Empathizing with Customers, Developers, and Stakeholders — In cybersecurity, I sometimes forget to put myself in the shoes of my customers. Maybe it’s because I’m busy. Maybe it’s because I’m arrogant. People are the most important resource cybersecurity teams have to identify, protect, detect, respond, and recover from cybersecurity events. Over the weekend, I was reminded that…

Leaders want measurable data about cybersecurity’s progress toward creating value aligned to the business vision. They do not necessarily want a bullet list of security checkboxes. Cybersecurity teams have to recognize that strategy needs to support the business. Recently, I’ve seen many product managers talk about being asked for a…

Cybersecurity teams need to look into the mirror and ask, “What do I need to do to be prepared for 2023?” Next year I believe cybersecurity teams will face epic challenges, forcing teams to reevaluate how we operate. Doing security for security’s sake will not be enough to sell business…

“Defense In Layers” in the Enterprise Part 3 of the series ‘Defense In Layers’. Part 1: ‘Defense In Layers’ The Framework & Part 2: ‘Defense in Layers’ — The Exercise. Please support me by following me on Medium. Cybersecurity teams are being called upon to provide roadmaps to ‘Zero Trust.’…

Part 2 of the series ‘Defense In Layers’. Link to ‘Defense In Layers’ The Framework. Please support me by following me on Medium. Tap, Tap, Tap. ”Excuse me. Your perceived security posture is not what you think it is….” WHAT? How DARE you. We spend at least 10% of our…

Article 1 of ‘Defense In Layers’ in the Enterprise As long as there is money to be made from hacking an enterprise, hackers will find new ways to exploit vulnerabilities. Looking into the 2022 Uber hack, a typical story took place. …

Article 7 of 8 in Building Your Cybersecurity Posture on Medium Our network is the map to all of our vulnerabilities. Attackers can use this map to find routes to our most protected assets or find easy locations to hijack data in flight exposing our most valuable information. Our network…

Scaling cyber defense is more than just adding more members to the team. Cybersecurity teams in the enterprise are growing exponentially. Product-led cybersecurity organizations can help do more than show the number of threats averted and vulnerabilities fixed. They can help drive internal adoption and show financial value to executives…

One day, after a particularly eventful night, I asked myself, “Is cybersecurity worth doing?” The obvious answer is a resounding “YES!” but out of nowhere, my eight-year-old asks, “Why?” If my eight-year-old daughter sees the need for value at the morning breakfast table, what are business executives asking themselves when…