Articles on Risk Management
Below are my perspectives on Risk Management, drawn from my work as a security leader and practitioner.
- Communication Templates for Cybersecurity Executive Briefings In an effective executive brief, you lead with the bottom line and what a finding means for your organization. Use these four customizable templates to do exactly that across threat intel,...
- Communication Handling High-Profile Vulnerabilities When a high-profile vulnerability surfaces, executives and customers want to know whether it affects you. With a one-page brief and a short process, you can capture the key details and reach the...
- Assessments A Report Template for Security Assessments The technical severity of an assessment finding tells only part of the story. A customizable report template helps you document the scope, rate findings by risk, and write for the executives and...
- Encryption The Past, Present, and Future of the Web's Trust Model Observability, short-lived credentials, and active enforcement hold the web's trust model together. Without them, a decade of Certificate Authority failures would've collapsed it. Will those same...
- Threat Intelligence Six Signals for Threat Attribution Credible threat attribution weighs six signals together. Each signal has a disciplined methodology behind it, with citations and stress tests to back the conclusions.
- Artificial Intelligence Making Sense of Security for AI: The AI Defense Matrix The AI Defense Matrix maps eight AI asset classes to NIST CSF functions, giving security leaders one grid to assign ownership, find gaps, and select controls. Sounil Yu and I co-authored it as the...