top of page
Search
Leverage Points - A Cybersecurity Perspective
Security is an emergent property of the complex systems we inhabit. In other words, security isn’t a thing that you do, rather it's a...
Sep 9, 202314 min read
Â
Â
Security Budgets - Supply and Demand
Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long...
Aug 26, 20236 min read
Â
Â
Building Balanced Security Teams - Updated
As an industry we spend a lot of time talking about workforce development and skills shortages. However, we tend not to talk about how to...
Aug 12, 20234 min read
Â
Â
Confessions of a Public Speaker - Tips for Security Practitioners
Many of us have to regularly speak in public at a range of events large and small, public and private, staged and ad-hoc. As your career...
Jul 29, 202314 min read
Â
Â
Resilience Engineering - Step by Step
Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...
Jul 15, 202313 min read
Â
Â
AI Consequence and Intent - Second Order Risks
There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...
Jul 1, 20233 min read
Â
Â
Work / Life Balance
I have always struggled to balance work and life. Many years ago I realized I wasn’t so much struggling to achieve an effective balance,...
Jun 17, 202319 min read
Â
Â
Delivering Security at Scale: From Artisanal to Industrial
Maturing a security program in any type of organization is not just to increase specific control effectiveness but also to increase its...
Jun 3, 20238 min read
Â
Â
You Only Get 3 Metrics - Which Ones Would You Pick?
Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this...
May 20, 202310 min read
Â
Â
The Illusion of Choice : A Review
In the last post we talked about the challenges and opportunities of using individual and organizational incentives to ensure effective...
May 7, 202313 min read
Â
Â
People and Security Incentives
Force 6 : People, organizations and AI respond to incentives and inherent biases but not always the ones we think are rational. //...
Apr 22, 20238 min read
Â
Â
Handling Complexity
Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...
Apr 7, 20238 min read
Â
Â
bottom of page