The Risk Dr ®

Tag: risk

  • Introducing My New Book: CTRL-ALT-RISK

    I’m so excited to announce the release of CTRL-ALT-RISK, my new book that compiles years of work into one accessible collection. This anthology features short essays I originally wrote for the @ISACA® Newsletter, offering practical tips and insights for navigating the complex world of cyber risk management. Whether you’re a cybersecurity veteran or just beginning…

    ·

    , ,

  • Planting the Seeds of Cybersecurity

    Earlier this year, I had the opportunity to reflect on lessons I learned from an unlikely source: a class I took on Plant Pathology. As part of my academic journey, the class explored how plants thrive in challenging environments, defend themselves against threats, and adapt to changing conditions. The parallels to cybersecurity were hard to…

    ·

    , , ,

  • The Risk Sin Eater

    I’m really excited to share this one. The inspiration for this article was courtesy of a good friend who was venting about work. I connected their troubles with something I dug up from my latent interest in folklore. Long story short, the risk department shouldn’t be accepting risk on behalf of the business. I hope…

    ·

    , , , ,

  • Common Sense Risk

    In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security.

    ·

    , , , , , ,

  • Emotional Risk Decision Making

    In the realm of cyber risk quantification, it’s a common belief that emotions should be kept out of the risk assessment and decision-making processes. Certainly, there are valid concerns associated with the influence of emotions, which cannot be overlooked. However, it’s important to recognize that emotions do have a rightful place in risk management. In…

    ·

    , ,

  • ICYMI – Mega ISACA Update – Data Breach Costs and Hanlon’s Razor

    I recently coauthored an article for the ISACA Journal with a coworker about imputing the cost of a data breach from record count. We also recorded a podcast based on the article. You can read the article here and listen or watch the podcast. I also authored a piece for the @ISACA newsletter on the…

    ·

    , , , , , , , ,

  • ICYMI: Cyber Risk Sentinels

    I was very fortunate to have the opportunity to share my thoughts on KRIs last week on The FAIR Institute’s website. I used the metaphor of Sentinel Species (think canaries in coal mines) to serve as an indicator of risk, but not of risk itself. That important distinction is one that I strongly feel is…

    ·

    , , , , ,

  • Smart Contracts

    I was interviewed for, and quoted in, this ISACA publication around Smart Contracts. Upon reflection, what we are really seeing is just a continuation of the concept of Code = Law as pointed out by Lawrence Lessig in his 1999 book, Code and Other Law of Cyberspace. The Smart Contracts doc is a free download…

    ·

    , ,

  • Risk and Regulation

    My latest @ISACA article was published today. In it, I focus on the notion of where our authority comes from in Information Security. Too often, in my opinion, we rely on regulation as a source of “why” when articulating control requirements. I think this is dangerous and counter to the very nature of what an…

    ·

    , , , , ,

  • Speaking at the Inaugural FAIR Conference

    I’ve got a busy October speaking calendar this year! I will be participating on a panel discussion at the inaugural FAIR Conference this year, as well as signing books with Jack Jones. Should be a fun time! Be sure and stop by to say hello!

    ·

    ,