top of page
Search
Feb 26, 20224 min read
Controls - Updated
I wrote the first version of this post nearly 3 years ago. It is interesting that since then much of it remains true. Oddly, it also...
4,262
Feb 12, 202218 min read
Organizational Politics
At every stage in your career and in every part of your role you are going to have to deal with organizational politics. By this, I don’t...
7,908
Jan 29, 202216 min read
Secrets of Successful Security Programs - Part 2
As introduced in the last post, a successful security program is made up of two distinct elements: A series of episodic big bets that...
6,280
Jan 15, 202211 min read
Secrets of Successful Security Programs - Part 1
A successful security program (although I imagine this advice could apply to any discipline) is made up of two distinct elements: A...
10,837
Jan 1, 20227 min read
The Obvious CISO : Don’t Overlook the Simple
There is a great little book I read recently, “Obvious Adams - The Story of a Successful Businessman", it’s available on Amazon, but it’s...
1,722
Dec 18, 20213 min read
Risk Megatrends - Updated
Megatrends are long-term, large-scale forces that shape the world around us. They are the driving forces that have tactical consequences...
2,720
Dec 4, 20218 min read
How is the Security Profession Doing?
I spoke on a CIISEC panel a few months ago about the state of the information security profession. This post is based on remarks I made...
2,680
Nov 20, 20214 min read
Security Program Tactics - Updated
When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects in...
2,416
Nov 6, 20216 min read
Slipstreaming : Business Tactics for Security & Control Implementation
One of the most frequent cybersecurity binary thinking curses is that just because senior leadership in organizations won’t do every...
1,661
Oct 22, 20214 min read
Conferences and the Wider Security Eco System Culture - Toxic or Not?
This could be part of another whole series on the curse of binary thinking so please read this in that tone. In other words, I’m trying...
927
Oct 9, 20213 min read
The Leading Indicators of a Great Info/Cybersecurity Program - Updated
As we see more incidents occurring, whether ransomware, data breaches or fraud, many thoughts turn to how to know whether those we do...
4,482
Sep 25, 20214 min read
Cyber Deterrence : A Simple Perspective
Cyber deterrence is a topic that comes in and out of vogue. It is widely studied but often misunderstood. It also suffers tremendously...
1,518
bottom of page