If Accounting were like Cybersecurity
It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...
Search
- Aug 27, 2021
- 3 min
Risk Management is not only about Reducing Risk - Updated
This is an update from a post of a couple of years ago prompted by some recent observations from a few different organizations. It seems...
2,546
- Aug 14, 2021
- 9 min
Risk = Hazard + Outrage
There are four major insights that, above all others, have influenced my approach to security and risk management over the past decades....
3,513
- Jul 30, 2021
- 7 min
CISO: Archeologist, Historian or Explorer?
We talk about attackers being the enemy. Sometimes we talk about insider threats. But one of our biggest enemies is pernicious...
1,990
- Jul 16, 2021
- 8 min
Cybersecurity - The Board's Perspective
How Boards, especially public company Boards, oversee cybersecurity is a crucial but difficult topic. This previous post discussed how...
7,191
- Jul 3, 2021
- 6 min
Cybersecurity and the Curse of Binary Thinking
Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly,...
22,326
- Jun 19, 2021
- 7 min
The Actual Cybersecurity Workforce Challenge
We continuously hear about the millions of unfilled cybersecurity roles, although I’ve yet to see a study that actually supports that...
5,339
- Jun 5, 2021
- 6 min
Relationship Management for the InfoSec Program
A key part of any security leader's role is relationship management. In my experience this is another one of those leadership skills that...
2,022
- May 22, 2021
- 2 min
Segmentation Technologies / Zero Trust
I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
1,325
- May 13, 2021
- 1 min
Cloud Security
In a few of my posts I've talked about the economy of scale of the cloud is fundamentally changing the game of security. The pace of...
693
- May 8, 2021
- 7 min
Is Complexity the Enemy of Security?
One of the many pieces of accepted wisdom in information/cybersecurity is that complexity is the enemy of security. But is it? You...
3,466
- Apr 24, 2021
- 1 min
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
2,528