top of page
Search
Cybersecurity : The Winner’s Game and The Loser’s Game
There is a seminal paper in finance by Charles Ellis called the The Loser’s Game which, in simple terms, foretells the move from active...
Mar 27, 20215 min read
2,349
Return on Investment for Security
The concept of return on investment (ROI) for security has bugged me for a long time. Not because it isn’t a laudable goal. Of course,...
Mar 13, 20214 min read
5,559
"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"
I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about...
Feb 27, 20213 min read
3,790
Research Challenges in Info/Cybersecurity - Part 2: “Carbon”
This is the second part of the post from 2 weeks ago, which explored research challenges in Info/Cybersecurity related to systems:...
Feb 13, 20214 min read
838
Research Challenges in Info/Cybersecurity - Part 1: “Silicon"
This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
Jan 30, 20215 min read
1,003
Situational Drivers of Cyber-Risk
Many years ago I wrote down a list of the drivers that create information / cyber-risk or that otherwise compel the need to mitigate this...
Jan 17, 20213 min read
2,085
2020 Short Review
At the risk of being too understated, 2020 was an interesting year. In this blog I’ve covered many topics across the range of strategy...
Jan 2, 20211 min read
927
Privilege Management Program - Governance
I can’t recall having seen an overview of a systematized privilege management program. There are lots of great articles on specific...
Dec 19, 20205 min read
2,384
Security Ratings: Love, Loathe or Live With Them?
Security ratings services tend to be loved or loathed. Loved if you consume them and it makes your job easier, especially if you have no...
Dec 13, 20208 min read
4,167
The Seat at the Table: Integrating Security into your Business
The success of a security program is largely determined by how well it is integrated into the fabric of the organization, in terms of...
Dec 6, 20206 min read
2,065
Simple Rules of (InfoSec) Career Success - Updated
Over the years I've noted the behaviors I’ve seen from consistently successful people. In this context I define success as a balance of...
Nov 29, 20203 min read
1,651
Scenario Planning - The Best Technique You Might Not Be Using
Scenario planning is one of the most underutilized techniques in security. Which is surprising given how effective it is in [good]...
Nov 22, 20205 min read
2,689
bottom of page