6 Truths of Cyber Risk Quantification
top of page
Search
I wrote the original version of this post over 4 years ago. In revisiting this it is interesting to note that not much has actually...
- Aug 24
- 6 min
Ethics and Computer Security Research
If we are to keep advancing the fields of information / cybersecurity, technology risk management and resilience then we need to apply...
284 views
- Aug 10
- 16 min
Security Training & Awareness - 10 Essential Techniques
Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...
5,704 views
- Jul 13
- 5 min
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
3,324 views
- Jun 29
- 10 min
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
1,711 views
- Jun 15
- 5 min
Going Faster: Isochrones and “Time to Hello World”
When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...
1,227 views
- Jun 1
- 8 min
Incentives for Security: Flipping the Script
We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5...
3,920 views
- May 18
- 4 min
The Crucial Test of Security Leadership: A-grades vs. Pass/Fail
A major success marker of great security leaders and their teams is one simple prioritization technique: the ability to know what needs...
2,222 views
- Apr 20
- 10 min
Security and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...
4,091 views
- Apr 6
- 6 min
A Letter from the Future
A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to...
4,788 views
- Mar 23
- 10 min
InfoSec Hard Problems
We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed...
4,003 views
- Mar 9
- 6 min
DevOps and Security
Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...
2,070 views
- Feb 24
- 13 min
The Power of Community: 5 Steps to Fast-Track Your InfoSec Career
As we start out, or even when entering a new stage of our careers, we realize the need to be connected to a professional community. For...
2,558 views
- Feb 10
- 5 min
The 80 / 20 Principle
Ever since I first became familiar with the 80/20 principle, and other circumstances marked by Pareto distributions, I began to see...
2,720 views
- Jan 13
- 5 min
Best Security Movies (and some that haven’t been made yet)
Everyone has their list of favorite security movies and I bet some are on everyone’s list. There’s also a set of movies that aren’t...
1,436 views
- Dec 30, 2023
- 5 min
Top Ideas and Posts from 2023
Thankfully I managed to keep up the pace of 1 post every 2 weeks throughout 2023. Just when I think I might be running out of ideas, and...
1,985 views
- Nov 18, 2023
- 8 min
Bug Bounty Programs
There are still plenty of organizations that don’t have a well defined and accessible bug bounty program. More surprisingly, there are...
1,785 views
- Nov 4, 2023
- 7 min
Caricatures of Security People
The great thing about the security industry is it’s made up of a variety of roles and people from many backgrounds, disciplines, skill...
19,479 views
- Sep 23, 2023
- 7 min
Is Complexity the Enemy of Security?
Since the last post about leverage points in managing complex systems I thought it would be good to revisit and update a post from a few...
2,252 views
- Sep 9, 2023
- 14 min
Leverage Points - A Cybersecurity Perspective
Security is an emergent property of the complex systems we inhabit. In other words, security isn’t a thing that you do, rather it's a...
2,809 views
bottom of page