Articles on Leadership

Below are my perspectives on leadership, drawn from my work as a security leader and practitioner.

• Risk Management Understand the Reality of the SOC 2 Checkbox
  SOC 2 standardized security reporting, but it left the vendor in control of the system boundary and auditor selection. Understanding that structural gap helps vendors and buyers get the most value...
• Product Management Most Cybersecurity Products Aren't Platforms and It's OK
  The test for a genuine platform is whether each new addition makes everything else more valuable, not just whether products share a brand or console. Let's draw a distinction between a platform and a...
• Product Management Building Security Products for SMBs
  Building security products for SMBs differs from enterprise markets in distribution, pricing, and product design. Vendors who merely repackage enterprise solutions at a lower price point struggle,...
• Leadership From Chief Opinion Officer to Action-Taker
  Security leaders who only assess risks and express concerns operate as Chief Opinion Officers rather than change agents. Delivering outcomes requires agreeing with colleagues on what's real, deciding...
• Leadership What Being a CISO Taught Me About Security Leadership
  A four-point framework to succeeding as a CISO, based on my experiences of building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and...
• Leadership The Chief Insecurity Officer
  What if the CISO's job isn't to maximize security but to calibrate the right amount of insecurity? Reframing the role this way turns security leaders from obstacles into enablers of business velocity.