An Analytical Approach

Monday, March 16, 2026

In the security field, we focus so much on vetting data and information. Yet, when it comes to people or organizations, we invest far less in vetting them. Why is that and how can we improve? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/the-human-ioc-why-security-professionals-struggle-with-social-vetting/.

Security in the Dark: Recognizing the Signs of Hidden Information - My latest piece in SecurityWeek discusses that security failures don’t always start with attackers, sometimes they start with missing truth. https://www.securityweek.com/security-in-the-dark-recognizing-the-signs-of-hidden-information/.

Beware of security advice that comes from people or organizations that have no stake in the outcome, nothing to lose, and won't bear any of the consequences. What do I mean? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/the-loudest-voices-in-security-often-have-the-least-to-lose/.

Have you ever observed two people talking to one another, yet having two entirely different conversations? I discuss how this can harm security in my latest SecurityWeek piece: https://www.securityweek.com/the-great-disconnect-unmasking-the-two-separate-conversations-in-security/.

Have you stopped to consider how bringing politics into the workplace is a security risk? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/perspective-why-politics-in-the-workplace-is-a-cybersecurity-risk/.

What can Aesop’s fable “The Tortoise and the Hare” teach us about security? A lot I would argue, particularly about ignoring hype and building security programs that are consistent, resilient, and effective. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/.