I was recently reminded of a pretty pervasive problem that often sneaks in to our worlds as security. That problem is the myth of the isolated project. It often starts simply enough (and if you have kids, you should recognize these warning signs): “It’s just this one time. I won’t ask you to do this […]
Afraid up-skilling your security team will train them for their next job?
There’s a negative, cynical and sometimes, unfortunately true idea out there that if you pay for skills development with your security team, you’re throwing money away because people are milking you to help them get their next job. There’s a couple of things to say about this. First, yep. It’s true. And it’s not […]
In retrospect…we could’ve spent more on cybersecurity
This evening, my wife and I finally got around to watching Laundromat. If you haven’t seen it, it’s really quite good—along with the similar series on Amazon Prime about the international financial system. And, it’s partially narrated by the most recent voice of both Zorro and Puss…in Boots, so really, what’s not to love? As […]
Cybersecurity measurement lessons from a famous French chef
This weekend, I had a problem. And that problem was a hungry family, a beautiful roast and how to not screw it up. Now you might remember that I like to cook, and I’m interested in learning how to do things properly. So, that means I like to get optimal results when I’m cooking anything—even, […]
“The business” doesn’t care about cybersecurity
I recently had a conversation with someone who was lamenting about how difficult it was to connect and to communicate with “the business”—you know, the “everyone who isn’t in IT or Security” part of the organization… …that same organization you’re busting your backside every day to protect and keep safe. Yeah, those people. Now maybe […]
