RISK & CYBERSECURITY

Some time ago I saw a comment about the distinction between acting like a “watchmaker” or a “gardener” when undertaking organization transformations. I misplaced the original reference so, unfortunately, I can’t credit appropriately. But, I’ve been thinking a lot about what this would mean in the context of security leadership. Specifically, should the CISO be a watchmaker or a gardener, or both? The Watchmaker CISO: Precision and Control Imagine a master watchmaker, meticulo

The most read posts in 2025 coalesced around the concept that successful cybersecurity is fundamentally a function of business leadership, strategic design, and sustainable execution . The unifying themes across the top posts emphasize shifting security from an artisanal, reactive craft to an industrial-scale, proactive capability focused on building scalable, self-reinforcing systems (flywheels). Transformation requires leaders to manage stakeholder expectations carefully, p

This is the final of the series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master C

This is part 6 of a 7 part series grouping together sets of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing/refreshing a security program Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadership Master