top of page
Search
Dec 28, 20246 min read
Top Ideas and Posts from 2024
I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog...
1,091 views
Nov 2, 202413 min read
Risk Appetite and Risk Tolerance - A Practical Approach
If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...
6,112 views
Jul 27, 20247 min read
33 Computer Programs That Changed the World
This is a slight departure from my normal security and risk management topics, but is something I’ve been getting more interested in....
2,121 views
May 4, 202410 min read
Where the Wild Things Are: Second Order Risks of AI
Every major technological change is heralded with claims of significant, even apocalyptic, risks. These almost never turn out to be...
4,940 views
Apr 20, 202410 min read
Security and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...
4,281 views
Mar 9, 20246 min read
DevOps and Security
Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...
2,151 views
Dec 30, 20235 min read
Top Ideas and Posts from 2023
Thankfully I managed to keep up the pace of 1 post every 2 weeks throughout 2023. Just when I think I might be running out of ideas, and...
2,062 views
Jul 15, 202313 min read
Resilience Engineering - Step by Step
Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...
2,631 views
Jul 1, 20233 min read
AI Consequence and Intent - Second Order Risks
There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...
1,286 views
Feb 25, 20238 min read
Software Security is More than Vulnerabilities
Force 2 : Code wants to be wrong // Central Idea: Shift from a pure focus on only reducing security vulnerabilities towards increasing...
2,108 views
Sep 24, 20226 min read
Essential Attributes of Security Leadership
Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...
3,335 views
Aug 27, 202223 min read
Crucial Questions from CISOs and Security Teams
In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...
6,622 views
Aug 13, 202213 min read
Crucial Questions from CIOs and CTOs
In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...
5,047 views
Jul 16, 20223 min read
3 Year Review
I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...
3,259 views
Feb 26, 20224 min read
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
4,263 views
Sep 12, 20218 min read
If Accounting were like Cybersecurity
It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...
2,816 views
May 22, 20212 min read
Segmentation Technologies / Zero Trust
I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
1,433 views
Apr 24, 20211 min read
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
3,112 views
Feb 27, 20213 min read
"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"
I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about...
3,776 views
Jan 30, 20215 min read
Research Challenges in Info/Cybersecurity - Part 1: “Silicon"
This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
996 views
bottom of page