I have a lot of sympathy for UK boards of directors. UK boards of directors have had cyber pushed onto their agenda by the government, regulators and the Financial Times for several years. Unfortunately many board members are often ill-equipped to fully understand the executive decisions regarding cyber they have now…
Category: Security
Managing Insider Risk
A short presentation I gave to the July 2015 NED Forum on using the ‘Critical Pathway to Insider Risk’ to Manage Insider Risk. This was a very conversational event so the slides are even more terse than usual. I’ve removed a slide on my employers proprietary technology in this area. This…
ICI Global Cybersecurity Forum 2015 Keynote: Cyber Resilience
Yesterday I was lucky enough to be given the opportunity to deliver the keynote for the ICI Global Cybersecurity Forum in London. It was a great event with some seriously considered debates, some well run panels and lot of practitioners I hadn’t met before. I’ve decided to publish my speaking…
Competing Innovations in Cyber
I have had a series of productive discussions with a colleague over the last year about the differences in adopting new innovations between cyber attackers and cyber defenders. His interesting, and itself innovative, contention is that a key problem in cyber security is created by the differently shaped innovation adoption curves…
We need to talk about IT
It has long been a truism of security practitioners that security is not an IT problem. This is an attempt to lift the gaze of the security team from technology to the wider business. A laudable and useful goal. However, IT is a security problem.