You Can Be Profound, or You Can Be Effective—Pick One
The pressure to be profound is such a stumbling block in our industry. It emphasises the sophisticated over…
33 posts
Here’s What You Should Do Today About All These Outages: Nothing
Smart leaders don't react, they respond. Now is not the time to wax poetic about the world we left behind, or follow the reactionists backwards towards a demonstrably worse risk position.
From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security
From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.
What England’s Underwhelming Team of Football All-Stars Can Teach Us About Cybersecurity
If you want to understand the platform vs best-of-breed debate, look no further than England's football team.
Microsoft CVEs, MITRE ATT&CK, and what Secure by Design Cannot Fix
Did you know that 70% of Microsoft CVEs between 2006-2018 were memory safety bugs? How hardware Secure by Design can help...and how it can't.
The Identity Lesson You Must Learn From Midnight Blizzard
Endpoint security is not the fulcrum around which you should be building. You'll miss a lot if you do.
Vulnerability Management: Reactionary Security FUD At Its Worst
There's no such thing as a critical vulnerability, generically. There's only a critical vulnerability that can be exploited in your environment, specifically.
The Missing Key To Understanding How the Midnight Blizzard Attack Worked
How does compromising an app in one tenant get you into another tenant? There is a key piece of info that will help you to understand.
“Materiality” Relies on Risk Quantification—Which Is Why Many Businesses Struggle to Understand It
The ambiguity of "materiality" is an invitation to risk management maturity.
Understanding the Evolution of “Tier 0” in Modern Access Control Models
Does "Tier 0" still matter? Yes and no. Yes, as a principle; No, as an access control model. Here's what to do instead.