What we Can Learn from the SolarWinds Supply Chain Breach
Defending the Digital Election Infrastructure
Someday we’ll conduct elections fully online, but to do that we’ll require a more secure digital election infrastructure. As the U.S. 2020 election process ramps up, technology plays an increasing role. Organizations engaged in the political process must strengthen cybersecurity… Continue reading
At Long Last Rational Cybersecurity Publishes!
I’m so excited to finally announce that “Rational Cybersecurity for Business: The Security Leaders’ Guide to Business Alignment” is live.
You can now buy a paperback, or get a complimentary digital download here.

Why I Wrote the… Continue reading
Going the Extra Mile for Rational Cybersecurity
Successful security leaders don’t quit in the face of obstacles. They go the extra mile for their security program and understand that cybersecurity isn’t just a technical problem. It’s a people and organizational problem. That makes it critical to align… Continue reading
Cleaning up Risk and Technical Debt in the Wake of the Pandemic
IT staff and developers have had to rework many business processes and applications to operate entirely online, and built up a lot of technical debt in the process. Sooner or later, they’ll need to re-architect and re-factor to reduce the… Continue reading
Fifty Keys to Cybersecurity-Business Alignment
My book, Rational Cybersecurity for Business: The Security Leader’s Guide to Business Alignment contains 50 Keys to Alignment that accentuate the guidance. I’m writing about these keys in a “50 keys” blog series. This page conveniently summarizes all the keys… Continue reading
Don’t Press Pause on Security Architecture During the COVID-19 Shutdown
As the “COVID-19 shutdown” pushes businesses into what I call “forced digitalization” – with everyone teleworking – it could be easy for IT and security professionals to become all-consumed by basic operational issues. Just keeping the Virtual Private Networks (VPNs)… Continue reading
Waking Up to Cybersecurity’s New COVID-19 Reality
The COVID-19 pandemic is creating emergent risks and cybersecurity challenges. Chief Information Security Officers (CISOs) and other security organization leaders are on the firing line, finding themselves responsible for everything from remote access security to business continuity management (BCM) to… Continue reading
Place Information Risk Accountability at the Right Level
Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading
Rational Cybersecurity Open Access Book Announcement
Exciting News: I found the perfect publisher for Rational Cybersecurity for Business. Apress, a Springer Nature company, will be publishing my book in May 2020 through the ApressOpen program. This means the industry’s first comprehensive Security Leader’s Guide to… Continue reading