I know that a lot of people just don’t get the whole “customers of security” vibe I keep yapping on about, and some people still say the primary job of security is the enforcer not the advisor—including a rather long and otherwise well-written LinkedIn post I read last night. The thing is, I just don’t […]
Are you talkin’ to me?
One of the toughest things when you’re trying to understand what “security” is supposed to do is figuring out the right person to talk to. In some sense, it’s hard because a lot of security people are pretty technical, but it’s also kinda tricky because a lot of security people are introverts—although…this seems to be […]
The curse of the cyber hype
One of the subtler challenges of security is actually knowing the scope of your job. And it’s made trickier by this “cyber” hype disease we’ve collectively caught as an industry over the last few years. I think it’s actually sort of a function of the crisis of definition over the roles in a security program […]
Get more security by talking about it less
As you probably know, there’s no context-free definition of security (and if you didn’t, let this be a wake-up call for you). And one of the key things I talked about in last month’s issue of the newsletter is that the ultimate mission and purpose of security isn’t about you. I know…shocker, right? But yet, […]
Unlocking the “Mega Powers” of stakeholder interviewing
When I was in High School, there wasn’t Netflix, or Amazon Prime or even Cable TV the 5 miles outside of the nearest town in East-Central Illinois where I grew up. And this was the late ‘80s, so the options were limited to the 5 broadcast options we had: ABC, NBC, CBS, PBS and one […]
