The Fish, the Fishbowl, and All the Things We Thought We Knew
The fishbowl distorts perception, but in a way which confirms our biases. How does this hurt us in security and transformation, and what should we do about it?
culturaltransformation
7 posts
Business Leaders: How to Help the Technologists to Help You
We all sometimes need to be reminded that security risk is not the only risk, and sometimes not even the most important risk, that a business faces.
It’s Time to Retire “Attackers Only Have to be Right Once; Defenders Have to be Right 100% of the Time”, and Here’s Why
Along with "people are the weakest link", this phrase has been shaping unhealthy cultures in security for years. It's time to stop saying it, and here's why.
G before RC
The order of the letters in "GRC" is not arbitrary. If you don't Govern your environment well, you cannot manage Risk and Compliance well.
What Moves the Cyber Resilience Needle the Most? It’s Probably Not What You Think
It's simple, but it's not easy: if you change the tech but not the culture, none of the gains you realize in the short term will be sustainable in the long term.
Honest Self-Reflection for Security Leaders, Post-Breach: 3 Important Questions to Ask Yourself
There's never just one reason why a breach occurs, but leaders have a unique responsibility because they own budget, strategy, and prioritisation. Here are 3 questions to consider carefully.
3 Reasons Security Folks Roll Their Eyes When They Hear “Zero Trust”
The principles still matter, more than almost everything else in security...even if we're tired of hearing about it.