Articles on Risk Management

Below are my perspectives on risk management, drawn from my work as a security leader and practitioner.

• Leadership The Chief Insecurity Officer
  What if the CISO's job isn't to maximize security but to calibrate the right amount of insecurity? Reframing the role this way turns security leaders from obstacles into enablers of business velocity.
• Leadership Escaping the Vulnerability Management Hamster Wheel
  Most vulnerability programs are stuck in a loop of scanning, reporting, and patching that offers a false sense of accomplishment. Escaping this cycle requires shrinking the attack surface,...
• Privacy How Security and Privacy Teams Break Barriers Together
  Cybersecurity and data privacy leaders share fundamental goals despite having distinct expertise and priorities. A practical framework for aligning security and privacy efforts involves identifying...
• Leadership Transform the Defender's Dilemma into the Defender’s Advantage
  The "defender's dilemma"—that defenders must be perfect while attackers only need to be right once—is a misconception that undervalues the strategic position of security teams. By adopting a...
• Leadership Distribute Cybersecurity Tasks with Diffusion of Responsibility in Mind
  The common adage that "security is everyone's responsibility" often fails due to the diffusion of responsibility, where individuals assume someone else will act. Effectively distributing...
• Product Management How Security Can Better Support Software Engineering Teams
  Security and software engineering teams often operate with different incentives, creating friction when trying to weave security into the development lifecycle. Bridging this gap requires...