You Can Be Profound, or You Can Be Effective—Pick One
The pressure to be profound is such a stumbling block in our industry. It emphasises the sophisticated over…
principles
13 posts
What England’s Underwhelming Team of Football All-Stars Can Teach Us About Cybersecurity
If you want to understand the platform vs best-of-breed debate, look no further than England's football team.
Understanding the Evolution of “Tier 0” in Modern Access Control Models
Does "Tier 0" still matter? Yes and no. Yes, as a principle; No, as an access control model. Here's what to do instead.
How to Build a Thriving Career in Cybersecurity (and beyond)…Without Burning Out
I've learned most of these lessons the hard way. Here's 6 key things to consider.
Security and Compliance Aren’t the Same—But They Both Have the Same Objective
Two lenses, same objective: risk management.
Connect/Okta and Identity Sync Hardening
One area commonly overlooked (by defenders, but not by attackers) is identity sync infrastructure. If you harden your AD but don't do this, you are wasting your time.
The Fish, the Fishbowl, and All the Things We Thought We Knew
The fishbowl distorts perception, but in a way which confirms our biases. How does this hurt us in security and transformation, and what should we do about it?
It’s Time to Retire “Attackers Only Have to be Right Once; Defenders Have to be Right 100% of the Time”, and Here’s Why
Along with "people are the weakest link", this phrase has been shaping unhealthy cultures in security for years. It's time to stop saying it, and here's why.
What Should be the North Star for Your Career Focus?
What voice do you want to have in the world? Never, ever give yourself so fully to what you're doing now that it undermines your development into who you want to become.
The Objective of Securing Privileged Access? To Protect the Business from the Admins
The most common privileged security gaps that attackers exploit come from sacrificing effective privileged admin security on the altar of operational convenience.