Crucial Questions from CIOs and CTOs
In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...
top of page
Search
- Jul 31, 2022
- 11 min
Crucial Questions from CEOs and Boards
Over the past few years I have done a lot of speaking at conferences, events and small group settings for Board directors and corporate...
5,447
- Jul 16, 2022
- 3 min
3 Year Review
I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...
3,084
- Jul 2, 2022
- 5 min
The Reporting Line of Security Teams / CISOs - Updated
This can be an emotive topic for many people. It is one, I’ve found, colored more by dogma than nuance (as it seems with many things...
4,365
- Jun 18, 2022
- 6 min
Are Security Analogies Counterproductive?
Do analogies actually help us or do they set back our ability to drive change? On the face of it they are a useful explanatory tool, as...
1,820
- Jun 4, 2022
- 8 min
Career Advice and Professional Development
I often get asked for advice about careers and professional development. Unfortunately I don't have the time to do this in person, except...
7,443
- May 21, 2022
- 7 min
Defense in Depth
Defense in depth is a well accepted security principle. Intuitively, it stipulates there should be multiple lines of controls so as to...
4,484
- May 8, 2022
- 9 min
Regulatory Relationships
For some reason there have been a few people already in or moving into highly regulated industries, like finance or healthcare, that have...
1,493
- Apr 21, 2022
- 3 min
The Stress and Joy of Security Jobs - Updated
There’s a lot going on in the world from conflict, crime, economic and many other pressures. Many of these matters have security...
3,134
- Apr 9, 2022
- 9 min
10 Fundamental (but really hard) Security Metrics
As an industry we have been trying to deal with the issue of security metrics for a long time. I’ve written about this here, and in the...
13,140
- Mar 26, 2022
- 7 min
Resilience is about Capabilities not Plans - Updated
Over the past 2 years, since I wrote the first version of this post, we’ve had a lot of opportunity to test our collective resilience....
3,647
- Mar 12, 2022
- 9 min
Human Error
Human error is not an explanation, rather it is something to be explained. In analyzing and learning from incidents, not just security...
2,424
bottom of page