Articles on Risk Management

Below are my perspectives on Risk Management, drawn from my work as a security leader and practitioner.

Communication Handling High-Profile Vulnerabilities
When a high-profile vulnerability surfaces, executives and customers want to know whether it affects you. With a one-page brief and a short process, you can capture the key details and reach the...
Assessments A Report Template for Security Assessments
The technical severity of an assessment finding tells only part of the story. A customizable report template helps you document the scope, rate findings by risk, and write for the executives and...
Encryption The Past, Present, and Future of the Web's Trust Model
Observability, short-lived credentials, and active enforcement hold the web's trust model together. Without them, a decade of Certificate Authority failures would've collapsed it. Will those same...
Threat Intelligence Six Signals for Threat Attribution
Credible threat attribution weighs six signals together. Each signal has a disciplined methodology behind it, with citations and stress tests to back the conclusions.
Artificial Intelligence Making Sense of Security for AI: The AI Defense Matrix
The AI Defense Matrix maps eight AI asset classes to NIST CSF functions, giving security leaders one grid to assign ownership, find gaps, and select controls. Sounil Yu and I co-authored it as the...
Risk Management Trust Boundary of SaaS Will Include Customers' AI Agents
SaaS vendors should assess whether their trust boundary includes customers' AI agents. Liability has pushed banks toward securing the customer's device four times, and the fifth wave is forming...

No results found