Posts

  • Leadership During An Incident

    Leadership During An Incident

    At some point in your CSO career you are going to have to deal with and lead through an incident. Here are some things I have found helpful. Know Your Role Unless you work at a very small company, I argue your role is not to be hands on keyboard during an incident. You shouldn’t… Read more

  • Do You Need A Degree To Work In Cyber?

    Do You Need A Degree To Work In Cyber?

    In the timeless debate of What qualifications are needed to work in security? (or even the broader IT sector), I want to first start off by saying there are no hard rules. I am not going to gate keep people from the industry by stating you have to have a degree or specific certifications. On… Read more

  • Techniques For Influencing & Changing Security Culture

    Techniques For Influencing & Changing Security Culture

    Throughout my career I’ve participated in varying degrees of organizational maturity with respect to security. This has involved moving from the datacenter to the cloud, moving between different cloud providers, moving to a ZeroTrust architecture, creating a security program from scratch and maturing existing security programs. During each of these experiences I learned valuable lessons… Read more

  • Chip War Book Afterthoughts

    Chip War Book Afterthoughts

    I recently read Chip War by Chris Miller and found it to be a thought provoking exploration of the global supply chain for semi conductors. Most interesting was the historical context and economic analysis of the complexities of the current semi conductor supply chain and how the United States has wielded this technology as an… Read more

  • Your CISO Has Career Goals Too

    Your CISO Has Career Goals Too

    I’ve been thinking about performance reviews lately and how they are a time for you to receive feedback from your manager about how you have performed over a specific time period. It is an opportunity for the employee to communicate achievements that demonstrate growth and it is also a time for the manager to give… Read more

  • Defining Your Security Organization

    Defining Your Security Organization

    Whether you are inheriting an existing security team, or building an entirely new function, one of the first things you should do after building a strategic plan and creating an organization plan is to define what you want your security organization to look like. This step builds upon the organization plan by defining what each… Read more