Lessons in Crisis Management - Top 10 Disaster Movies
I’ve previously posted about some of the best security movies made but I have to confess I’m not a big fan of the genre. They tend not...
top of page
Search
Nov 213 min read
Risk Appetite and Risk Tolerance - A Practical Approach
If you work for a large organization, especially public or otherwise regulated companies, then you may well have faced the prospect of...
4,548 views
Sep 78 min read
6 Truths of Cyber Risk Quantification
I wrote the original version of this post over 4 years ago. In revisiting this it is interesting to note that not much has actually...
5,357 views
Aug 1016 min read
Security Training & Awareness - 10 Essential Techniques
Security training is often considered a bit of a waste of time. Maybe this is unfair, but unsurprising in the face of the worst forms of...
7,063 views
Jul 135 min read
Why Good Security Fails: The Asymmetry of InfoSec Investment
One of the many paradoxes of security is that when you have invested appropriately (sometimes at significant expense) and you have less...
3,677 views
Jun 2910 min read
Human Error
Several years after writing the first version of this blog I still see a repeated pattern of problematic events attributed to human...
1,866 views
May 184 min read
The Crucial Test of Security Leadership: A-grades vs. Pass/Fail
A major success marker of great security leaders and their teams is one simple prioritization technique: the ability to know what needs...
2,372 views
May 410 min read
Where the Wild Things Are: Second Order Risks of AI
Every major technological change is heralded with claims of significant, even apocalyptic, risks. These almost never turn out to be...
4,824 views
Mar 96 min read
DevOps and Security
Each year, DevOps Research and Assessment (DORA) within Google Cloud publishes the excellent State of DevOps report. The 2023 report...
2,128 views
Feb 105 min read
The 80 / 20 Principle
Ever since I first became familiar with the 80/20 principle, and other circumstances marked by Pareto distributions, I began to see...
3,093 views
Dec 30, 20235 min read
Top Ideas and Posts from 2023
Thankfully I managed to keep up the pace of 1 post every 2 weeks throughout 2023. Just when I think I might be running out of ideas, and...
2,028 views
Oct 21, 202312 min read
Career Development: 13 Formative Moments (Part 2)
The skills for your role and your leadership style build up throughout your career. But I’ve found, personally and in talking to others,...
1,116 views
Sep 23, 20237 min read
Is Complexity the Enemy of Security?
Since the last post about leverage points in managing complex systems I thought it would be good to revisit and update a post from a few...
2,331 views
Sep 9, 202314 min read
Leverage Points - A Cybersecurity Perspective
Security is an emergent property of the complex systems we inhabit. In other words, security isn’t a thing that you do, rather it's a...
2,863 views
Jul 15, 202313 min read
Resilience Engineering - Step by Step
Resilience Engineering: Concepts and Precepts is an excellent collection of standalone essays, woven into a consistent whole on the...
2,611 views
Jul 1, 20233 min read
AI Consequence and Intent - Second Order Risks
There is a lot of good discussion and emerging methods to manage the risks of AI in various forms from training data protection, model...
1,281 views
May 20, 202310 min read
You Only Get 3 Metrics - Which Ones Would You Pick?
Just over a year ago I put out this blog post on the 10 fundamental (but really hard) security metrics. Since then I’ve discussed this...
8,882 views
May 7, 202313 min read
The Illusion of Choice : A Review
In the last post we talked about the challenges and opportunities of using individual and organizational incentives to ensure effective...
3,639 views
Apr 22, 20238 min read
People and Security Incentives
Force 6 : People, organizations and AI respond to incentives and inherent biases but not always the ones we think are rational. //...
1,647 views
Apr 7, 20238 min read
Handling Complexity
Force 5 : Complex Systems break in Unpredictable Ways // Central Idea: While component level simplicity is vital, seeking to eliminate...
2,500 views
bottom of page