RISK & CYBERSECURITY

Much focus of risk mitigation is about implementing controls: preventative, detective and reactive. This is necessary in most cases, and...

I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...

To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...

A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...

Cybersecurity is not the only technology risk, in fact, when you total up actual losses it is likely not even the biggest risk. Although...

When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...

I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...

I see a lot of commentary on the need to “treat cyber/info-security as a business issue not an IT issue”. The problem is it implies that...

As I get older and (hopefully) wiser it has become ever more apparent that all the issues and risks we face arise from a small number of...

Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking...

I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or...

It is still somewhat frustrating that most of the dialog about the skills shortage in cybersecurity focuses, perhaps inevitably, on the...