I’m very excited to announce that I will be speaking at the Cyber Future Dialogue in two weeks in Davos, Switzerland during the World Economic Forum. This is going to be an amazing opportunity to converse with distinguished leadership from around the world on the necessity of and practical means to operationalize cyber risk quantificationContinue reading “Speaking at the Cyber Future Dialogue in Davos during the World Economic Forum (WEF)”
Category Archives: Policy
Risk Frameworks, Equifax, and Public Sector Risk
Time for another cyber risk roundup! I was interviewed for an article on Health Security and Risk Frameworks: Providers Must Go Beyond Frameworks for Strong Risk Management 800,000 Systems Still At Risk to BlueKeep RDP Vulnerability My hot take on the Equifax settlement For ISACA, I took aim here discussing the ways in which publicContinue reading “Risk Frameworks, Equifax, and Public Sector Risk”
Smart Contracts
I was interviewed for, and quoted in, this ISACA publication around Smart Contracts. Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace. The Smart Contracts doc is a free downloadContinue reading “Smart Contracts”
Risk and Regulation
My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what anContinue reading “Risk and Regulation”
Be the person on the phone
So I purchased some of those curly cue light bulbs (CFLs), but as I am prone to do, I got the wrong ones (the base wasn’t right). Also like I always do, I bought the giant big box store pack, so it made sense for me to return them. So my family and I rollContinue reading “Be the person on the phone”
Thus Wastes Man
A discussion on priority-making, risk, and the nature of humanity I’m always interested in examples where we make implicit risk decisions. It happens naturally all the time, mostly because we lack the resources (time, skills) to properly evaluate the scenario. Despite being good at keeping us immediately out of harm’s way, this quick decision-making skillContinue reading “Thus Wastes Man”
Private Sector Perspectives on Cyberwar
I sat through a presentation recently about cyberwar. Its a topic that engenders a lot of passion in the information security community. There seems to be a natural line drawn between those with previous experience in the military and government and those with primarily private sector experience. The typical military/government professional will attempt to engender a response from those in private industry.Continue reading “Private Sector Perspectives on Cyberwar”
How to Play
I recently took my daughter to a kid’s birthday party. The location had one of those kid’s gyms where you kick your shoes off and dive into the balls and have a great time. Risk never leaves my mind, so when I was reviewing the sign that was posted over the entrance to the area,Continue reading “How to Play”
The Risk Dr ® 