Quit Talking About "Security Culture" – Fix Org Culture!
I have a pet peeve. Ok, I have several, but nonetheless, we're going to talk about one of them today. That pet peeve is security professionals wasting time and energy pushing a "security culture" agenda. This practice of talking about ... Read More
Introducing Behavioral Information Security
I recently had the privilege of attending BJ Fogg's Behavior Design Boot Camp. For those unfamiliar with Fogg's work, he started out doing research on Persuasive Technology back in the 90s, which has become the basis for most modern uses ... Read More
Confessions of an InfoSec Burnout
Soul-crushing failure. If asked, that is how I would describe the last 10 years of my career, since leaving AOL. I made one mistake, one bad decision, and it's completely and thoroughly derailed my entire career. Worse, it's unclear if ... Read More
On Titles, Jobs, and Job Descriptions (Not All Roles Are Architects)
Folks: Please stop calling every soup-to-nuts, everything-but-the-kitchen-sink security job a "security architect" role. It's harmful to the industry and it's doing you no favors trying to find the right resources. In fact, please stop posting these "one role does everything ... Read More
Reflection on Working From Home
In a moment of introspection last night, it occurred to me that working from home tends to amplify any perceived slight or sources of negativity. Most of my "human" interactions are online only, which - for this extrovert - means ... Read More