I recently wrote this piece for ISACA on business process maps. Clearly, this is tongue in cheek – there are a lot of benefits to building a map of business processes and for a security professional, these maps can become the basis of lots of security and risk reporting. You can read my thoughts onContinue reading “Business Process Maps are Boring”
Category Archives: Working in Risk
ICYMI – Interviewed on CISO Insiders Podcast
I had a great time talking with Ben Ben-Aderet on the CISO Insiders Podcast. He asked really interesting questions about not only information security but also caused me to reflect on myself and what I learned during my time in the industry. You can check it out here (he bookmarked different topics so you canContinue reading “ICYMI – Interviewed on CISO Insiders Podcast”
Rise of the Chief Trust Officer
I wrote a piece for ISACA about how the rise of the Chief Trust Officer role is changing the landscape for cyber security and cyber risk leadership. Borrowing from the CISO, CSO, CPO, CIO, and digital transformation roles, the Chief Trust Officer can become the go to role to govern technology and ensure customer’s trustContinue reading “Rise of the Chief Trust Officer”
In my latest column I wanted to call out some of the dichotomy that exists in the cyber world today. There are so many exciting new technologies in the world, and so much more risk inherent in them. Working in risk means that you can’t avoid bad things entirely (any more than you can stopContinue reading “Interesting Times”
The April @ISACA newsletter was published last week with my piece called “Risk Palimpsest.” I ran across this unusual word in some non-risk reading I was doing and I was instantly struck with what a great metaphor it was. You can read it here (and also learn what a palimpsest is).