Rational Cybersecurity New Year Update
Updating the public on cybersecurity trends is not a trivial matter. At least to me, it is a vast potential topic space. Let’s outline it here and communicate further in the New Year.
My World and Rational Cybersecurity
After a… Continue reading
Rational Cybersecurity Webcast: Applying the 80-20 Rule
As I worked on Rational Cybersecurity for Business, I became fascinated with this question: How can we find a way to gain 80% of the benefits for 20% of the work? Considering that cybersecurity has so many moving parts… Continue reading
The Cybersecurity Business Alignment Framework for Architecture
To ensure security architectures are relevant, you can define them using the Cybersecurity Business Alignment Framework provided in the Multi-Cloud Security Reference Architecture (“refarch”), Rational Cybersecurity for Business (“the book”), and a few other tools.
Which is Easier: Aligning Business to Security, or Security to Business?
Which is Easier: Getting Businesspeople to think in terms of Security, getting Security Teams to think in terms of Business? While security leaders should work both angles, I say the correct answer to Alyssa Miller’s original question (below) is “B”.… Continue reading
At Long Last Rational Cybersecurity Publishes!
I’m so excited to finally announce that “Rational Cybersecurity for Business: The Security Leaders’ Guide to Business Alignment” is live.
You can now buy a paperback, or get a complimentary digital download here.

Why I Wrote the… Continue reading
Going the Extra Mile for Rational Cybersecurity
Successful security leaders don’t quit in the face of obstacles. They go the extra mile for their security program and understand that cybersecurity isn’t just a technical problem. It’s a people and organizational problem. That makes it critical to align… Continue reading
Where Should the CISO Report?
When the CISO doesn’t report at the right level of an organization, misalignment between security, IT, the business, and the larger public ecosystems it serves will surely result. Such misalignment often leads to dire consequences, increasing the chance of breaches… Continue reading
Rational Cybersecurity Workshop
The Challenge
Is your security organization struggling with skills shortages, budgets, conflicting priorities, a complex IT security environment, a lack of stakeholder buy-in and internal customer adoption, or all the above?
Statistics collected from surveys described in the book “… Continue reading
How to Define Security for Your Business
Could it be that a simple misunderstanding of what cybersecurity means is creating much of the disconnect between business and security leaders that often makes security programs ineffective? According to one security leader who’s worked as a Chief Information Security… Continue reading
Identity Management Resources
Welcome to Rational Cybersecurity for Business Readers
The is a landing page for readers of my book who are interested in identity and access management (IAM). We identified “Control Access with Minimal Drag on the Business” as one of the… Continue reading