• Phil Venables

3 Year Review

I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I fully endorse that the act of writing things down for other people does dramatically help your own clarity of thinking. What has been most interesting and actually quite amusing is how off the mark I am in predicting what will be the most popular posts vs. the posts I am most happy with. So, at this three year mark here are the Top 5 posts by popularity and my own Top 5 personal favorites.


Reader's Top 5

1. Cybersecurity and the Curse of Binary Thinking (21.9k+ views)


This was a very popular post largely I think because most people are frustrated by the polarization of many subjects, often driven by media / social media. We live in a world of nuance, we all generally appreciate that. But each day we are presented with binary choices and views.


2. 10 Fundamental but Really Hard Security Metrics (10k views)


A lot of the resonance with this centered on our collective need to find leading not lagging indicators/metrics for security. I got some negative feedback on this which essentially boiled down to these metrics are really hard. Yes, I even said that in the title. Ultimately I think the effort will be worth it because of the beneficial outcome of hitting targets associated with those metrics but, mainly, also because the mere act of trying to measure these will also improve the security situation even if you can never actually get to the goal.


3. Secrets of Successful Security Programs - Part 1 (8.5k views)


Surprisingly this one was more popular than the Part 2 which followed it, which had a lot more practical detail on running a security program.


4. Selling into a Crisis: Rights and Wrongs (8.4k views)


Written at the beginning of the Covid-19 pandemic, I posted this because I was starting to see a lot of unfortunate sales tactics seeming to exploit the crisis.


5. Cybersecurity the Board’s Perspective (6.8k views)


Board and Risk engagement has been a thread across many posts and this topic it seems is always interesting for CISOs and other security professionals alike.


Phil’s Top 5

1. The Uncanny Valley of Security (or why we might never finish anything) (2.5k views)


It surprises me more people didn’t react to this, I see this type of uncanny valley everywhere. I think it is at the core of pretty of much every problem we have. Perhaps I need to explore and write about it more to further develop the idea.


2. If Accounting Were Like Cybersecurity (2.3k views)


One of my rare attempts at trying to write something with a bit of humor. I still think it is funny. But, like accounting itself, perhaps it’s not a laughing matter.


3.Secrets of Successful Security Programs - Part 2 (5k views)


This is a great summary of the essential points across many other posts. One of the posts I often refer to for reference.


4. 10 Fundamental but Really Hard Security Metrics (10k views)


I enjoyed writing this one as it gave me a great excuse to bring together a number of ideas I’d been thinking about for quite a while - many of which I am seeing pressure tested in real organizations. Interestingly this is the only post on both lists.


5. Is Complexity the Enemy of Security (3.2k views)


One of my favorite topics. Enough said.





2,581 views0 comments

Recent Posts

See All

Since I first wrote this back in 2021 (titled "CISO: Archeologist, Historian or Explorer?") it seems ever more true that complex and pernicious dependencies are at the heart of most security risks. Th

In this, fourth and final post in the series of Crucial Questions I’m going to focus on those from governments and regulators. This builds on the topics covered before: Crucial Questions from CISOs an

In this, third in a series of Crucial Questions posts I’m going to focus on the questions from CISOs and security teams. This builds on many related topics covered in the two prior posts on crucial qu