RISK & CYBERSECURITY

How much of your work that you would like to describe as a “grand” challenge is really more of a “grind”? As an industry we like to talk...

Which part of the security community are you in? Often, when one part of the security community talks about the overall community they...

Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and...

In this, fourth and final post in the series of Crucial Questions I’m going to focus on those from governments and regulators. This...

In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on...

In the last post I covered the crucial questions from Boards and executives. Here I will cover the questions I’m asked by CIOs, CTOs and...

Over the past few years I have done a lot of speaking at conferences, events and small group settings for Board directors and corporate...

I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I...

This can be an emotive topic for many people. It is one, I’ve found, colored more by dogma than nuance (as it seems with many things...

Do analogies actually help us or do they set back our ability to drive change? On the face of it they are a useful explanatory tool, as...

I often get asked for advice about careers and professional development. Unfortunately I don't have the time to do this in person, except...

Defense in depth is a well accepted security principle. Intuitively, it stipulates there should be multiple lines of controls so as to...