Articles on Risk Management

Below are my perspectives on risk management, drawn from my work as a security leader and practitioner.

• Privacy How Security and Privacy Teams Break Barriers Together
  Cybersecurity and data privacy leaders share fundamental goals despite having distinct expertise and priorities. A practical framework for aligning security and privacy efforts involves identifying...
• Leadership Transform the Defender's Dilemma into the Defender’s Advantage
  The "defender's dilemma"—that defenders must be perfect while attackers only need to be right once—is a misconception that undervalues the strategic position of security teams. By adopting a...
• Leadership Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind
  The common adage that "security is everyone's responsibility" often fails due to the diffusion of responsibility, where individuals assume someone else will act. Effectively distributing...
• Product Management How Security Can Better Support Software Engineering Teams
  Security and software engineering teams often operate with different incentives, creating friction when trying to weave security into the development lifecycle. Bridging this gap requires...
• Leadership Security Leaders Can Lower Expenses While Reducing Risk
  In a climate of budget constraints, cybersecurity leaders can find opportunities to cut costs while actually strengthening their security posture. By adopting zero-based budgeting and identifying...
• Malware The Language and Nature of Fileless Attacks Over Time
  The term "fileless" originated in 2001 to describe malware that existed solely in memory, but has expanded to encompass malicious documents, scripts, living-off-the-land techniques, and memory...