Cybersecurity Workforce Development - Updated
It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...
top of page
Search
- Aug 16, 2020
- 6 min
Tips for Running a Risk Committee
In any sizable organization it is important to have some form of management steering group or committee to oversee your risk program. The...
2,595 views
- Aug 1, 2020
- 10 min
Cybersecurity and the Board : A Fresh Perspective?
How to represent cybersecurity (or technology / information risks more generally) to the Board is an ongoing subject of discussion in...
5,482 views
- Jul 12, 2020
- 3 min
Security Leadership: A-grades vs. Pass/Fail
The underlying secret of most great security leaders and teams is one thing: the ability to know what needs to be done really well vs....
1,884 views
- Jun 28, 2020
- 2 min
A Simple Manifesto for Leading Security and Risk Teams
I’ve been using variants of these principles for many years in many contexts, both for security and broader risk management teams. I have...
2,163 views
- Jun 21, 2020
- 6 min
A Security Professionals Guide to Dealing with Disagreement
Disagreement arises in many situations. It is an inevitable part of any work in any organization, or life in general. It is especially...
2,995 views
- May 24, 2020
- 6 min
Resilience is about Capabilities not Plans
Resilience can be thought of as the ability to absorb shocks, adjust as needed and continue operation in the face of adversity. In other...
1,921 views
- Mar 22, 2020
- 2 min
Selling into a Crisis (Rights and Wrongs)
It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...
8,420 views
- Dec 15, 2019
- 1 min
Non-Technical Books. Recommended List
For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should...
478 views
- Dec 7, 2019
- 3 min
The Art of Influencing
A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are...
451 views
- Nov 17, 2019
- 2 min
Simple Rules of (InfoSec) Career Success
Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of...
260 views
- Nov 10, 2019
- 1 min
Shrines of Failure
I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
649 views
- Oct 26, 2019
- 1 min
Career Longevity & "The Don't Fire Me Chart"
To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...
3,738 views
- Oct 5, 2019
- 2 min
The Stress and Joy of Security Jobs
A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...
1,518 views
- Sep 15, 2019
- 3 min
Security Program Tactics
When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...
404 views
- Jun 9, 2019
- 3 min
The Reporting Line of Security Teams / CISOs
Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking...
1,476 views
- May 24, 2019
- 3 min
Cybersecurity Workforce Development
It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...
190 views
- May 14, 2019
- 1 min
Time Management
It never ceases to amaze me the opportunities and interesting work that stem from the multitude of connections that come from being...
218 views
bottom of page