3 Year Review
I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...
top of page
Search
- Jul 2, 2022
- 5 min
The Reporting Line of Security Teams / CISOs - Updated
This can be an emotive topic for many people. It is one, I’ve found, colored more by dogma than nuance (as it seems with many things...
5,269
- Jun 18, 2022
- 6 min
Are Security Analogies Counterproductive?
Do analogies actually help us or do they set back our ability to drive change? On the face of it they are a useful explanatory tool, as...
2,111
- Jun 4, 2022
- 8 min
Career Advice and Professional Development
I often get asked for advice about careers and professional development. Unfortunately I don't have the time to do this in person, except...
7,702
- May 21, 2022
- 7 min
Defense in Depth
Defense in depth is a well accepted security principle. Intuitively, it stipulates there should be multiple lines of controls so as to...
5,281
- May 8, 2022
- 9 min
Regulatory Relationships
For some reason there have been a few people already in or moving into highly regulated industries, like finance or healthcare, that have...
1,645
- Apr 21, 2022
- 3 min
The Stress and Joy of Security Jobs - Updated
There’s a lot going on in the world from conflict, crime, economic and many other pressures. Many of these matters have security...
3,208
- Apr 9, 2022
- 9 min
10 Fundamental (but really hard) Security Metrics
As an industry we have been trying to deal with the issue of security metrics for a long time. I’ve written about this here, and in the...
15,921
- Mar 26, 2022
- 7 min
Resilience is about Capabilities not Plans - Updated
Over the past 2 years, since I wrote the first version of this post, we’ve had a lot of opportunity to test our collective resilience....
3,758
- Mar 12, 2022
- 9 min
Human Error
Human error is not an explanation, rather it is something to be explained. In analyzing and learning from incidents, not just security...
2,502
- Feb 26, 2022
- 4 min
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
4,047
- Feb 12, 2022
- 18 min
Organizational Politics
At every stage in your career and in every part of your role you are going to have to deal with organizational politics. By this, I don’t...
7,648
bottom of page