top of page
Search
Why Stuff Fails (“The Thermocline of Truth”)
For many years I’ve observed the same pattern of failure in projects, programs, issue mitigation and indeed anything that requires more...
Apr 195 min read
1,226 views
Security Programs - A Plan is Not a Strategy
Many security leaders, at all levels, correctly focus on having a good strategy and executing against that. However, many teams confuse...
Apr 55 min read
4,197 views
Security Leaders’ Reading List
I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...
Mar 226 min read
4,786 views
Turning the Security Flywheel
Jim Collins wrote a great little book called Turning the Flywheel to further develop an idea introduced in his book Good to Great to...
Mar 89 min read
3,291 views
Post Quantum Cryptography Migration: Time to Get Going
Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the...
Feb 228 min read
2,394 views
Stressed Testing: Practical Operational Resilience
Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in...
Feb 813 min read
1,496 views
The CISO Factories: 12 Features of Organizations that Create Security Leaders
There are organizations that seem to have disproportionately created a large number of leaders who have gone on to be CISOs or other...
Jan 256 min read
2,207 views
Keys to Career Success
I’ve given variants of this talk at a few events in 2024 and received a lot of requests for the slides and a blog post. So here we go. ...
Jan 115 min read
3,371 views
Top Ideas and Posts from 2024
I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog...
Dec 28, 20246 min read
1,446 views
Regulatory Harmonization - Let’s Get Real
Every few months some association or other learned group of professionals makes a fresh call to action for cybersecurity regulatory...
Nov 30, 20247 min read
1,658 views
Risk Appetite and Risk Tolerance - A Practical Approach
If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...
Nov 2, 202413 min read
7,244 views
Threat Hunting: Real World vs. Cyber World
It’s puzzling that there aren’t more articles comparing and contrasting wildlife hunting techniques with cyber threat hunting, or maybe...
Oct 19, 20247 min read
1,680 views
Job Interviews: Part 2 Conducting the Security Interview - The Big 10
This is the second of two posts about interviews (the first post is here ). In this one I’ll focus on interviewing candidates and the...
Oct 5, 202417 min read
4,123 views
Job Interviews: Part 1 Acing the Security Interview - 10 Top Tips
This is the first of two posts about interviews. In this one I’ll focus on interviewing for a role. In the next one we’ll look at how to...
Sep 21, 202411 min read
4,003 views
6 Truths of Cyber Risk Quantification
I wrote the original version of this post over 4 years ago. In revisiting this it is interesting to note that not much has actually...
Sep 7, 20248 min read
6,247 views
Ethics and Computer Security Research
If we are to keep advancing the fields of information / cybersecurity, technology risk management and resilience then we need to apply...
Aug 24, 20246 min read
547 views
Security Training & Awareness - 10 Essential Techniques
Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...
Aug 10, 202416 min read
7,867 views
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
Jul 13, 20245 min read
3,964 views
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
Jun 29, 202410 min read
2,053 views
Going Faster: Isochrones and “Time to Hello World”
When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...
Jun 15, 20245 min read
1,296 views
bottom of page