top of page
Search
Risk Management is not only about Reducing Risk - Updated
This is an update from a post of a couple of years ago prompted by some recent observations from a few different organizations. It seems...
Aug 27, 20213 min read
3,222
Risk = Hazard + Outrage
There are four major insights that, above all others, have influenced my approach to security and risk management over the past decades....
Aug 14, 20219 min read
5,065
CISO: Archeologist, Historian or Explorer?
We talk about attackers being the enemy. Sometimes we talk about insider threats. But one of our biggest enemies is pernicious...
Jul 30, 20217 min read
2,264
Cybersecurity - The Board's Perspective
How Boards, especially public company Boards, oversee cybersecurity is a crucial but difficult topic. This previous post discussed how...
Jul 16, 20218 min read
8,782
Cybersecurity and the Curse of Binary Thinking
Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly,...
Jul 3, 20216 min read
23,854
The Actual Cybersecurity Workforce Challenge
We continuously hear about the millions of unfilled cybersecurity roles, although I’ve yet to see a study that actually supports that...
Jun 19, 20217 min read
5,615
Relationship Management for the InfoSec Program
A key part of any security leader's role is relationship management. In my experience this is another one of those leadership skills that...
Jun 5, 20216 min read
2,581
Segmentation Technologies / Zero Trust
I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
May 22, 20212 min read
1,444
Cloud Security
In a few of my posts I've talked about the economy of scale of the cloud is fundamentally changing the game of security. The pace of...
May 13, 20211 min read
840
Is Complexity the Enemy of Security?
One of the many pieces of accepted wisdom in information/cybersecurity is that complexity is the enemy of security. But is it? You...
May 8, 20217 min read
4,231
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
Apr 24, 20211 min read
3,164
Security Leaders Guide to Managing Stress
Security is a tough job. But it is not uniquely so. Our colleagues in risk, safety, compliance, privacy, and many other disciplines have...
Apr 10, 20216 min read
3,008
bottom of page