RISK & CYBERSECURITY

Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...

This is a slight departure from my normal security and risk management topics, but is something I’ve been getting more interested in....

One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...

Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...

When you strip away all the fluff, security succeeds when: You are moving quicker than attackers - mitigating specific attacks ahead of,...

We’re getting it wrong on the messaging for incentives to do security - and people are pretending it’s landing when it isn’t. There are 5...

A major success marker of great security leaders and their teams is one simple prioritization technique: the ability to know what needs...

Every major technological change is heralded with claims of significant, even apocalyptic, risks. These almost never turn out to be...

There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see...

A few weeks ago The White House published our PCAST report on cyber-physical resilience. Thank you for all the positive reactions to...

We still have plenty of open problems in information and cybersecurity (InfoSec). Many of these problems are what could easily be classed...

Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...