AI Risks: Net-New or Amplifier?
Track the risks. Just make sure that the risks are the actual risks, so that the problems you fix are the actual problems.
risk
16 posts
Cybersecurity is a System
China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.
You Can Be Profound, or You Can Be Effective—Pick One
The pressure to be profound is such a stumbling block in our industry. It emphasises the sophisticated over…
Here’s What You Should Do Today About All These Outages: Nothing
Smart leaders don't react, they respond. Now is not the time to wax poetic about the world we left behind, or follow the reactionists backwards towards a demonstrably worse risk position.
From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security
From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.
Vulnerability Management: Reactionary Security FUD At Its Worst
There's no such thing as a critical vulnerability, generically. There's only a critical vulnerability that can be exploited in your environment, specifically.
“Materiality” Relies on Risk Quantification—Which Is Why Many Businesses Struggle to Understand It
The ambiguity of "materiality" is an invitation to risk management maturity.
Security and Compliance Aren’t the Same—But They Both Have the Same Objective
Two lenses, same objective: risk management.
Connect/Okta and Identity Sync Hardening
One area commonly overlooked (by defenders, but not by attackers) is identity sync infrastructure. If you harden your AD but don't do this, you are wasting your time.
G before RC
The order of the letters in "GRC" is not arbitrary. If you don't Govern your environment well, you cannot manage Risk and Compliance well.