Slow and Steady Security: Lessons from the Tortoise and the Hare

What can Aesop’s fable “The Tortoise and the Hare” teach us about security? A lot I would argue, particularly about ignoring hype and building security programs that are consistent, resilient, and effective. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/slow-and-steady-security-lessons-from-the-tortoise-and-the-hare/.

Reclaiming Control: How Enterprises Can Fix Broken Security Operations

Remember when those of us working in security operations had a fighting chance to successfully defend the enterprise? I do. Overly complex modern infrastructures have taken much of this ability away. I share some thoughts on how security teams can take it back in my latest SecurityWeek piece: https://www.securityweek.com/reclaiming-control-how-enterprises-can-fix-broken-security-operations/.

Why Sincerity Is a Strategic Asset in Cybersecurity

Strong security doesn’t just rely on tools — it starts with trust, clarity, and sincerity from the top down. I discuss why sincerity is a strategic asset in security in my latest SecurityWeek piece: https://www.securityweek.com/why-sincerity-is-a-strategic-asset-in-cybersecurity/.

Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal

Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal. In my latest SecurityWeek piece, I discuss what I believe is an important topic regarding careers in the security field: https://www.securityweek.com/rethinking-success-in-security-why-climbing-the-corporate-ladder-isnt-always-the-goal/.

Actions Over Words: Career Lessons for the Security Professional

In a world full of noise and promises, it’s those who consistently deliver behind the scenes who build the most respected and rewarding careers. I'd advise prioritizing doing over talking. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/actions-over-words-career-lessons-for-the-security-professional/.

Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy

Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy: In my latest SecurityWeek piece, I discuss how Grouch Marx's humor can teach us an important lesson around the importance of applying consistent security policy. https://www.securityweek.com/grouchos-wit-cloud-complexity-and-the-case-for-consistent-security-policy/

Through the Lens of Music: What Cybersecurity Can Learn From Joni Mitchell

What can Joni Mitchell teach us about cloud security? Perhaps more than you might initially think. I discuss in my latest SecurityWeek piece: https://www.securityweek.com/through-the-lens-of-music-what-cybersecurity-can-learn-from-joni-mitchell/.

The Hidden Cost of Compliance: When Regulations Weaken Security

Can regulations actually weaken security? I would argue that they can. I explain why in my latest SecurityWeek piece: https://www.securityweek.com/the-hidden-cost-of-compliance-when-regulations-weaken-security/. Food for thought and a discussion that I believe is long overdue.

Security Teams Pay the Price: The Unfair Reality of Cyber Incidents

Why is it that, regardless of the circumstances, security teams always seem to shoulder the burden of security incidents? What steps can be taken to prepare for this? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/.

Rationalizing the Stack: The Case for Security Vendor Consolidation

Security vendor consolidation is a hot topic these days, and for good reason. What are some points enterprises should consider when looking towards a consolidation play? I discuss in my latest SecurityWeek piece: https://www.securityweek.com/rationalizing-the-stack-the-case-for-security-vendor-consolidation/.