According to some old research from Ponemon and F5 I recently rediscovered today, 74% of the respondents to a 2017 survey said that their security programs weren’t aligned with the objectives of the businesses they were trying to protect. And even today, I spoke to a very modern bank in the middle of a massive […]
Stomping on the bridge of the cybersecurity trolls
Yesterday was a very exciting day on twitter for yours unruly. My “Speaking CEO” email from a few days back got some very interesting responses, not to mention some personal attacks and accusations of running a pyramid scheme because of the way the subscription page for the Security Sanity™ newsletter was written. A twello going […]
The 3 Little Kittens of effective security stakeholder interviewing
My daughter is 2-ish, and she loves to sing. In fact she and her brother both spend a lot of the time, walking around, or riding in the car, or just sitting, singing away with whatever song comes into their heads. It’s pretty cool (and they’re great singers). My daughter’s current favorites are “Rain, Rain, […]
“The business” doesn’t care about cybersecurity
I recently had a conversation with someone who was lamenting about how difficult it was to connect and to communicate with “the business”—you know, the “everyone who isn’t in IT or Security” part of the organization… …that same organization you’re busting your backside every day to protect and keep safe. Yeah, those people. Now maybe […]
Speaking CEO
One of the CISOs I follow on Twitter triumphantly tweeted (oohhhh….’lotta ‘literation there): “I think I managed to speak CEO effectively today.” And I think that’s great. It’s an achievement…and it’s also something that’s a bit like Steven Wright’s photo of Houdini locking his keys in his car—very rare. The question is, what are we […]
