Fifty Keys to Cybersecurity-Business Alignment
My book, Rational Cybersecurity for Business: The Security Leader’s Guide to Business Alignment contains 50 Keys to Alignment that accentuate the guidance. I’m writing about these keys in a “50 keys” blog series. This page conveniently summarizes all the keys… Continue reading
Don’t Press Pause on Security Architecture During the COVID-19 Shutdown
As the “COVID-19 shutdown” pushes businesses into what I call “forced digitalization” – with everyone teleworking – it could be easy for IT and security professionals to become all-consumed by basic operational issues. Just keeping the Virtual Private Networks (VPNs)… Continue reading
Waking Up to Cybersecurity’s New COVID-19 Reality
The COVID-19 pandemic is creating emergent risks and cybersecurity challenges. Chief Information Security Officers (CISOs) and other security organization leaders are on the firing line, finding themselves responsible for everything from remote access security to business continuity management (BCM) to… Continue reading
Place Information Risk Accountability at the Right Level
Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading
Rational Cybersecurity Open Access Book Announcement
Exciting News: I found the perfect publisher for Rational Cybersecurity for Business. Apress, a Springer Nature company, will be publishing my book in May 2020 through the ApressOpen program. This means the industry’s first comprehensive Security Leader’s Guide to… Continue reading
Cybersecurity Deficit: More than a Skills Shortage
New Services to Cut the Cybersecurity Strategy Deficit
As 2020 gets underway, we’re excited to announce a more modular and agile cybersecurity, identity management, and risk management consulting services catalog. More than ever the world needs rational cybersecurity leadership, business… Continue reading
Rational Cybersecurity Q2 Update
Since launching the Rational Cybersecurity for the Business book project to kick off the New Year, I’ve made great progress, completing more than 20 security leadership interviews, and drafts for 5 of the 10 chapters.
Rational Cybersecurity for the Business’s… Continue reading
Helping CISOs and Board Members Communicate on Risk: A Shared Assessments Summit 2019 Recap
Returning from the Shared Assessment Summit 2019 last week, I was struck by one repeated message: CISOs and Board of Directors members are still struggling to assess and communicate risk. Early in the Summit Agenda, a CISO Panel discussion… Continue reading
RSA 2019: Has Zero Trust Become an Impediment?
RSA CEO Rohit Ghai and former Chief Strategy Officer Niloofar Razi Howe’s keynote today could have been re-titled “Standing in the Bleak Landscape of Zero Trust.” It has become an impediment, they said.
Should I be defensive, having jumped on… Continue reading
FAIRCON Showcases Quantitative Risk Analysis on the Cusp of Adoption
At FAIRCON 2018, keynote speakers described FAIR as a quantitative risk analysis “movement” to change the way industry measures and manages risk. Deep, ongoing frustration in business and government circles with the seeming inability of increased cybersecurity spending to stop… Continue reading