RISK & CYBERSECURITY

Security is an emergent property of the complex systems we inhabit. In other words, security isn’t a thing that you do, rather it's a...

Unless you’re doing continuous or quarterly budgeting, which some organizations do, then you’ll no doubt be getting ready for the long...

As an industry we spend a lot of time talking about workforce development and skills shortages. However, we tend not to talk about how to...

Many of us have to regularly speak in public at a range of events large and small, public and private, staged and ad-hoc. As your career...

Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...

There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...

I have always struggled to balance work and life. Many years ago I realized I wasn’t so much struggling to achieve an effective balance,...

Maturing a security program in any type of organization is not just to increase specific control effectiveness but also to increase its...

Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this...

In the last post we talked about the challenges and opportunities of using individual and organizational incentives to ensure effective...

Force 6 : People, organizations and AI respond to incentives and inherent biases but not always the ones we think are rational. //...

Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...