Articles on Assessments

Below are my perspectives on assessments, drawn from my work as a security leader and practitioner.

• Assessments Experts Cannot Help Overstating Their Expertise
  Self-proclaimed experts are more likely to claim knowledge of things they don't know, including nonexistent terms in their fields of expertise. This overclaiming tendency means security professionals...
• Assessments Technical and Political Boundaries of Security Assessments
  Security assessment scoping involves both technical and political boundaries, since testing efforts are often artificially constrained by which teams control which systems. Defining rules of...
• Cheat Sheets IT and Cybersecurity Cheat Sheets
  As much as we try to be proactive about cybersecurity, IT planning, or project management, we get distracted, or procrastinate. These cheat sheets, checklists and templates are designed to assist...
• Assessments Tips for Creating a Strong Cybersecurity Assessment Report
  Creating a strong security assessment report requires analyzing data beyond tool output, prioritizing findings by risk, documenting methodology and scope, and providing practical remediation...
• Assessments Information Security Assessment RFP Cheat Sheet
  Effective security assessment RFPs require understanding what's driving the need, ensuring staff availability, and defining realistic timelines and budgets. Key elements include specifying assessment...
• Communication Balancing Brevity and Verbosity in Business Communications
  Brevity is valuable when audiences lack time or inclination—use elevator pitches for executives, SWOT matrices for pros and cons, and keep emails short. Verbosity is appropriate when responding to...