top of page
Search
Segmentation Technologies / Zero Trust
This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...
Jun 142 min read
826
CISO / Cybersecurity Leader Job Description
There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...
May 313 min read
8,671
Scaling Security, AI and More....
I recently joined Clint Gibler (tl;dr sec) at RSA for a great discussion. In it we cover a wide array of topics from the challenge of...
May 201 min read
1,069
Starting a Security Program from Scratch (or re-starting)
I’ve had a number of requests to write a post about how to start and grow a new security program - or a substantial reassessment and...
May 1712 min read
5,276
CISO: Librarian, Archeologist or Explorer?
I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles. We talk about attackers...
May 36 min read
1,137
Why Stuff Fails (“The Thermocline of Truth”)
For many years I’ve observed the same pattern of failure in projects, programs, issue mitigation and indeed anything that requires more...
Apr 195 min read
1,897
Security Programs - A Plan is Not a Strategy
Many security leaders, at all levels, correctly focus on having a good strategy and executing against that. However, many teams confuse...
Apr 55 min read
5,060
Security Leaders’ Reading List
I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...
Mar 226 min read
5,423
Turning the Security Flywheel
Jim Collins wrote a great little book called Turning the Flywheel to further develop an idea introduced in his book Good to Great to...
Mar 89 min read
3,649
Post Quantum Cryptography Migration: Time to Get Going
Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the...
Feb 228 min read
3,136
Stressed Testing: Practical Operational Resilience
Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in...
Feb 813 min read
1,599
The CISO Factories: 12 Features of Organizations that Create Security Leaders
There are organizations that seem to have disproportionately created a large number of leaders who have gone on to be CISOs or other...
Jan 256 min read
2,304
bottom of page