RISK & CYBERSECURITY

I thought I’d try something different and share some thoughts on the Cyentia Institute’s latest report, the Information Risk Insights...

This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I recently joined Clint Gibler (tl;dr sec) at RSA for a great discussion. In it we cover a wide array of topics from the challenge of...

I’ve had a number of requests to write a post about how to start and grow a new security program - or a substantial reassessment and...

I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles.  We talk about attackers...

For many years I’ve observed the same pattern of failure in projects, programs, issue mitigation and indeed anything that requires more...

Many security leaders, at all levels, correctly focus on having a good strategy and executing against that. However, many teams confuse...

I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...

Jim Collins  wrote a great little book called Turning the Flywheel  to further develop an idea introduced in his book Good to Great to...

Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the...

Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in...

There are organizations that seem to have disproportionately created a large number of leaders who have gone on to be CISOs or other...

I’ve given variants of this talk at a few events in 2024 and received a lot of requests for the slides and a blog post. So here we go. ...

I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog...

Every few months some association or other learned group of professionals makes a fresh call to action for cybersecurity regulatory...

If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...

It’s puzzling that there aren’t more articles comparing and contrasting wildlife hunting techniques with cyber threat hunting, or maybe...

This is the second of two posts about interviews (the first post is here ). In this one I’ll focus on interviewing candidates and the...

This is the first of two posts about interviews. In this one I’ll focus on interviewing for a role. In the next one we’ll look at how to...