By Kiran Bhujle, Enterprise Risk Management Part-Time Lecturer; Global Managing Director, SVAM International Inc.
For seven years, I have taught in the M.S. in Enterprise Risk Management (ERM) program at Columbia University School of Professional Studies while working full-time in cybersecurity. My professional work involves developing security strategies for organizations across government, education, nonprofit, financial services, and other regulated industries.
When I first started teaching, I assumed the job was straightforward: bringing real-world experience into the classroom and helping students learn from it. That assumption did not last long. My students who already lead risk functions challenge my thinking in ways I do not encounter in day-to-day consulting work. The interaction between my teaching and my professional work has become mutually reinforcing, making both stronger and more grounded in reality.
Where Practice Meets the Classroom
What has always stood out to me about my students is that they are practitioners, not spectators. They arrive with active responsibilities, real stakeholders, and real organizational constraints. As a result, classroom discussions go directly into the practical side of risk management.
A few years ago, a student asked a question that sounds simple but isn't: "How do you actually decide what to protect first when your executives say everything is critical?” It’s a question that comes up constantly in cybersecurity, but rarely with the space to talk it through. Together, we applied the Pareto Principle to identify which assets drive the majority of exposure based on sensitivity, attack surface, and business impact. That conversation helped me clarify the prioritization process more precisely than I had before. A week later, I used the same reasoning in a client proposal. The classroom discussion directly sharpened my professional work.
This has become a pattern. When I teach compliance frameworks, someone from financial services challenges me with regulatory conflicts I haven’t encountered. A healthcare professional raises patient-safety considerations that shift the risk lens entirely. A student working at an international agency describes governance hurdles at a global scale. Those perspectives broaden my understanding and remind me that risk principles translate across sectors even if the rules don’t.
The timing also matters. When I teach vendor risk assessment, I am often evaluating vendors for clients that same week. When we discuss incident communication, I may be drafting those communications in real time. Teaching gives me structured space to think, while consulting provides real-world pressure testing.
Another benefit of teaching is that it forces clearer reasoning. In a client meeting, “that’s the industry standard” is sometimes enough. In the classroom, it never is. Students ask why this standard, why this method, why this assumption. Being pushed to articulate my reasoning strengthens how I explain decisions to clients.
The Mutual Reinforcement of Teaching and Practice
Seven years in, the pattern is clear: Doing both makes each one better. Students get current examples and the messy reality of how this work actually happens. I get to be challenged by smart people from different contexts, which keeps me from relying on familiar patterns. The classroom forces me to explain concepts I might otherwise treat as obvious, while my professional work keeps classroom discussions grounded in what truly works rather than what sounds good in theory. Neither one would be as strong alone. They push on each other in ways that make both more useful.
Views and opinions expressed here are those of the authors, and do not necessarily reflect the official position of Columbia School of Professional Studies or Columbia University.
About the Program
The Master of Science in Enterprise Risk Management (ERM) program at Columbia University prepares graduates to inform better risk-reward decisions by providing a complete, robust, and integrated picture of both upside and downside volatility across an entire enterprise. For both the full-time and part-time options, students may take all their courses on Columbia’s New York City campus or choose the synchronous online class experience.
The application deadline for the M.S. in Enterprise Risk Management program is May 1. Learn more about the program here.
