Selling into a Crisis (Rights and Wrongs)
It can be irritating to receive e-mails from vendors during a time of crisis, like now, with the spin that their products can help. It is...
Search
- Mar 1, 2020
- 3 min
Cybersecurity Macro Themes for the 2020's
In this coming decade there will be 5 major themes that differentiate great security programs, products, features and processes. These...
1,977 views
- Feb 2, 2020
- 5 min
Dealing with the Deluge of Vendors
Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their...
1,425 views
- Jan 24, 2020
- 2 min
The Leading Indicators of a Great Info/Cybersecurity Program
It can be hard to effectively assess, with a suitable degree of rigor, the security of your suppliers, counter-parties or companies you...
1,822 views
- Jan 1, 2020
- 3 min
Predictions and Calls to Action
It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...
104 views
- Dec 1, 2019
- 3 min
Insider Threat Risk - Blast Radius Perspective
The management of insider threats is a complex and often under-thought process - people who work on it appreciate the subtlety and...
185 views
- Nov 24, 2019
- 2 min
Alternative Risk Management Strategies.
Much focus of risk mitigation is about implementing controls: preventative, detective and reactive. This is necessary in most cases, and...
169 views
- Nov 10, 2019
- 1 min
Shrines of Failure
I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
616 views
- Oct 26, 2019
- 1 min
Career Longevity & "The Don't Fire Me Chart"
To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...
1,580 views
- Oct 5, 2019
- 2 min
The Stress and Joy of Security Jobs
A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...
1,370 views
- Sep 29, 2019
- 3 min
Cybersecurity is not the only Technology Risk
Cybersecurity is not the only technology risk, in fact, when you total up actual losses it is likely not even the biggest risk. Although...
328 views
- Sep 15, 2019
- 3 min
Security Program Tactics
When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...
247 views
- Sep 1, 2019
- 2 min
Vulnerability Management
I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...
98 views
- Aug 17, 2019
- 2 min
Cybersecurity as a First Class Business Risk
I see a lot of commentary on the need to “treat cyber/info-security as a business issue not an IT issue”. The problem is it implies that...
192 views
- Jul 21, 2019
- 2 min
Fundamental Drivers of Information Security Risk
As I get older and (hopefully) wiser it has become ever more apparent that all the issues and risks we face arise from a small number of...
211 views
- Jun 9, 2019
- 3 min
The Reporting Line of Security Teams / CISOs
Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking...
1,093 views
- May 24, 2019
- 1 min
Coding Skills and Security
I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or...
425 views
- May 24, 2019
- 3 min
Cybersecurity Workforce Development
It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...
101 views