RISK & CYBERSECURITY

We all need to advance our businesses and that is in many respects about selling. We also need to recognize that security and reliability are increasingly the path to sustainable long term customer success - which is your success. This is where the Field CISOs come in.  There are many more people that are becoming, so called, Field CISOs and many more organizations that are creating Field CISO teams under a variety of structures and names. Let’s look at what Field CISOs are,

I first wrote the original of this post over 4 years ago. Having seen a new spurt of discussion about organization politics in various on-line and in-person forums I thought it was time for an update.  At every stage in your career and in every part of your role you are going to have to deal with organizational politics. People often construe such politics as inherently negative. Yes, there are some organizations that have toxic cultures where organizational politics looks mo

Some time ago I saw a comment about the distinction between acting like a “watchmaker” or a “gardener” when undertaking organization transformations. I misplaced the original reference so, unfortunately, I can’t credit appropriately. But, I’ve been thinking a lot about what this would mean in the context of security leadership. Specifically, should the CISO be a watchmaker or a gardener, or both? The Watchmaker CISO: Precision and Control Imagine a master watchmaker, meticulo

The most read posts in 2025 coalesced around the concept that successful cybersecurity is fundamentally a function of business leadership, strategic design, and sustainable execution . The unifying themes across the top posts emphasize shifting security from an artisanal, reactive craft to an industrial-scale, proactive capability focused on building scalable, self-reinforcing systems (flywheels). Transformation requires leaders to manage stakeholder expectations carefully, p

This is the final of the series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master C

This is part 6 of a 7 part series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master

This is part 5 of a 7 part series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master

This is part 4 of a 7 part series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master

This is part 3 of a 7 part series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing or refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Mas

This is part 2 of this 7 part series grouping together a set of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing or refreshing a security program  Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadershi

This is the first of a 7 part series where I’ll group together a set of prior posts into a particular theme that will make it all the...

In a first for this blog here is a post I worked on with Mike Aiello , a former colleague from Goldman Sachs and Google and someone, like...

Apparently what Mike Tyson actually said in a 1987 interview was, " Everybody has plans until they get hit for the first time". In any...

One of the more common patterns of security program success vs. failure is how much leadership is prepared to stick with the work over...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles.  We talk about attackers...

For many years I’ve observed the same pattern of failure in projects, programs, issue mitigation and indeed anything that requires more...

Many security leaders, at all levels, correctly focus on having a good strategy and executing against that. However, many teams confuse...

I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...

Jim Collins  wrote a great little book called Turning the Flywheel  to further develop an idea introduced in his book Good to Great to...