- Leadership Experts Cannot Help Overstating Their Expertise
The more confident we feel in a domain, the more likely we are to claim knowledge that doesn't exist. Recognizing this overclaiming bias helps us invite critique when we share our expertise and ask...
- Leadership Know Your Firm's Economic Moat to Keep Security Relevant
Effective security decisions require understanding your company's economic moat—the competitive advantages that protect it from rivals. Framing risks in terms of threats to these moats (brand equity,...
- Risk Management The Eternal Cycle of Cybersecurity
The fight between cyber attackers and defenders resembles an ecological cycle between predator and prey—the goal is equilibrium, not victory. Being complacent is risky because maintaining balance...
- Authentication What to Do About Password-Sharing?
Password sharing is a reality driven by convenience and social norms—Netflix even encourages it with multiple profiles per account. Rather than pretending credential sharing doesn't exist, products...
- Training Tying Shoelaces and Information Security
Most people tie shoelaces with the weaker knot because the stronger version is harder for children to learn. Similarly, security "best practices" we've followed for years may not be optimal—tribal...
- Risk Management Why Are Executives More Prone to Accept Risks?
Research links high status and power to greater trust in others and overconfidence in one's own knowledge. Executives may accept security risks while being overly trusting and without spending...