Handling Complexity
Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...
top of page
Search
- Mar 25
- 7 min
Fighting Security Entropy
Force 4 : Entropy is King // Central Idea: Adopting a control reliability engineering mindset by continuous control monitoring is...
2,084
- Mar 12
- 9 min
Attack Surface Management
Force 3 : Services want to be on // Central Idea: Take architectural steps to inherently reduce your attack surface - don’t just rely...
3,011
- Feb 25
- 8 min
Software Security is More than Vulnerabilities
Force 2 : Code wants to be wrong // Central Idea: Shift from a pure focus on only reducing security vulnerabilities towards increasing...
1,900
- Feb 11
- 8 min
Data Security and Data Governance
Force 1: Information wants to be free // Central Idea: Shift from perimeter based surveillance and tactical blocking to data governance...
1,732
- Jan 28
- 2 min
The 6 Fundamental Forces of Information Security Risk
I first posted this as a Twitter thread in 2019. These forces still seem very much current - perhaps even more so. It is interesting to...
3,992
- Jan 14
- 12 min
Ceremonial Security and Cargo Cults
There is a lot of conventional security that is based on established ceremonies and an unquestioning faith that if we keep doing these...
17,151
- Dec 31, 2022
- 7 min
Simple Ways to Communicate Successes
It’s that time of year when you’ve inevitably written notes to your organization and leadership about all your team’s achievements over...
4,950
- Dec 17, 2022
- 3 min
Dangerous Embedded Assumptions
There is a notion I keep coming back to thanks to this article from a few years ago. The essence is that there are things that have...
1,543
- Dec 3, 2022
- 8 min
The Uncanny Valley of Security - Updated
Since I first wrote this post 2 years ago I keep seeing it reinforced. The basic premise is that, sometimes, advanced levels of security...
4,608
- Nov 19, 2022
- 13 min
A New Way to Think : Review
I typically don’t do book reviews, but this book was impressive and it resonated with many information security and risk management...
2,547
- Nov 5, 2022
- 4 min
How to Tell if You Really are an InfoSec Professional
Some of you in the US, and maybe others, might be familiar with the ongoing, somewhat self-deprecating, Jeff Foxworthy skit of “You might...
9,331
bottom of page