top of page
Search
Leadership, Business, Security and Risk Reading List
This is my list of favorite books across the various professional disciplines I’m interested in. I have a set of favorite books that are...
Apr 24, 20211 min read
3,153 views
"Hell Yes, or No" vs. "Soft Yes, and Fast Quit"
I am a big fan of the concept of saying, “Hell Yes, or No” to decide whether to do something or not. Derek Sivers has written well about...
Feb 27, 20213 min read
3,787 views
Research Challenges in Info/Cybersecurity - Part 1: “Silicon"
This is the first of a two part post on research challenges centered on systems, computer science and engineering research challenges....
Jan 30, 20215 min read
1,003 views
Privilege Management Program - Governance
I can’t recall having seen an overview of a systematized privilege management program. There are lots of great articles on specific...
Dec 19, 20205 min read
2,375 views
Scenario Planning - The Best Technique You Might Not Be Using
Scenario planning is one of the most underutilized techniques in security. Which is surprising given how effective it is in [good]...
Nov 22, 20205 min read
2,671 views
Vulnerability Management - Updated
It still surprises me that much of the tone of vulnerability management is about patch/bug fix vs. detecting broader configuration and...
Oct 13, 20202 min read
2,251 views
The Rising Tide and the Case for Security Optimism
Continuing with the theme of raising the baseline by reducing the cost of control we can see the next logical progression is that the...
Sep 20, 20203 min read
858 views
Taking Inventories to the Next Level - Reconciliation and Triangulation
We know it is important to have good inventories across all of the assets we care about in an enterprise. For security purposes this is,...
Sep 6, 20203 min read
1,273 views
Crypto isn’t the Only Cyber Issue in a Post Quantum World
Let’s assume general purpose quantum computers that can operate usefully at scale are coming. I think a reasonable timeframe is 15 years....
May 17, 20203 min read
696 views
Think Twice Before Switching Off Controls : Chesterton's Fence
Chesterton's Fence is a cautionary tale to make sure that before you change things you actually understand their purpose. This is...
May 9, 20202 min read
2,604 views
Dealing with the Deluge of Vendors
Everyone is deluged with approaches from product and service vendors, small and large. Even vendors struggle to keep track of who their...
Feb 2, 20205 min read
1,556 views
Operational Resilience
The Bank of England has recently released a sequence of consultation papers, after an earlier discussion paper, laying out a framework...
Jan 19, 20204 min read
2,506 views
Predictions and Calls to Action
It’s that time of year for all the predictions of what to expect for the next year, and now - the next decade. I’m generally not a fan of...
Jan 1, 20203 min read
135 views
Shrines of Failure
I was at an event recently where one participant talked passionately about a disaster they had that they have since preserved artifacts...
Nov 10, 20191 min read
670 views
Vulnerability Management
I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of...
Sep 1, 20192 min read
231 views
Coding Skills and Security
I've increasingly found, with respect to coding, security has come full circle. Those of us who started in the 80's/90's had to code (or...
May 24, 20191 min read
819 views
Technology - Retrospective
In the late 1980’s I was a developer using virtualized systems and containers, software defined networks, thin-client end points that...
Feb 12, 20192 min read
634 views
bottom of page