The Leading Indicators of a Great Info/Cybersecurity Program - Updated
As we see more incidents occurring, whether ransomware, data breaches or fraud, many thoughts turn to how to know whether those we do...
top of page
Search
Sep 25, 20214 min read
Cyber Deterrence : A Simple Perspective
Cyber deterrence is a topic that comes in and out of vogue. It is widely studied but often misunderstood. It also suffers tremendously...
1,517 views
Sep 12, 20218 min read
If Accounting were like Cybersecurity
It has always struck me how well the field of finance and more specifically accounting has done to standardize on its terms. This...
2,812 views
Aug 27, 20213 min read
Risk Management is not only about Reducing Risk - Updated
This is an update from a post of a couple of years ago prompted by some recent observations from a few different organizations. It seems...
3,158 views
Jul 30, 20217 min read
CISO: Archeologist, Historian or Explorer?
We talk about attackers being the enemy. Sometimes we talk about insider threats. But one of our biggest enemies is pernicious...
2,240 views
Jul 3, 20216 min read
Cybersecurity and the Curse of Binary Thinking
Working in information/cybersecurity and technology risk is a fascinating and challenging career, as I’ve covered here. There is, mostly,...
23,787 views
Jun 19, 20217 min read
The Actual Cybersecurity Workforce Challenge
We continuously hear about the millions of unfilled cybersecurity roles, although I’ve yet to see a study that actually supports that...
5,588 views
May 22, 20212 min read
Segmentation Technologies / Zero Trust
I first came across the notion of doctrine vs. structure in this depiction about the relative positioning of tanks from some blog or...
1,429 views
May 13, 20211 min read
Cloud Security
In a few of my posts I've talked about the economy of scale of the cloud is fundamentally changing the game of security. The pace of...
831 views
May 8, 20217 min read
Is Complexity the Enemy of Security?
One of the many pieces of accepted wisdom in information/cybersecurity is that complexity is the enemy of security. But is it? You...
4,205 views
Apr 24, 20211 min read
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
3,039 views
Mar 27, 20215 min read
Cybersecurity : The Winner’s Game and The Loser’s Game
There is a seminal paper in finance by Charles Ellis called the The Loser’s Game which, in simple terms, foretells the move from active...
2,324 views
Mar 13, 20214 min read
Return on Investment for Security
The concept of return on investment (ROI) for security has bugged me for a long time. Not because it isn’t a laudable goal. Of course,...
5,523 views
Feb 13, 20214 min read
Research Challenges in Info/Cybersecurity - Part 2: “Carbon”
This is the second part of the post from 2 weeks ago, which explored research challenges in Info/Cybersecurity related to systems:...
835 views
Jan 30, 20215 min read
Research Challenges in Info/Cybersecurity - Part 1: “Silicon"
This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
996 views
Jan 17, 20213 min read
Situational Drivers of Cyber-Risk
Many years ago I wrote down a list of the drivers that create information / cyber-risk or that otherwise compel the need to mitigate this...
2,073 views
Dec 19, 20205 min read
Privilege Management Program - Governance
I can’t recall having seen an overview of a systematized privilege management program. There are lots of great articles on specific...
2,305 views
Dec 13, 20208 min read
Security Ratings: Love, Loathe or Live With Them?
Security ratings services tend to be loved or loathed. Loved if you consume them and it makes your job easier, especially if you have no...
4,150 views
Dec 6, 20206 min read
The Seat at the Table: Integrating Security into your Business
The success of a security program is largely determined by how well it is integrated into the fabric of the organization, in terms of...
2,036 views
Nov 29, 20203 min read
Simple Rules of (InfoSec) Career Success - Updated
Over the years I've noted the behaviors I’ve seen from consistently successful people. In this context I define success as a balance of...
1,639 views
bottom of page