top of page
Search
Aug 26, 20236 min read
Security Budgets - Supply and Demand
Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long...
4,335
Aug 12, 20234 min read
Building Balanced Security Teams - Updated
As an industry we spend a lot of time talking about workforce development and skills shortages. However, we tend not to talk about how to...
2,945
Jul 29, 202314 min read
Confessions of a Public Speaker - Tips for Security Practitioners
Many of us have to regularly speak in public at a range of events large and small, public and private, staged and ad-hoc. As your career...
6,006
Jul 15, 202313 min read
Resilience Engineering - Step by Step
Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...
2,632
Jul 1, 20233 min read
AI Consequence and Intent - Second Order Risks
There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...
1,287
Jun 17, 202319 min read
Work / Life Balance
I have always struggled to balance work and life. Many years ago I realized I wasn’t so much struggling to achieve an effective balance,...
9,019
Jun 3, 20238 min read
Delivering Security at Scale: From Artisanal to Industrial
Maturing a security program in any type of organization is not just to increase specific control effectiveness but also to increase its...
7,063
May 20, 202310 min read
You Only Get 3 Metrics - Which Ones Would You Pick?
Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this...
9,012
May 7, 202313 min read
The Illusion of Choice : A Review
In the last post we talked about the challenges and opportunities of using individual and organizational incentives to ensure effective...
3,665
Apr 22, 20238 min read
People and Security Incentives
Force 6 : People, organizations and AI respond to incentives and inherent biases but not always the ones we think are rational. //...
1,651
Apr 7, 20238 min read
Handling Complexity
Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...
2,509
Mar 25, 20237 min read
Fighting Security Entropy
Force 4 : Entropy is King // Central Idea: Adopting a control reliability engineering mindset by continuous control monitoring is...
2,421
bottom of page