Why This Matters Outside Aviation
Aviation solved a problem most security and risk functions still haven't: building decision discipline into the moment a hazard appears, not just into a quarterly risk register.
The FAA's Risk Management Handbook sets out five frameworks pilots are required to use before and during every flight. Each one maps directly onto a gap I see repeatedly in security, crisis and enterprise risk practice.
PAVE (Pilot, Aircraft, Environment, External Pressures) is a four-category hazard checklist run before commitment. The equivalent doesn't exist in most close protection, control room or crisis team workflows, and it should.
The Flight Risk Assessment Tool (FRAT) scores 20+ variables into a single number with a go/no-go threshold, before the activity starts. Most enterprise risk registers only score after the fact.
The Five Hazardous Attitudes (anti-authority, impulsivity, invulnerability, macho, resignation) are a human-factors model aviation has used for decades. Security operations run on the same psychology, with none of the same training.
The Swiss cheese model treats every defence, a checklist, a second reviewer, a proficiency standard, as an imperfect layer with gaps. It's the clearest explanation of why layered crisis and business continuity plans still fail.
The 3P model (Perceive, Process, Perform) keeps a decision-maker re-assessing continuously, not just at the start. Most risk and resilience plans run on autopilot the moment conditions change.
30+ years building risk frameworks for boards, critical infrastructure operators and government agencies taught me the same lesson aviation already knew: the discipline is in the checklist you run in the moment, not the register you review in the quarter.