RISK & CYBERSECURITY

I re-stumbled across this well-worn meme of the 7 deadly sins and social media so, as many of you come back from Las Vegas I thought it...

As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a...

One of the more common patterns of security program success vs. failure is how much leadership is prepared to stick with the work over...

I thought I’d try something different and share some thoughts on the Cyentia Institute’s latest report, the Information Risk Insights...

This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I recently joined Clint Gibler (tl;dr sec) at RSA for a great discussion. In it we cover a wide array of topics from the challenge of...

I’ve had a number of requests to write a post about how to start and grow a new security program - or a substantial reassessment and...

I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles.  We talk about attackers...

For many years I’ve observed the same pattern of failure in projects, programs, issue mitigation and indeed anything that requires more...

Many security leaders, at all levels, correctly focus on having a good strategy and executing against that. However, many teams confuse...

I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...