Category: Working in Risk
-
Earlier this year, I had the opportunity to reflect on lessons I learned from an unlikely source: a class I took on Plant Pathology. As part of my academic journey, the class explored how plants thrive in challenging environments, defend themselves against threats, and adapt to changing conditions. The parallels to cybersecurity were hard to…
-
Many organizations mistakenly believe they need extensive data and complex systems for Cyber Risk Quantification (CRQ). This article advocates for early adoption of quantitative risk measurement, starting small and evolving over time. By abandoning outdated qualitative ratings, organizations can access valuable insights, enhance decision-making, and achieve greater resilience in their risk programs from the outset.
-
I recently wrote this piece for ISACA on business process maps. Clearly, this is tongue in cheek – there are a lot of benefits to building a map of business processes and for a security professional, these maps can become the basis of lots of security and risk reporting. You can read my thoughts on…
-
I had a great time talking with Ben Ben-Aderet on the CISO Insiders Podcast. He asked really interesting questions about not only information security but also caused me to reflect on myself and what I learned during my time in the industry. You can check it out here (he bookmarked different topics so you can…
-
I wrote a piece for ISACA about how the rise of the Chief Trust Officer role is changing the landscape for cyber security and cyber risk leadership. Borrowing from the CISO, CSO, CPO, CIO, and digital transformation roles, the Chief Trust Officer can become the go to role to govern technology and ensure customer’s trust…
-
In my latest column I wanted to call out some of the dichotomy that exists in the cyber world today. There are so many exciting new technologies in the world, and so much more risk inherent in them. Working in risk means that you can’t avoid bad things entirely (any more than you can stop…
-
The April @ISACA newsletter was published last week with my piece called “Risk Palimpsest.” I ran across this unusual word in some non-risk reading I was doing and I was instantly struck with what a great metaphor it was. You can read it here (and also learn what a palimpsest is).
The Risk Dr ® 