Career Longevity & "The Don't Fire Me Chart"
To fix anything sustainably requires long term action. This is especially true in technology risk and cybersecurity. The trouble is this...
Search
- Oct 20, 2019
- 2 min
Risk Management is not only about Reducing Risk
It seems most risk and security programs, and instruction on how to run risk and security programs, focus exclusively on assessing risk,...
471
- Oct 5, 2019
- 2 min
The Stress and Joy of Security Jobs
A few months ago there was this whole thing about the stress of security roles, CISOs self-medicating, and a whole range of burn-out...
1,487
- Sep 29, 2019
- 3 min
Cybersecurity is not the only Technology Risk
Cybersecurity is not the only technology risk, in fact, when you total up actual losses it is likely not even the biggest risk. Although...
440
- Sep 15, 2019
- 3 min
Security Program Tactics
When starting or reinvigorating a security program, focus on a small number of meta-objectives that can have sustained outsize effects -...
354
- Sep 1, 2019
- 2 min
Vulnerability Management
I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...
155
- Aug 17, 2019
- 2 min
Cybersecurity as a First Class Business Risk
I see a lot of commentary on the need to “treat cyber/info-security as a business issue not an IT issue”. The problem is it implies that...
270
- Aug 12, 2019
- 3 min
Controls
Many well-known security incidents appear to have a common pattern. They are not the result of some awesome attacker capability to...
634
- Jul 21, 2019
- 2 min
Fundamental Drivers of Information Security Risk
As I get older and (hopefully) wiser it has become ever more apparent that all the issues and risks we face arise from a small number of...
305
- Jul 18, 2019
- 2 min
Threat Intelligence
Threat intelligence seems, at least to me, to get maligned too much. For many years I’ve found it an immensely useful element of an...
151
- Jun 9, 2019
- 3 min
The Reporting Line of Security Teams / CISOs
Having read many people’s strong-held views on this topic I thought I’d add to the mix. Despite a lot of people now inevitably thinking...
1,415
- May 24, 2019
- 1 min
Coding Skills and Security
I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or...
635