An Analytical Approach

Thursday, January 8, 2026

Beware of security advice that comes from people or organizations that have no stake in the outcome, nothing to lose, and won't bear any of the consequences. What do I mean? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/the-loudest-voices-in-security-often-have-the-least-to-lose/.

Have you ever observed two people talking to one another, yet having two entirely different conversations? I discuss how this can harm security in my latest SecurityWeek piece: https://www.securityweek.com/the-great-disconnect-unmasking-the-two-separate-conversations-in-security/.

Have you stopped to consider how bringing politics into the workplace is a security risk? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/perspective-why-politics-in-the-workplace-is-a-cybersecurity-risk/.

What can Aesop’s fable “The Tortoise and the Hare” teach us about security? A lot I would argue, particularly about ignoring hype and building security programs that are consistent, resilient, and effective. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/.

Remember when those of us working in security operations had a fighting chance to successfully defend the enterprise? I do. Overly complex modern infrastructures have taken much of this ability away. I share some thoughts on how security teams can take it back in my latest SecurityWeek piece: https://www.securityweek.com/reclaiming-control-how-enterprises-can-fix-broken-security-operations/.

Strong security doesn’t just rely on tools — it starts with trust, clarity, and sincerity from the top down. I discuss why sincerity is a strategic asset in security in my latest SecurityWeek piece: https://www.securityweek.com/why-sincerity-is-a-strategic-asset-in-cybersecurity/.