Growth that Builds, Growth that Breaks

You've probably heard it said that "healthy things grow". That's not true. Cancer also grows. What we can say for sure is that alive (or dynamic) things grow; whether that growth is beneficial or destructive is a different question.

AI Risks: Net-New or Amplifier?

Track the risks. Just make sure that the risks are the actual risks, so that the problems you fix are the actual problems.

How Focusing on Strategy Perpetuates the Problem

Strategy is easy. Execution is where the wheels come off.

Cybersecurity is a System

China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.

From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security

From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.

How to Build a Thriving Career in Cybersecurity (and beyond)…Without Burning Out

I've learned most of these lessons the hard way. Here's 6 key things to consider.

Honest Self-Reflection for Security Leaders, Post-Breach: 3 Important Questions to Ask Yourself

There's never just one reason why a breach occurs, but leaders have a unique responsibility because they own budget, strategy, and prioritisation. Here are 3 questions to consider carefully.

G before RC

The order of the letters in "GRC" is not arbitrary. If you don't Govern your environment well, you cannot manage Risk and Compliance well. 

The True Scope of Posture Management

What's the true scope of posture management? You'll know you're on the right path when the security org is more focused on Prevention Engineering than on Detection (and Response) Engineering.

Growth that Builds, Growth that Breaks

You've probably heard it said that "healthy things grow". That's not true. Cancer also grows. What we can say for sure is that alive (or dynamic) things grow; whether that growth is beneficial or destructive is a different question.

The Now-and-Not-Yet Tension in our Careers

Remember the medieval quarry worker’s creed: “We who cut mere stones must always be envisioning cathedrals.” You're both the quarry worker, and the stones. The question is, what are you building?

AI Risks: Net-New or Amplifier?

Track the risks. Just make sure that the risks are the actual risks, so that the problems you fix are the actual problems.

Cybersecurity is a System

China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.