Work / Life Balance
I have always struggled to balance work and life. Many years ago I realized I wasn’t so much struggling to achieve an effective balance,...
top of page
Search
- Jun 3
- 8 min
Delivering Security at Scale: From Artisanal to Industrial
Maturing a security program in any type of organization is not just to increase specific control effectiveness but also to increase its...
4,131
- May 20
- 10 min
You Only Get 3 Metrics - Which Ones Would You Pick?
Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this...
7,556
- May 7
- 13 min
The Illusion of Choice : A Review
In the last post we talked about the challenges and opportunities of using individual and organizational incentives to ensure effective...
3,331
- Apr 22
- 8 min
People and Security Incentives
Force 6 : People, organizations and AI respond to incentives and inherent biases but not always the ones we think are rational. //...
1,532
- Apr 7
- 8 min
Handling Complexity
Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...
2,394
- Mar 25
- 7 min
Fighting Security Entropy
Force 4 : Entropy is King // Central Idea: Adopting a control reliability engineering mindset by continuous control monitoring is...
2,201
- Mar 12
- 9 min
Attack Surface Management
Force 3 : Services want to be on // Central Idea: Take architectural steps to inherently reduce your attack surface - don’t just rely...
3,080
- Feb 25
- 8 min
Software Security is More than Vulnerabilities
Force 2 : Code wants to be wrong // Central Idea: Shift from a pure focus on only reducing security vulnerabilities towards increasing...
1,933
- Feb 11
- 8 min
Data Security and Data Governance
Force 1: Information wants to be free // Central Idea: Shift from perimeter based surveillance and tactical blocking to data governance...
1,764
- Jan 28
- 2 min
The 6 Fundamental Forces of Information Security Risk
I first posted this as a Twitter thread in 2019. These forces still seem very much current - perhaps even more so. It is interesting to...
4,106
- Jan 14
- 12 min
Ceremonial Security and Cargo Cults
There is a lot of conventional security that is based on established ceremonies and an unquestioning faith that if we keep doing these...
17,399
bottom of page