RISK & CYBERSECURITY

Thoughts from the Field
  • HOME

  • ABOUT

  • RECENT EVENTS & PUBLICATIONS

  • More

    Use tab to navigate through the menu items.
    • Instagram - White Circle
    • All Posts
    • Leadership
    • Risk
    • Cybersecurity
    • Technology
    Search
    • Feb 26
    • 4 min

    Controls - Updated

    I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
    3,177 views
    • Sep 12, 2021
    • 8 min

    If Accounting were like Cybersecurity

    It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...
    2,298 views
    • May 22, 2021
    • 2 min

    Segmentation Technologies / Zero Trust

    I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
    1,295 views
    • Apr 24, 2021
    • 1 min

    Leadership, Business, Security and Risk Reading List

    This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
    2,368 views
    • Feb 27, 2021
    • 3 min

    "Hell Yes, or No" vs. "Soft Yes, and Fast Quit"

    I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about...
    2,721 views
    • Jan 30, 2021
    • 5 min

    Research Challenges in Info/Cybersecurity - Part 1: “Silicon"

    This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
    950 views
    • Dec 19, 2020
    • 5 min

    Privilege Management Program - Governance

    I can’t recall having seen an overview of a systematized privilege management program. There are lots of great articles on specific...
    1,656 views
    • Nov 22, 2020
    • 5 min

    Scenario Planning - The Best Technique You Might Not Be Using

    Scenario planning is one of the most underutilized techniques in security. Which is surprising given how effective it is in [good]...
    1,838 views
    • Oct 13, 2020
    • 2 min

    Vulnerability Management - Updated

    It still surprises me that much of the tone of vulnerability management is about patch/bug fix vs. detecting broader configuration and...
    1,862 views
    • Sep 20, 2020
    • 3 min

    The Rising Tide and the Case for Security Optimism

    Continuing with the theme of raising the baseline by reducing the cost of control we can see the next logical progression is that the...
    791 views
    • Sep 6, 2020
    • 3 min

    Taking Inventories to the Next Level - Reconciliation and Triangulation

    We know it is important to have good inventories across all of the assets we care about in an enterprise. For security purposes this is,...
    947 views
    • May 17, 2020
    • 3 min

    Crypto isn’t the Only Cyber Issue in a Post Quantum World

    Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years....
    555 views
    • May 9, 2020
    • 2 min

    Think Twice Before Switching Off Controls : Chesterton's Fence

    Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is...
    954 views
    • Feb 2, 2020
    • 5 min

    Dealing with the Deluge of Vendors

    Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their...
    1,459 views
    • Jan 20, 2020
    • 4 min

    Operational Resilience

    The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework...
    2,279 views
    • Jan 1, 2020
    • 3 min

    Predictions and Calls to Action

    It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...
    124 views
    • Nov 10, 2019
    • 1 min

    Shrines of Failure

    I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
    630 views
    • Sep 1, 2019
    • 2 min

    Vulnerability Management

    I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...
    136 views
    • May 24, 2019
    • 1 min

    Coding Skills and Security

    I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or...
    557 views
    • Feb 12, 2019
    • 2 min

    Technology - Retrospective

    In the late 1980’s I was a developer using virtualized systems and containers, software defined networks, thin-client end points that...
    388 views
    Subscribe for updates.

    Thanks for submitting!

    © 2020 Philip Venables.