Yesterday I was lucky enough to be given the opportunity to deliver the keynote for the ICI Global Cybersecurity Forum in London. It was a great event with some seriously considered debates, some well run panels and lot of practitioners I hadn’t met before. I’ve decided to publish my speaking…
Tag: management
20 questions on cyber-supply chain risk management
I recently wrote an article for Banking Technology that has been generally well received, I’ve decided to include it here on the blog for future reference. I’ve enjoyed working with Banking Technology and thoroughly recommend the editor David Bannister who has clearly been around the block enough times and has a…
We need to talk about IT
It has long been a truism of security practitioners that security is not an IT problem. This is an attempt to lift the gaze of the security team from technology to the wider business. A laudable and useful goal. However, IT is a security problem.
Misinterpreted policy?
A couple of months ago I was home ill from work and frankly a little bored. While idly reading my twitter feed I reflected on a challenge I had been facing at work; a very technology-focused, agile, team that seemed to move faster than the security team could handle. I had…
Follow the Money
When we talk about security with the business we need to talk about money. I have occasionally run into colleagues whose answer to risk-based governance approaches and performance-based management approaches has been to say “Show me the money!”. I understood their desire to see security operate in the language of…