Career Advice and Professional Development
I often get asked for advice about careers and professional development. Unfortunately I don't have the time to do this in person, except...
Search
- May 21
- 7 min
Defense in Depth
Defense in depth is a well accepted security principle. Intuitively, it stipulates there should be multiple lines of controls so as to...
3,780
- May 8
- 9 min
Regulatory Relationships
For some reason there have been a few people already in or moving into highly regulated industries, like finance or healthcare, that have...
1,459
- Apr 21
- 3 min
The Stress and Joy of Security Jobs - Updated
There’s a lot going on in the world from conflict, crime, economic and many other pressures. Many of these matters have security...
3,100
- Apr 9
- 9 min
10 Fundamental (but really hard) Security Metrics
As an industry we have been trying to deal with the issue of security metrics for a long time. I’ve written about this here, and in the...
12,497
- Mar 26
- 7 min
Resilience is about Capabilities not Plans - Updated
Over the past 2 years, since I wrote the first version of this post, we’ve had a lot of opportunity to test our collective resilience....
3,591
- Mar 12
- 9 min
Human Error
Human error is not an explanation, rather it is something to be explained. In analyzing and learning from incidents, not just security...
2,398
- Feb 26
- 4 min
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
3,569
- Feb 12
- 18 min
Organizational Politics
At every stage in your career and in every part of your role you are going to have to deal with organizational politics. By this, I don’t...
7,095
- Jan 29
- 16 min
Secrets of Successful Security Programs - Part 2
As introduced in the last post, a successful security program is made up of two distinct elements: A series of episodic big bets that...
5,619
- Jan 15
- 11 min
Secrets of Successful Security Programs - Part 1
A successful security program (although I imagine this advice could apply to any discipline) is made up of two distinct elements: A...
9,797
- Jan 1
- 7 min
The Obvious CISO : Don’t Overlook the Simple
There is a great little book I read recently, “Obvious Adams - The Story of a Successful Businessman", it’s available on Amazon, but it’s...
1,564