Software Security is More than Vulnerabilities
Force 2 : Code wants to be wrong // Central Idea: Shift from a pure focus on only reducing security vulnerabilities towards increasing...
top of page
Search
- Sep 24, 2022
- 6 min
Essential Attributes of Security Leadership
Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...
2,916 views
- Aug 27, 2022
- 23 min
Crucial Questions from CISOs and Security Teams
In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...
5,762 views
- Aug 13, 2022
- 13 min
Crucial Questions from CIOs and CTOs
In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...
4,436 views
- Jul 16, 2022
- 3 min
3 Year Review
I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...
3,103 views
- Feb 26, 2022
- 4 min
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
3,700 views
- Sep 12, 2021
- 8 min
If Accounting were like Cybersecurity
It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...
2,586 views
- May 22, 2021
- 2 min
Segmentation Technologies / Zero Trust
I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
1,366 views
- Apr 24, 2021
- 1 min
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
2,661 views
- Feb 27, 2021
- 3 min
"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"
I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about...
3,045 views
- Jan 30, 2021
- 5 min
Research Challenges in Info/Cybersecurity - Part 1: “Silicon"
This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
968 views
- Dec 19, 2020
- 5 min
Privilege Management Program - Governance
I can’t recall having seen an overview of a systematized privilege management program. There are lots of great articles on specific...
1,909 views
- Nov 22, 2020
- 5 min
Scenario Planning - The Best Technique You Might Not Be Using
Scenario planning is one of the most underutilized techniques in security. Which is surprising given how effective it is in [good]...
2,189 views
- Oct 13, 2020
- 2 min
Vulnerability Management - Updated
It still surprises me that much of the tone of vulnerability management is about patch/bug fix vs. detecting broader configuration and...
1,964 views
- Sep 20, 2020
- 3 min
The Rising Tide and the Case for Security Optimism
Continuing with the theme of raising the baseline by reducing the cost of control we can see the next logical progression is that the...
821 views
- Sep 6, 2020
- 3 min
Taking Inventories to the Next Level - Reconciliation and Triangulation
We know it is important to have good inventories across all of the assets we care about in an enterprise. For security purposes this is,...
1,061 views
- May 17, 2020
- 3 min
Crypto isn’t the Only Cyber Issue in a Post Quantum World
Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years....
659 views
- May 9, 2020
- 2 min
Think Twice Before Switching Off Controls : Chesterton's Fence
Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is...
1,898 views
- Feb 2, 2020
- 5 min
Dealing with the Deluge of Vendors
Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their...
1,502 views
- Jan 19, 2020
- 4 min
Operational Resilience
The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework...
2,319 views
bottom of page