Who’s Threat Modeling the Threat Modelers?
When an org's security personnel carry out threat modeling exercises, they tend to make unconscious assumptions about the efficacy of their own security controls. This is dangerous.
The Objective of Securing Privileged Access? To Protect the Business from the Admins
The most common privileged security gaps that attackers exploit come from sacrificing effective privileged admin security on the altar of operational convenience.
Healthy Work/Life Balance: 4 Critical Questions to Ask Yourself—And Your Employer
4 questions to help you assess where you are, and what to do about it.
How (not) to Waste Your Time Chasing Vulnerabilities
There is a very good chance that your vulnerability management efforts are not actually reducing your risk. The data tells us why.
Honest Self-Reflection for Security Leaders, Post-Breach: 3 Important Questions to Ask Yourself
There's never just one reason why a breach occurs, but leaders have a unique responsibility because they own budget, strategy, and prioritisation. Here are 3 questions to consider carefully.
3 Reasons Security Folks Roll Their Eyes When They Hear “Zero Trust”
The principles still matter, more than almost everything else in security...even if we're tired of hearing about it.
The Best Story I Bet You’ve Never Heard (aka Why There is a Statue of Lincoln in the Centre of Manchester)
Abraham Lincoln was a City fan.
Your Expensive PIM/PAM Solution Won’t Save You—But This Might
If <that one PAM tool everyone uses> was good enough on its own, then no one in banking would get hacked, because they all use it. Clearly there's more to the story.
Boy Were We (Mostly) Wrong (aka Security Reflections on a 2010 Cloud Model)
Ground-breaking paradigms from Jericho Forum are still meaningful today, but some more than others. How have things evolved since then, and why does it matter?