Syndicated Blog

Ransomware isn’t a tech failure - it’s a market failure. If you think the hardest part is getting hacked, wait until the lawyers, insurers, and PR firms show up ...

Most security vendors are great — but a few cross the line from persistent to downright creepy, sometimes in ways you won’t believe. With RSA Conference looming, here’s a behind-the-scenes look at ...

When the French tried to solve Hanoi’s rat problem, they accidentally made it worse , and today’s cyber risk management is making the same mistake. Beneath the polished audits and colorful risk ...

AI-generated using ChatGPT Taking a Break (But Not Really)I haven’t blogged in a while. Life, as it does, got full - between work, family, and a growing need for balance, I found ...

This is a companion post for my talk titled, “Baby Steps: Easing your company into a quantitative cyber risk program.” This blog post contains links and resources to many of the items ...

Boats attacking whales | Source: New York Public Library Digital Collections I have a hypothesis about end-user security awareness training. Despite heavy investment, most - if not all - CISO’s wonder if ...

Nearly everyone has been in a situation that required us to form a hypothesis or draw a conclusion to make a decision with limited information. This kind of decision-making crops up in ...

Tune in to just about any cable talk show or Sunday morning news program and you are likely to hear the terms “cyber war,” “cyber terrorism,” and “cyber espionage” bandied about in ...

A new year always means one thing in any field with an ample number of armchair pundits: another round of annual predictions. The big problem with annual prediction lists is that they ...

Risk management is both art and science. There is no better example of risk as an art form than risk scenario building and statement writing. Scenario building is the process of identifying ...