Entrepreneurship

All Posts
Leadership
Risk
Cybersecurity
Technology

Jul 18, 2020
3 min

Threat Intelligence - Updated

This is an update from a thread that became a post last year. Threat intelligence seems, at least to me, to get maligned too much. For ma...

984 views

Jul 12, 2020
3 min

Security Leadership: A-grades vs. Pass/Fail

The underlying secret of most great security leaders and teams is one thing: the ability to know what needs to be done really well vs. wh...

1,764 views

Jun 7, 2020
4 min

Are Security Incidents Really Increasing?

I see regular waves of articles and commentary that assert : “We are spending more and more on security but security incidents / breaches...

776 views

May 17, 2020
3 min

Crypto isn’t the Only Cyber Issue in a Post Quantum World

Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years....

497 views

May 9, 2020
2 min

Think Twice Before Switching Off Controls : Chesterton's Fence

Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is particu...

371 views

May 3, 2020
5 min

Cyber Risk Quantification

Risk quantification, in any field, is not an end in itself. It exists to compel some action. That action might be to drive decisions or s...

3,450 views

Apr 26, 2020
5 min

Are You Managing Your Risk Register Effectively?

Not all risks are possible to fully mitigate in every context, so you need to record and manage those residual risks. These are often put...

2,044 views

Apr 19, 2020
4 min

Intelligence Failures - “The Distortion of Retrospect”

The codebreaking and overall intelligence success of Bletchley Park in World War II is legendary. Ultra, along with broader Allied signal...

530 views

Apr 5, 2020
3 min

Prioritizing Security Improvements - A Deceptively Simple Way

In most organizations you are constantly upgrading your security controls. This is for many reasons, including: New threats induce higher...

1,854 views

Mar 22, 2020
2 min

Selling into a Crisis (Rights and Wrongs)

It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...

8,196 views

Mar 1, 2020
3 min

Cybersecurity Macro Themes for the 2020's

In this coming decade there will be 5 major themes that differentiate great security programs, products, features and processes. These ar...

1,940 views

Feb 2, 2020
5 min

Dealing with the Deluge of Vendors

Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their c...

1,372 views

Jan 24, 2020
2 min

The Leading Indicators of a Great Info/Cybersecurity Program

It can be hard to effectively assess, with a suitable degree of rigor, the security of your suppliers, counter-parties or companies you a...

1,753 views

Jan 1, 2020
3 min

Predictions and Calls to Action

It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...

91 views

Dec 1, 2019
3 min

Insider Threat Risk - Blast Radius Perspective

The management of insider threats is a complex and often under-thought process - people who work on it appreciate the subtlety and diffic...

140 views

Nov 24, 2019
2 min

Alternative Risk Management Strategies.

Much focus of risk mitigation is about implementing controls: preventative, detective and reactive. This is necessary in most cases, and ...

127 views

Nov 10, 2019
1 min

Shrines of Failure

I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts f...

594 views

Oct 26, 2019
1 min

Career Longevity & "The Don't Fire Me Chart"

To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this ...

1,493 views

Oct 5, 2019
2 min

The Stress and Joy of Security Jobs

A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out talk...

839 views

Sep 29, 2019
3 min

Cybersecurity is not the only Technology Risk

Cybersecurity is not the only technology risk, in fact, when you total up actual losses it is likely not even the biggest risk. Although ...

