CISO & Cyber Leaders

Long the domain of ex-developers, application security as its own discipline is maturing and beginning to gain interest from traditional…

As information security professionals, we love the easy answers when easy is available. We should because, well, there is so little that…

Application security is finally getting the visibility the discipline deserves. Multiple blog posts and new books are bringing the craft…

Servant leadership seems to be a growing buzzword in cyber security.

As cyber practitioners, we are often keen on activity. The problem is that activity doesn’t always move our cyber program if the activity…

The internet makes finding examples of sound leadership principles easy. Finding examples of great leadership within the cyber security…

Presenting complex programs such as 24x7 monitoring is often a multi-slide exercise that does little to help executives or the Board to…

Is the cyber security team performing their duty, if, without further action, they accept any cyber risk that could potentially put the…

In the bosom of one of those spacious second-tier digitally transformed technology tax zones that dot the coast, you can find the small…

Good standards governance requires the definition of sound policies that include both best practice and good practice. But, defining…

Leading a successful application security program would be so much more effective and easy if there was a “security as a business…

Distracting work. Disruptive work. Unplanned work. Call it what you want.

How often do you hear about cyber security teams being busy to the point of being overworked? I’d say fairlyoften. People tell me that…

Every record in every machine and instance in your organization’s infrastructure has a value. The 2019 IBM Ponemon Report estimates the…

There is a bit of comfort for cyber security blue teams in defending traditional physical infrastructure. We’ve known how to defend legacy…

Starting or re-building a cyber security program by focusing on low hanging fruit makes a lot of sense. As the most popular metaphor for…

The cyber security consultants and social media luminaries like to say that “cyber security is everyone’s job.” A great statement and…

A great thread on Twitter recently asked, “what would be the first 3 things you’d do if a company hires you to help them improve their…

It’s natural that orgs will fall back to bad or even unsafe practice even after governance is put in place. That movement can be fast and…

Our physical security colleagues seem to understand some things better than cyber security practitioners. This better understanding tends…

Hiring a great cyber security team is hard. My view in this post is from a cyber security management and executive perspective as I’m not…

Sun Tzu, the great military philosopher once wrote, “”every battle is won or lost before it’s ever fought”. Back in my day, this military…

Imagine a world in which cyber security programs could generate goodwill instead of obstacles.

There is an old leadership metaphor about having the choice of being a bug or being the windshield.