top of page
Search
Jul 27, 20247 min read
33 Computer Programs That Changed the World
This is a slight departure from my normal security and risk management topics, but is something I’ve been getting more interested in....
2,155
Jul 13, 20245 min read
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
3,840
Jun 29, 202410 min read
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
1,931
Jun 15, 20245 min read
Going Faster: Isochrones and “Time to Hello World”
When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...
1,273
Jun 1, 20248 min read
Incentives for Security: Flipping the Script
We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5...
4,323
May 18, 20244 min read
The Crucial Test of Security Leadership: A-grades vs. Pass/Fail
A major success marker of great security leaders and their teams is one simple prioritization technique: the ability to know what needs...
2,468
May 4, 202410 min read
Where the Wild Things Are: Second Order Risks of AI
Every major technological change is heralded with claims of significant, even apocalyptic, risks. These almost never turn out to be...
4,959
Apr 20, 202410 min read
Security and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...
4,288
Apr 6, 20246 min read
A Letter from the Future
A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to...
4,870
Mar 23, 202410 min read
InfoSec Hard Problems
We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed...
4,349
Mar 9, 20246 min read
DevOps and Security
Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...
2,155
Feb 24, 202413 min read
The Power of Community: 5 Steps to Fast-Track Your InfoSec Career
As we start out, or even when entering a new stage of our careers, we realize the need to be connected to a professional community. For...
2,631
bottom of page