top of page
Search
Ceremonial Security and Cargo Cults
There is a lot of conventional security that is based on established ceremonies and an unquestioning faith that if we keep doing these...
Jan 14, 202312 min read
18,856
Simple Ways to Communicate Successes
It’s that time of year when you’ve inevitably written notes to your organization and leadership about all your team’s achievements over...
Dec 31, 20227 min read
5,629
Dangerous Embedded Assumptions
There is a notion I keep coming back to thanks to this article from a few years ago. The essence is that there are things that have...
Dec 17, 20223 min read
1,600
The Uncanny Valley of Security - Updated
Since I first wrote this post 2 years ago I keep seeing it reinforced. The basic premise is that, sometimes, advanced levels of security...
Dec 3, 20228 min read
5,324
A New Way to Think : Review
I typically don’t do book reviews, but this book was impressive and it resonated with many information security and risk management...
Nov 19, 202213 min read
2,726
How to Tell if You Really are an InfoSec Professional
Some of you in the US, and maybe others, might be familiar with the ongoing, somewhat self-deprecating, Jeff Foxworthy skit of “You might...
Nov 5, 20224 min read
9,520
Grand Challenges or Grind Challenges
How much of your work that you would like to describe as a “grand” challenge is really more of a “grind”? As an industry we like to talk...
Oct 22, 202210 min read
1,935
Field Guide to the Various Communities of Security
Which part of the security community are you in? Often, when one part of the security community talks about the overall community they...
Oct 8, 20227 min read
3,164
Essential Attributes of Security Leadership
Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...
Sep 24, 20226 min read
3,366
Crucial Questions from Governments and Regulators
In this, fourth and final post in the series of Crucial Questions I’m going to focus on those from governments and regulators. This...
Sep 10, 202213 min read
1,855
Crucial Questions from CISOs and Security Teams
In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...
Aug 27, 202223 min read
6,696
Crucial Questions from CIOs and CTOs
In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...
Aug 13, 202213 min read
5,099
bottom of page