RISK & CYBERSECURITY

In a first for this blog here is a post I worked on with Mike Aiello , a former colleague from Goldman Sachs and Google and someone, like...

Cybersecurity is a field built on metaphor. We wage "cyber wars," build "digital fortresses," and practice "cyber hygiene." These phrases...

Apparently what Mike Tyson actually said in a 1987 interview was, " Everybody has plans until they get hit for the first time". In any...

I re-stumbled across this well-worn meme of the 7 deadly sins and social media so, as many of you come back from Las Vegas I thought it...

As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a...

One of the more common patterns of security program success vs. failure is how much leadership is prepared to stick with the work over...

I thought I’d try something different and share some thoughts on the Cyentia Institute’s latest report, the Information Risk Insights...

This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I recently joined Clint Gibler (tl;dr sec) at RSA for a great discussion. In it we cover a wide array of topics from the challenge of...

I’ve had a number of requests to write a post about how to start and grow a new security program - or a substantial reassessment and...

I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles.  We talk about attackers...