Articles on Leadership

Below are my perspectives on leadership, drawn from my work as a security leader and practitioner.

• Leadership From Chief Opinion Officer to Action-Taker
  Security leaders who only assess risks and express concerns operate as Chief Opinion Officers rather than change agents. Delivering outcomes requires agreeing with colleagues on what's real, deciding...
• Leadership The Chief Insecurity Officer
  What if the CISO's job isn't to maximize security but to calibrate the right amount of insecurity? Reframing the role this way turns security leaders from obstacles into enablers of business velocity.
• Leadership Escaping the Vulnerability Management Hamster Wheel
  Most vulnerability programs are stuck in a loop of scanning, reporting, and patching that offers a false sense of accomplishment. Escaping this cycle requires shrinking the attack surface,...
• Leadership The CISO's Mindset: Outcomes, Automation, and Leadership
  The role of the CISO evolving into a blend of leadership and technical expertise, with increased accountability for business outcomes. Key trends include leveraging automation and AI to enhance...
• Leadership Transform the Defender's Dilemma into the Defender’s Advantage
  The "defender's dilemma"—that defenders must be perfect while attackers only need to be right once—is a misconception that undervalues the strategic position of security teams. By adopting a...
• Leadership Are CISOs of Security Vendors in Your Community?
  CISO events often exclude security leaders from cybersecurity vendors to prevent sales pitches, but this overlooks the value these leaders bring and fails to address other potential conflicts....