RISK & CYBERSECURITY

This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I have a regular set of go to books both for myself and what I recommend to others at all stages in their career. Here they all are with...

Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the...

Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in...

I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog...

If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...

This is a slight departure from my normal security and risk management topics, but is something I’ve been getting more interested in....

Every major technological change is heralded with claims of significant, even apocalyptic, risks. These almost never turn out to be...

There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...

Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...

Thankfully I managed to keep up the pace of 1 post every 2 weeks throughout 2023. Just when I think I might be running out of ideas, and...

Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...

There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...

Force 2 : Code wants to be wrong // Central Idea: Shift from a pure focus on only reducing security vulnerabilities towards increasing...

Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...

In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...

In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...

I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...

I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...