RISK & CYBERSECURITY

It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...

This is an update from a post of a couple of years ago prompted by some recent observations from a few different organizations. It seems...

There are four major insights that, above all others, have influenced my approach to security and risk management over the past decades....

We talk about attackers being the enemy. Sometimes we talk about insider threats. But one of our biggest enemies is pernicious...

How Boards, especially public company Boards, oversee cybersecurity is a crucial but difficult topic. This previous post discussed how...

Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly,...

We continuously hear about the millions of unfilled cybersecurity roles, although I’ve yet to see a study that actually supports that...

A key part of any security leader's role is relationship management. In my experience this is another one of those leadership skills that...

I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...

In a few of my posts I've talked about the economy of scale of the cloud is fundamentally changing the game of security. The pace of...

One of the many pieces of accepted wisdom in information/cybersecurity is that complexity is the enemy of security. But is it? You...

This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...