The 6 Fundamental Forces of Information Security Risk
I first posted this as a Twitter thread in 2019. These forces still seem very much current - perhaps even more so. It is interesting to...
top of page
Search
- Jan 14
- 12 min
Ceremonial Security and Cargo Cults
There is a lot of conventional security that is based on established ceremonies and an unquestioning faith that if we keep doing these...
15,286 views
- Dec 31, 2022
- 7 min
Simple Ways to Communicate Successes
It’s that time of year when you’ve inevitably written notes to your organization and leadership about all your team’s achievements over...
4,024 views
- Dec 17, 2022
- 3 min
Dangerous Embedded Assumptions
There is a notion I keep coming back to thanks to this article from a few years ago. The essence is that there are things that have...
1,409 views
- Dec 3, 2022
- 8 min
The Uncanny Valley of Security - Updated
Since I first wrote this post 2 years ago I keep seeing it reinforced. The basic premise is that, sometimes, advanced levels of security...
3,895 views
- Nov 5, 2022
- 4 min
How to Tell if You Really are an InfoSec Professional
Some of you in the US, and maybe others, might be familiar with the ongoing, somewhat self-deprecating, Jeff Foxworthy skit of “You might...
8,188 views
- Oct 22, 2022
- 10 min
Grand Challenges or Grind Challenges
How much of your work that you would like to describe as a “grand” challenge is really more of a “grind”? As an industry we like to talk...
1,649 views
- Oct 8, 2022
- 7 min
Field Guide to the Various Communities of Security
Which part of the security community are you in? Often, when one part of the security community talks about the overall community they...
2,827 views
- Sep 24, 2022
- 6 min
Essential Attributes of Security Leadership
Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...
2,835 views
- Sep 10, 2022
- 13 min
Crucial Questions from Governments and Regulators
In this, fourth and final post in the series of Crucial Questions I’m going to focus on those from governments and regulators. This...
1,668 views
- Aug 27, 2022
- 23 min
Crucial Questions from CISOs and Security Teams
In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...
5,681 views
- Aug 13, 2022
- 13 min
Crucial Questions from CIOs and CTOs
In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...
4,365 views
- Jul 16, 2022
- 3 min
3 Year Review
I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...
3,084 views
- Jul 2, 2022
- 5 min
The Reporting Line of Security Teams / CISOs - Updated
This can be an emotive topic for many people. It is one, I’ve found, colored more by dogma than nuance (as it seems with many things...
4,365 views
- Jun 18, 2022
- 6 min
Are Security Analogies Counterproductive?
Do analogies actually help us or do they set back our ability to drive change? On the face of it they are a useful explanatory tool, as...
1,820 views
- May 21, 2022
- 7 min
Defense in Depth
Defense in depth is a well accepted security principle. Intuitively, it stipulates there should be multiple lines of controls so as to...
4,484 views
- Apr 21, 2022
- 3 min
The Stress and Joy of Security Jobs - Updated
There’s a lot going on in the world from conflict, crime, economic and many other pressures. Many of these matters have security...
3,134 views
- Apr 9, 2022
- 9 min
10 Fundamental (but really hard) Security Metrics
As an industry we have been trying to deal with the issue of security metrics for a long time. I’ve written about this here, and in the...
13,140 views
- Mar 12, 2022
- 9 min
Human Error
Human error is not an explanation, rather it is something to be explained. In analyzing and learning from incidents, not just security...
2,424 views
- Feb 26, 2022
- 4 min
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
3,641 views
bottom of page