Maximizing Happiness — For my entire career I’ve made conscious choices to move to the next organization, and likely the next job within a company. Or an unexpected opportunity has presented itself and I have chosen to jump at it. …

What is the purpose of a cybersecurity program, anyway? If we could all just agree on the answer to that question, life as a security leader would be so simple. If we could, as a profession, take the time to tell everyone else what the answer SHOULD be, that might…

In preparation for new SEC rules requiring cybersecurity expertise on public boards of directors, there has been a number of articles (like this one) lamenting that few CISOs have the executive experience or advanced degrees to serve as Directors. The prevailing sentiment is that CISOs are spending too much time…

Change your mind — FOMO: Fear of Missing Out People trained in the art of cybersecurity management spend a fair amount of time scanning the landscape, looking for things they don’t know much about, learning about new stuff (cough, AI, cough), and generally paying attention to the unknown. …

What should every person in cybersecurity know, and how? — Recently, I had the good fortune to be in a room with some really experienced, thoughtful, well-read cybersecurity professionals. …

Rules for Security Professionals To Live (and Die) By — What makes a good Security Leader? Certainly getting an award for security leadership is a dubious honor at best (if you must pay to get an award, do you deserve the award?). Being judged as a “good” leader is often left to the people who work near the leader —…

What Sticks With You? — When you decide to work in Security you automatically sign up to a professional life of continuous learning. Technologies, cultures and threats are constantly changing, and anyone who is trying to “do security” in this environment must keep up. Just because something is written (a book, a paper) or spoken…

Managing the security knowledge gap This article is about leading Security in an organization. I promise. But first, a story: When I decided to run my first marathon, I joined a running club, which grouped the runners according to speed. Each group had a pace coach — the person who…

The Pursuit of Bright, Shiny Security Things — “I have all the resources I need, doing all the right work” — said no security leader, ever. For most leaders running a security program, there is an ever-present sense that whatever they are doing isn’t enough, there is always more to do, there is some weakness that needs mitigating…