181 views

{"items":["5f131ce360f331001760308a","5f0b1569d9e8dd001775a228","5edd2c92921762001783fb93","5ec15569ce1586001707acf6","5eb720c6d51cdd00170dacb0","5eaedc3f86fabe00f3bc7a78","5ea5de188c2aac00173f3d59","5e9c6c1f23856f00342ce445","5e8a0a831f068600172be034","5e77af7ad4b1c000174a106f","5e5be6e13ded5600346f0995","5e36d8ad63074c0017317b6c","5e2a735229904c0017bcd191","5e0fad6f39b6380017c4939c","5e0fb43cd1c4720017505a86","5e0fb730bdfc340017997118","5e0fba90cd0005001763ac35","5e0fbb0bd72e020017c249e5","5e24033c8d492a003bb0cc72","5e2403e437364c00345b6735"],"styles":{"galleryType":"Columns","groupSize":1,"showArrows":true,"cubeImages":true,"cubeType":"fill","cubeRatio":1.3333333333333333,"isVertical":true,"gallerySize":30,"collageAmount":0,"collageDensity":0,"groupTypes":"1","oneRow":false,"imageMargin":32,"galleryMargin":0,"scatter":0,"rotatingScatter":"","chooseBestGroup":true,"smartCrop":false,"hasThumbnails":false,"enableScroll":true,"isGrid":true,"isSlider":false,"isColumns":false,"isSlideshow":false,"cropOnlyFill":false,"fixedColumns":1,"enableInfiniteScroll":true,"isRTL":false,"minItemSize":50,"rotatingGroupTypes":"","rotatingCropRatios":"","columnWidths":"","gallerySliderImageRatio":1.7777777777777777,"numberOfImagesPerRow":1,"numberOfImagesPerCol":1,"groupsPerStrip":0,"borderRadius":0,"boxShadow":0,"gridStyle":1,"mobilePanorama":false,"placeGroupsLtr":false,"viewMode":"preview","thumbnailSpacings":4,"galleryThumbnailsAlignment":"bottom","isMasonry":false,"isAutoSlideshow":false,"slideshowLoop":false,"autoSlideshowInterval":4,"bottomInfoHeight":0,"titlePlacement":"SHOW_ON_THE_RIGHT","galleryTextAlign":"center","scrollSnap":false,"itemClick":"nothing","fullscreen":true,"videoPlay":"hover","scrollAnimation":"NO_EFFECT","slideAnimation":"SCROLL","scrollDirection":0,"scrollDuration":400,"overlayAnimation":"FADE_IN","arrowsPosition":0,"arrowsSize":23,"watermarkOpacity":40,"watermarkSize":40,"useWatermark":true,"watermarkDock":{"top":"auto","left":"auto","right":0,"bottom":0,"transform":"translate3d(0,0,0)"},"loadMoreAmount":"all","defaultShowInfoExpand":1,"allowLinkExpand":true,"expandInfoPosition":0,"allowFullscreenExpand":true,"fullscreenLoop":false,"galleryAlignExpand":"left","addToCartBorderWidth":1,"addToCartButtonText":"","slideshowInfoSize":200,"playButtonForAutoSlideShow":false,"allowSlideshowCounter":false,"hoveringBehaviour":"NEVER_SHOW","thumbnailSize":120,"magicLayoutSeed":1,"imageHoverAnimation":"NO_EFFECT","imagePlacementAnimation":"NO_EFFECT","calculateTextBoxWidthMode":"PERCENT","textBoxHeight":0,"textBoxWidth":200,"textBoxWidthPercent":50,"textImageSpace":10,"textBoxBorderRadius":0,"textBoxBorderWidth":0,"loadMoreButtonText":"","loadMoreButtonBorderWidth":1,"loadMoreButtonBorderRadius":0,"imageInfoType":"ATTACHED_BACKGROUND","itemBorderWidth":1,"itemBorderRadius":0,"itemEnableShadow":false,"itemShadowBlur":20,"itemShadowDirection":135,"itemShadowSize":10,"imageLoadingMode":"BLUR","expandAnimation":"NO_EFFECT","imageQuality":90,"usmToggle":false,"usm_a":0,"usm_r":0,"usm_t":0,"videoSound":false,"videoSpeed":"1","videoLoop":true,"jsonStyleParams":"","gallerySizeType":"px","gallerySizePx":940,"allowTitle":true,"allowContextMenu":true,"textsHorizontalPadding":-30,"itemBorderColor":{"themeName":"color_12","value":"rgba(243,243,243,0.75)"},"showVideoPlayButton":true,"galleryLayout":2,"targetItemSize":940,"selectedLayout":"2|bottom|1|fill|true|0|true","layoutsVersion":2,"selectedLayoutV2":2,"isSlideshowFont":false,"externalInfoHeight":0,"externalInfoWidth":0.5},"container":{"width":940,"galleryWidth":972,"galleryHeight":0,"scrollBase":0,"height":null}}

RISK & CYBERSECURITY

Thoughts from the Field