top of page
Search
Risk Appetite and Risk Tolerance - A Practical Approach
If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...
Nov 2, 202413 min read
7,194
Threat Hunting: Real World vs. Cyber World
It’s puzzling that there aren’t more articles comparing and contrasting wildlife hunting techniques with cyber threat hunting, or maybe...
Oct 19, 20247 min read
1,678
Job Interviews: Part 2 Conducting the Security Interview - The Big 10
This is the second of two posts about interviews (the first post is here ). In this one I’ll focus on interviewing candidates and the...
Oct 5, 202417 min read
4,114
Job Interviews: Part 1 Acing the Security Interview - 10 Top Tips
This is the first of two posts about interviews. In this one I’ll focus on interviewing for a role. In the next one we’ll look at how to...
Sep 21, 202411 min read
3,984
6 Truths of Cyber Risk Quantification
I wrote the original version of this post over 4 years ago. In revisiting this it is interesting to note that not much has actually...
Sep 7, 20248 min read
6,232
Ethics and Computer Security Research
If we are to keep advancing the fields of information / cybersecurity, technology risk management and resilience then we need to apply...
Aug 24, 20246 min read
546
Security Training & Awareness - 10 Essential Techniques
Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...
Aug 10, 202416 min read
7,850
33 Computer Programs That Changed the World
This is a slight departure from my normal security and risk management topics, but is something I’ve been getting more interested in....
Jul 27, 20247 min read
3,126
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
Jul 13, 20245 min read
3,964
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
Jun 29, 202410 min read
2,049
Going Faster: Isochrones and “Time to Hello World”
When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...
Jun 15, 20245 min read
1,296
Incentives for Security: Flipping the Script
We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5...
Jun 1, 20248 min read
4,473
bottom of page