Coaching

All Posts
Leadership
Risk
Cybersecurity
Technology

a day ago
3 min

"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"

I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about ...

1,237 views

Dec 6, 2020
6 min

The Seat at the Table: Integrating Security into your Business

The success of a security program is largely determined by how well it is integrated into the fabric of the organization, in terms of bre...

1,429 views

Nov 29, 2020
3 min

Simple Rules of (InfoSec) Career Success - Updated

Over the years I've noted the behaviors I’ve seen from consistently successful people. In this context I define success as a balance of g...

931 views

Nov 15, 2020
6 min

12 Step Guide on Escalating Risk and Security Issues

Escalating issues is part of the foundation of any good risk and security program. Unfortunately, human nature is such that most people a...

1,153 views

Oct 10, 2020
4 min

Building Balanced Security Teams: The Rule of Thirds

As an industry we spend a lot of time talking about workforce development and skills shortages. We tend not to talk about how to organize...

1,469 views

Sep 27, 2020
5 min

The Most Important Mental Models for CISOs - Simple Steps for Outsize Effects

There are lots of problem solving techniques across many fields. These are often represented as mental models or behavioral short-cuts. H...

1,474 views

Aug 29, 2020
5 min

Security Budgets - Supply and Demand Thinking

How you obtain and manage a budget to drive an adequate level of security is immensely important. Yet, it is one of the least discussed a...

1,569 views

Aug 22, 2020
3 min

Cybersecurity Workforce Development - Updated

It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the a...

915 views

Aug 16, 2020
6 min

Tips for Running a Risk Committee

In any sizable organization it is important to have some form of management steering group or committee to oversee your risk program. The...

1,864 views

Aug 1, 2020
10 min

Cybersecurity and the Board : A Fresh Perspective?

How to represent cybersecurity (or technology / information risks more generally) to the Board is an ongoing subject of discussion in mos...

2,608 views

Jul 12, 2020
3 min

Security Leadership: A-grades vs. Pass/Fail

The underlying secret of most great security leaders and teams is one thing: the ability to know what needs to be done really well vs. wh...

1,771 views

Jun 28, 2020
2 min

A Simple Manifesto for Leading Security and Risk Teams

I’ve been using variants of these principles for many years in many contexts, both for security and broader risk management teams. I have...

1,882 views

Jun 21, 2020
6 min

A Security Professionals Guide to Dealing with Disagreement

Disagreement arises in many situations. It is an inevitable part of any work in any organization, or life in general. It is especially ap...

2,664 views

May 24, 2020
6 min

Resilience is about Capabilities not Plans

Resilience can be thought of as the ability to absorb shocks, adjust as needed and continue operation in the face of adversity. In other w...

1,329 views

Mar 22, 2020
2 min

Selling into a Crisis (Rights and Wrongs)

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...

8,210 views

Dec 15, 2019
1 min

Non-Technical Books. Recommended List

For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should ...

281 views

Dec 7, 2019
3 min

The Art of Influencing

A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are inn...

311 views

Nov 17, 2019
2 min

Simple Rules of (InfoSec) Career Success

Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of influ...

164 views

Nov 10, 2019
1 min

Shrines of Failure

I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts f...

595 views

Oct 26, 2019
1 min

Career Longevity & "The Don't Fire Me Chart"

To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this ...

1,502 views

{"items":["603a81e6ea326b001733c4c0","5fcce46fb8b86f0017e112b2","5fc39b6a51752e00174f7b8a","5fb11c71542af80017d049cf","5f822758f5ae940017c7b670","5f7076b26f987e0017473d42","5f4a859b3eeeb9001703ec02","5f4167db3d9723001785da3d","5f3960844d62ce0017664505","5f25aa26cb2cc00018d54287","5f0b1569d9e8dd001775a228","5ef8a83cbf3c5300171e568d","5eef78b07349220017c9555e","5eca71fead670f0017b54212","5e77af7ad4b1c000174a106f","5e0fb1441d901000173e1cc6","5e0fb2bdfadb78001797e096","5e0fb925cd0005001763a9f7","5e0fba90cd0005001763ac35","5e0fbb0bd72e020017c249e5"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":true,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"themeName":"color_12","value":"rgba(243,243,243,0.75)"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}}

RISK & CYBERSECURITY

Thoughts from the Field