunity to model lessons around movies, timeless classic television shows, or infamous characters, you take it.

I have been in my current role leading the enterprise risk management (ERM) functions for my university for nearly three years and one of the first gifts I was given for my office was a framed picture of Captain James T. Kirk, surrounded by his crew, at the helm of the USS Enterprise. Kirk is pictured with his signature look, complete with half of a smirk, exuding confidence and stoicism. The rest of the crew, standing close by and at the ready, are encircling their captain while positioned at their various stations.

It struck me that this picture was the embodiment of the key components for a successful ERM team. A leader who inspires, sets strategy, makes decisions, and guides with a steady, confident hand. A crew of subject matter experts put together to ensure that the vital aspects of science, safety, health, communications and security assembled to courageously tackle risk management and mitigation. While the language and catch phrases modified over the years and through the various series, the essence remains unchanged:

  • Space: the final frontier.
  • To explore strange new worlds;
  • To seek out new life and new civilizations;
  • To boldly go where no one has gone before.

If you are responsible for the ERM function in your organization, particularly if you are like me and were involved in creating the function from the ground up, you will likely appreciate the analogies here. Whether your organization is comprised of 10 people or 10,000, public, private or non-profit, the financial sector, healthcare or higher education, there is often a common denominator; change is hard. Changing processes, systems, traditions and the very people involved in them is a challenge. Convincing folks that there is value in risk identification, assessment and analysis may not be easy in some organizational cultures and may not be seen as a valuable exercise worthy of investing time and money (spoiler alert, not everyone gets excited about risk heat maps and residual risk calculations).

So what do you do? Get ready to be the captain of your Enterprise. The Captain Kirk, Picard, Pike, Archer, Sisko, Georgiou or Janeway. Get ready to be a change agent and ambassador for inculcating an appreciation for embracing risks as opportunities, not obstacles. To boldly go where no one has gone before, you must be willing to do what no one has done before. Creating an ERM function (or maturing an existing program), takes buy-in. Senior executive, top-down tone setting, middle-management coordination and program support; and bottom-up appreciation and acknowledgment that the process is important for the entire organization.

But how, you may say. Follow the advice of my two favorite captains and favorite Vulcan.

Kirk once said, “they used to say that if man was meant to fly, he'd have wings. But he did fly. He discovered he had to.” Lead the change from the front, inspire your teams and your organizations. Risk is not a dirty word. Adaptation and evolution are necessary components for all organizations.

Picard wisely posited, “there is a way out of every box, a solution to every puzzle; it's just a matter of finding it. Things are only impossible until they are not.” Be patient, sometimes change takes time. Champion the efforts to embrace institutional knowledge and processes that work while also being brave enough to approach challenges in different ways.

And of course, perhaps most famously, Spock encouraged everyone to, “live long and prosper.” Long- term organizational change takes sustained passion and investment. Play the long game and remain focused on the mission to make ERM an inextricable part of your organizational DNA.

*The views and opinions expressed in the Public Risk Management Association (PRIMA) blogs are those of each respective author. The views and opinions do not necessarily reflect the official policy or position of PRIMA.*

By: Lawrence M. Zacarese, JD, MPA, CCEP, CHSP, CHCM
Vice President for Enterprise Risk Management & Chief Security Officer, Stony Brook University

Summary of Qualifications

Lawrence has more than 32 years' experience in the public and private sector in the areas of safety, security, emergency management, business continuity and risk mitigation as a senior executive, attorney, subject matter expert, consultant and educator.


In his role at Stony Brook University (SBU), Lawrence is responsible for the direct supervision and management of a 400+ person enterprise risk management division (budget $40M+) comprised of environmental health and safety, emergency management, training and
outreach, university police, public safety, corporate security, business continuity, risk management and insurance, policy and compliance, mobility, parking and transit services, access control and electronic physical security, and ERM technology, research and development.

Professional Affiliations

  • SCCE
  • IAEM
  • IACP
  • NY State Bar Association


  • JD, Touro University
  • MPA, Inspector General, John Jay College of Criminal Justice
  • Post Graduate Certificate Global Security and Terrorism Studies, Fairleigh Dickinson
  • Post Graduate Certificate Criminal Justice Education, University of Virginia
  • BA, Forensic Psychology, John Jay College of Criminal Justice
  • FBI National Academy (Session #246)
  • Senior Executives in National and International Security, Harvard Kennedy School

Sign Up for Our Education Newsletter

You Might Also Be Interested In