• Phil Venables

3 Year Review

I’ve been doing this blog for around 3 years, largely succeeding in posting every 2 weeks. I have learnt a lot in this process and I fully endorse that the act of writing things down for other people does dramatically help your own clarity of thinking. What has been most interesting and actually quite amusing is how off the mark I am in predicting what will be the most popular posts vs. the posts I am most happy with. So, at this three year mark here are the Top 5 posts by popularity and my own Top 5 personal favorites.


Reader's Top 5

1. Cybersecurity and the Curse of Binary Thinking (21.9k+ views)


This was a very popular post largely I think because most people are frustrated by the polarization of many subjects, often driven by media / social media. We live in a world of nuance, we all generally appreciate that. But each day we are presented with binary choices and views.


2. 10 Fundamental but Really Hard Security Metrics (10k views)


A lot of the resonance with this centered on our collective need to find leading not lagging indicators/metrics for security. I got some negative feedback on this which essentially boiled down to these metrics are really hard. Yes, I even said that in the title. Ultimately I think the effort will be worth it because of the beneficial outcome of hitting targets associated with those metrics but, mainly, also because the mere act of trying to measure these will also improve the security situation even if you can never actually get to the goal.


3. Secrets of Successful Security Programs - Part 1 (8.5k views)


Surprisingly this one was more popular than the Part 2 which followed it, which had a lot more practical detail on running a security program.


4. Selling into a Crisis: Rights and Wrongs (8.4k views)


Written at the beginning of the Covid-19 pandemic, I posted this because I was starting to see a lot of unfortunate sales tactics seeming to exploit the crisis.


5. Cybersecurity the Board’s Perspective (6.8k views)


Board and Risk engagement has been a thread across many posts and this topic it seems is always interesting for CISOs and other security professionals alike.


Phil’s Top 5

1. The Uncanny Valley of Security (or why we might never finish anything) (2.5k views)


It surprises me more people didn’t react to this, I see this type of uncanny valley everywhere. I think it is at the core of pretty of much every problem we have. Perhaps I need to explore and write about it more to further develop the idea.


2. If Accounting Were Like Cybersecurity (2.3k views)


One of my rare attempts at trying to write something with a bit of humor. I still think it is funny. But, like accounting itself, perhaps it’s not a laughing matter.


3.Secrets of Successful Security Programs - Part 2 (5k views)


This is a great summary of the essential points across many other posts. One of the posts I often refer to for reference.


4. 10 Fundamental but Really Hard Security Metrics (10k views)


I enjoyed writing this one as it gave me a great excuse to bring together a number of ideas I’d been thinking about for quite a while - many of which I am seeing pressure tested in real organizations. Interestingly this is the only post on both lists.


5. Is Complexity the Enemy of Security (3.2k views)


One of my favorite topics. Enough said.





2,958 views0 comments

Recent Posts

See All

I typically don’t do book reviews, but this book was impressive and it resonated with many information security and risk management topics. To take a step back, I’ve developed a distaste for business

Some of you in the US, and maybe others, might be familiar with the ongoing, somewhat self-deprecating, Jeff Foxworthy skit of “You might be a redneck”. If not, then watch a few minutes of this video

How much of your work that you would like to describe as a “grand” challenge is really more of a “grind”? As an industry we like to talk of grand challenges, moonshots and other grandiose terms. At on