I did not enter Business Continuity Management with the intention of building a lifelong professional identity around it. My journey into BCM began quietly, embedded in operational responsibility rather than formal designation, long before BCM was widely recognized as a distinct discipline.
My professional roots were in banking and finance, where I was hired by two of the country’s largest local banks. In these institutions, I was entrusted early on with BCM-related responsibilities, first as the IT Business Continuity Point of Contact and later as the General Services BCP Champion. These roles were not abstract assignments. They were operational, demanding, and highly visible, particularly as both banks were navigating the ripple effects of the 2008 United States recession.
At that time, BCM was not framed as resilience or enterprise continuity. It was about keeping systems running, facilities operational, and customer trust intact amid economic uncertainty. I worked closely with IT, facilities, security, and senior management, often translating technical recovery concerns into business language that leadership could act upon. Those years taught me that BCM effectiveness depends less on titles and more on influence, coordination, and trust.
Learning BCM Through Crisis and Transition
My transition to a United States–based insurance company marked a significant shift in perspective. I joined during a period when the organization itself was recovering from the impact of the same 2008 recession. Unlike banking, where continuity expectations were already institutionalized, this environment required rebuilding stability, confidence, and operational discipline.
It was during this phase of my career that DRI was introduced as a foundational backbone to my BCM work. When I pursued and achieved my DRI certification, it became a defining moment of alignment. Many of the practices I had been performing intuitively and operationally were now clearly defined within a structured framework. What I had been doing in practice finally had a common language, recognized methodology, and professional grounding.
This alignment strengthened my confidence as a practitioner. It allowed me to formalize BCM governance, articulate recovery strategies more clearly to leadership, and ensure consistency across planning, testing, and response. The DRI framework helped translate experience into discipline, and discipline into repeatable capability.
During this same period, my responsibilities expanded further into handling company technology, formally beginning what became my deeper IT journey. Managing technology continuity sharpened my understanding of how systems, data, vendors, and people are inseparably linked during disruption, and reinforced the value of having a structured BCM framework guiding decision-making.
Deepening Capability in a Technology-Driven Environment
Before entering the outsourcing sector, I was hired by a technology company, a phase that became a defining point in my BCM practice. This role placed me at the intersection of continuity, technology governance, and operational execution.
In 2012, I was directly involved in achieving my very first ISO 22301 certification, covering five operational sites across three countries: three in the Philippines, one in Malaysia, and one in Singapore. Coordinating this multi-site certification effort required not only technical understanding of the standard, but also alignment across different regulatory environments, cultures, and organizational maturity levels.
This experience reshaped my view of BCM. Certification was not simply about passing an audit. It was about embedding continuity thinking into daily operations, aligning recovery strategies with real system dependencies, and ensuring leadership across regions understood their roles during disruption.
Working in a technology-driven organization required BCM to keep pace with rapid system changes, evolving architectures, and increasing interdependencies. Downtime was measured not only in hours, but in client confidence, contractual exposure, and service-level commitments. This phase strengthened my ability to design continuity strategies that were agile, scalable, and operationally grounded.
When the Pandemic Tested the Plan
The global pandemic became the defining test of everything that had been planned and built years before it occurred. For the first time in my career, I witnessed continuity documentation, recovery strategies, and governance structures being activated not as theoretical exercises, but as daily operational tools.
The BCM frameworks, crisis protocols, remote work arrangements, technology recovery strategies, and decision hierarchies that had been established well ahead of the pandemic proved their value under real conditions. What stood out most was not the absence of disruption, but the organization’s ability to respond with clarity and speed rather than confusion.
Because scenarios had been anticipated and responsibilities clearly defined, the organization was able to transition operations with limited exposure and, in some areas, minimal to no operational impact. The pandemic validated a belief I had carried throughout my career: planning may never be perfect, but planning is always better than no plan at all.
Experiencing the effectiveness of those pre-established plans was personally significant. It affirmed that the time, effort, and persistence invested in continuity planning, often questioned during “quiet” periods, truly mattered when the crisis arrived.
Expanding Perspective Through BPO and KPO
My subsequent move into the Business Process Outsourcing sector, followed later by Knowledge Process Outsourcing, added another layer of complexity to my BCM practice. These environments were client centric, high-pressure, and unforgiving of disruption.
In BPO and KPO settings, BCM extended well beyond internal recovery. It directly affected client trust, regulatory compliance, and long-term business relationships. Continuity planning had to account for workforce availability, infrastructure redundancy, third-party dependencies, and client-specific recovery commitments.
Managing BCM across banking, insurance, technology, BPO, and KPO environments gave me exposure far beyond a single-industry trajectory. I consider myself fortunate to have gained these diverse perspectives, as they accelerated my learning and continuously challenged me to adapt BCM principles to very different operational realities.
Each transition reinforced a core belief. Effective BCM cannot be copied wholesale from one industry to another. It must be interpreted, contextualized, and continuously refined.
Bridging Practice and Academia
As my professional experience deepened, I became increasingly aware of the need to ground practice in theory. Experience alone was no longer sufficient. I needed academic frameworks to sharpen my analysis, validate my observations, and articulate them more clearly.
Strengthening my academic foundation allowed me to translate years of practical exposure into structured thinking and disciplined writing. Academia became my arm in transforming lived experience into well-founded professional insight. Writing, in turn, became both a reflective practice and a means of contribution to the broader BCM community.
BCM in an Evolving Risk Landscape
Today’s risk environment differs fundamentally from when I began my career. Disruptions are no longer isolated or sequential. They are interconnected, overlapping, and often global. Economic volatility, cyber threats, climate-related events, and geopolitical uncertainty have reshaped how continuity must be approached.
From my experience, BCM must now extend beyond recovery objectives and documented plans. Leadership readiness, human resilience, decision-making under uncertainty, and organizational culture are equally critical. Even the strongest technical solutions will fail if people are unprepared to act decisively.
I now see the BCM practitioner’s role as that of a translator, bridging technical risk realities and executive priorities. When continuity is framed solely as risk avoidance, it struggles to gain traction. When framed as value protection, service reliability, and organizational credibility, it becomes a strategic conversation.
Reflections and Continuing Commitment
Looking back, several lessons remain clear. BCM is a journey, not a destination. Cross-industry exposure accelerates learning, but humility is essential. Leadership commitment remains the most decisive success factor.
Above all, BCM is deeply human. Behind every framework and recovery plan are individuals making decisions under pressure and carrying responsibility for others.
Even after retiring from the corporate world, my journey in BCM continues through consulting, mentoring, teaching, and writing. My focus today is not merely compliance, but capability. Resilience is not about predicting every disruption. It is about preparing organizations to respond with clarity, confidence, and responsibility when disruption inevitably occurs.
Sharon Liao Barbosa is an APAC resiliency and risk management leader with over 20 years of experience in Business Continuity, Disaster Recovery, Risk, and Information Security.
She has led ISO 22301 and ISO 27001 implementations across Global Fortune 500 organizations in the Philippines, Singapore, Malaysia, Japan, and Australia, achieving zero audit non-conformities.
She is Principal Consultant & Chief Strategist Officer of a Consulting Services and a Business Associate and Managing Partner of an ISO certifying body, advising organizations on operational resilience, compliance, and enterprise risk governance.
Sharon Liao Barbosa
