RISK & CYBERSECURITY

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is wrong, however, to ...

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should read to develop thei...

A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are innate - you have them ...

Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of influence and are highly ...

I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts from in a physical sp...

To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this is also a space wher...

A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out talk. Ok, yes, security ...

When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects - as well as diving in...

Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking “is this the hill you...

It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the all too simple answer...

It never ceases to amaze me the opportunities and interesting work that stem from the multitude of connections that come from being relatively generous with ...