top of page
Search
2 days ago5 min read
Keys to Career Success
I’ve given variants of this talk at a few events in 2024 and received a lot of requests for the slides and a blog post. So here we go. ...
1,178 views
Dec 28, 20246 min read
Top Ideas and Posts from 2024
I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog...
1,109 views
Nov 30, 20247 min read
Regulatory Harmonization - Let’s Get Real
Every few months some association or other learned group of professionals makes a fresh call to action for cybersecurity regulatory...
1,463 views
Nov 2, 202413 min read
Risk Appetite and Risk Tolerance - A Practical Approach
If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...
6,127 views
Oct 19, 20247 min read
Threat Hunting: Real World vs. Cyber World
It’s puzzling that there aren’t more articles comparing and contrasting wildlife hunting techniques with cyber threat hunting, or maybe...
1,550 views
Oct 5, 202417 min read
Job Interviews: Part 2 Conducting the Security Interview - The Big 10
This is the second of two posts about interviews (the first post is here ). In this one I’ll focus on interviewing candidates and the...
3,900 views
Sep 21, 202411 min read
Job Interviews: Part 1 Acing the Security Interview - 10 Top Tips
This is the first of two posts about interviews. In this one I’ll focus on interviewing for a role. In the next one we’ll look at how to...
3,768 views
Sep 7, 20248 min read
6 Truths of Cyber Risk Quantification
I wrote the original version of this post over 4 years ago. In revisiting this it is interesting to note that not much has actually...
5,845 views
Aug 24, 20246 min read
Ethics and Computer Security Research
If we are to keep advancing the fields of information / cybersecurity, technology risk management and resilience then we need to apply...
534 views
Aug 10, 202416 min read
Security Training & Awareness - 10 Essential Techniques
Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...
7,516 views
Jul 13, 20245 min read
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
3,836 views
Jun 29, 202410 min read
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
1,923 views
Jun 15, 20245 min read
Going Faster: Isochrones and “Time to Hello World”
When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...
1,273 views
Jun 1, 20248 min read
Incentives for Security: Flipping the Script
We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5...
4,298 views
May 18, 20244 min read
The Crucial Test of Security Leadership: A-grades vs. Pass/Fail
A major success marker of great security leaders and their teams is one simple prioritization technique: the ability to know what needs...
2,463 views
Apr 20, 202410 min read
Security and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...
4,281 views
Apr 6, 20246 min read
A Letter from the Future
A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to...
4,867 views
Mar 23, 202410 min read
InfoSec Hard Problems
We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed...
4,339 views
Mar 9, 20246 min read
DevOps and Security
Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...
2,152 views
Feb 24, 202413 min read
The Power of Community: 5 Steps to Fast-Track Your InfoSec Career
As we start out, or even when entering a new stage of our careers, we realize the need to be connected to a professional community. For...
2,631 views
bottom of page