top of page
Search
The Most Important Mental Models for CISOs - Simple Steps for Outsize Effects
There are lots of problem solving techniques across many fields. These are often represented as mental models or behavioral short-cuts....
Sep 27, 20205 min read
2,280 views
Security Budgets - Supply and Demand Thinking
How you obtain and manage a budget to drive an adequate level of security is immensely important. Yet, it is one of the least discussed...
Aug 29, 20205 min read
2,126 views
Cybersecurity Workforce Development - Updated
It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...
Aug 22, 20203 min read
1,227 views
Tips for Running a Risk Committee
In any sizable organization it is important to have some form of management steering group or committee to oversee your risk program. The...
Aug 16, 20206 min read
2,717 views
Cybersecurity and the Board : A Fresh Perspective?
How to represent cybersecurity (or technology / information risks more generally) to the Board is an ongoing subject of discussion in...
Aug 1, 202010 min read
6,048 views
Security Leadership: A-grades vs. Pass/Fail
The underlying secret of most great security leaders and teams is one thing: the ability to know what needs to be done really well vs....
Jul 12, 20203 min read
1,992 views
A Simple Manifesto for Leading Security and Risk Teams
I’ve been using variants of these principles for many years in many contexts, both for security and broader risk management teams. I have...
Jun 28, 20202 min read
2,212 views
A Security Professionals Guide to Dealing with Disagreement
Disagreement arises in many situations. It is an inevitable part of any work in any organization, or life in general. It is especially...
Jun 21, 20206 min read
3,142 views
Resilience is about Capabilities not Plans
Resilience can be thought of as the ability to absorb shocks, adjust as needed and continue operation in the face of adversity. In other...
May 24, 20206 min read
2,103 views
Selling into a Crisis (Rights and Wrongs)
It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...
Mar 22, 20202 min read
8,458 views
Non-Technical Books. Recommended List
For some reason, first at a TAG_Cyber event and then coincidentally at 2 other events, the question of what books security people should...
Dec 15, 20191 min read
556 views
The Art of Influencing
A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are...
Dec 7, 20193 min read
473 views
Simple Rules of (InfoSec) Career Success
Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of...
Nov 17, 20192 min read
285 views
Shrines of Failure
I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
Nov 10, 20191 min read
671 views
Career Longevity & "The Don't Fire Me Chart"
To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...
Oct 26, 20191 min read
4,207 views
The Stress and Joy of Security Jobs
A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...
Oct 5, 20192 min read
1,552 views
Security Program Tactics
When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...
Sep 15, 20193 min read
576 views
The Reporting Line of Security Teams / CISOs
Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking...
Jun 9, 20193 min read
1,546 views
Cybersecurity Workforce Development
It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...
May 24, 20193 min read
226 views
Time Management
It never ceases to amaze me the opportunities and interesting work that stem from the multitude of connections that come from being...
May 14, 20191 min read
256 views
bottom of page