RISK & CYBERSECURITY

Thoughts from the Field
  • HOME

  • ABOUT

  • RECENT EVENTS & PUBLICATIONS

  • More

    Use tab to navigate through the menu items.
    • Instagram - White Circle
    • All Posts
    • Leadership
    • Risk
    • Cybersecurity
    • Technology
    Search
    • Nov 24, 2019
    • 2 min

    Alternative Risk Management Strategies.

    Much focus of risk mitigation is about implementing controls: preventative, detective and reactive. This is necessary in most cases, and...
    250
    • Nov 17, 2019
    • 2 min

    Simple Rules of (InfoSec) Career Success

    Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of...
    225
    • Nov 10, 2019
    • 1 min

    Shrines of Failure

    I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
    630
    • Oct 26, 2019
    • 1 min

    Career Longevity & "The Don't Fire Me Chart"

    To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...
    2,606
    • Oct 20, 2019
    • 2 min

    Risk Management is not only about Reducing Risk

    It seems most risk and security programs, and instruction on how to run risk and security programs, focus exclusively on assessing risk,...
    425
    • Oct 5, 2019
    • 2 min

    The Stress and Joy of Security Jobs

    A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...
    1,466
    • Sep 29, 2019
    • 3 min

    Cybersecurity is not the only Technology Risk

    Cybersecurity is not the only technology risk, in fact, when you total up actual losses it is likely not even the biggest risk. Although...
    421
    • Sep 15, 2019
    • 3 min

    Security Program Tactics

    When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...
    322
    • Sep 1, 2019
    • 2 min

    Vulnerability Management

    I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...
    136
    • Aug 17, 2019
    • 2 min

    Cybersecurity as a First Class Business Risk

    I see a lot of commentary on the need to “treat cyber/info-security as a business issue not an IT issue”. The problem is it implies that...
    242
    • Aug 12, 2019
    • 3 min

    Controls

    Many well-known security incidents appear to have a common pattern. They are not the result of some awesome attacker capability to...
    598
    • Jul 21, 2019
    • 2 min

    Fundamental Drivers of Information Security Risk

    As I get older and (hopefully) wiser it has become ever more apparent that all the issues and risks we face arise from a small number of...
    284
    567
    8
    9
    Subscribe for updates.

    Thanks for submitting!

    © 2020 Philip Venables.