RISK & CYBERSECURITY

This is part 2 of this 7 part series grouping together a set of prior posts into a particular theme.  Security Leadership Master Class 1 : Leveling up your leadership Security Leadership Master Class 2 : Dealing with the board and other executives Security Leadership Master Class 3 : Building a security program Security Leadership Master Class 4 : Enhancing or refreshing a security program  Security Leadership Master Class 5 : Getting hired and doing hiring Security Leadershi

This is the first of a 7 part series where I’ll group together a set of prior posts into a particular theme that will make it all the...

In a first for this blog here is a post I worked on with Mike Aiello , a former colleague from Goldman Sachs and Google and someone, like...

Cybersecurity is a field built on metaphor. We wage "cyber wars," build "digital fortresses," and practice "cyber hygiene." These phrases...

Apparently what Mike Tyson actually said in a 1987 interview was, " Everybody has plans until they get hit for the first time". In any...

I re-stumbled across this well-worn meme of the 7 deadly sins and social media so, as many of you come back from Las Vegas I thought it...

As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a...

One of the more common patterns of security program success vs. failure is how much leadership is prepared to stick with the work over...

I thought I’d try something different and share some thoughts on the Cyentia Institute’s latest report, the Information Risk Insights...

This is an update to a post from 2001 which I’m revisiting in part because some things have changed, but also because (surprisingly) much...

There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too...

I recently joined Clint Gibler (tl;dr sec) at RSA for a great discussion. In it we cover a wide array of topics from the challenge of...