Articles on Leadership
- Career Depth of Technical Knowledge Is Not Enough The technical facts you once memorized are worth less now that AI recalls them on demand. Depth of knowledge becomes valuable when it's paired with the judgment and insight to make the right call...
- Cloud Cloud Risks and the Security Community Most cloud security risks apply to IT in general and either have mitigations or have been accepted. InfoSec's role should be active participation in technical innovation, balancing risk with cost—not...
- Career 10 Tips for Hiring Managers Seeking Cybersecurity Professionals Security roles stay open for 45+ days, often because the hiring manager hasn't done the preparation that separates a good hire from a fast one. Most of that work happens before the first interview.
- Cheat Sheets How to Use the Security Architecture Cheat Sheet for Internet Applications
- Risk Management Risk Management: Objectivist and Subjectivist Approaches Objectivists rely purely on historical data to predict risk; subjectivists complement data with judgment about context. A coin flipped by a magician might warrant different probability assessments...
- Cheat Sheets Security Architecture Cheat Sheet for Internet Applications A cheat sheet for initial design and review of Internet application security architecture, covering four areas: business requirements (data classification, users, partners, regulations),...