Blog.

Apr 4, 2022

How well a system works

How well a systems works is only half of the story.

Apr 3, 2022

Survival

Change is optional.

Apr 1, 2022

Discoverability and reach.

Why I don't do podcasts.

Mar 31, 2022

Which part of your job is really valuable to the world?

We get to choose how we spend our time and effort, choose wisely.

Mar 30, 2022

The lack of a business case.

The Department cannot justify how its approach to cyber security is delivering value for money.

Mar 17, 2022

Who's the bigger clown?

Who’s the bigger clown? The CISO who pretends they’ve just discovered there’s no transparency in what they do? Or the CEO who pretends they’re shocked, shocked I tell you, that cyber security business cases don’t add up?

Mar 14, 2022

There is water at the bottom of the ocean

Today I'm mostly listening to David Byrne

Feb 9, 2022

Is the drunken orgy of cyber security over?

Being ‘secure’ is popularly comprehended as a better state than being ‘insecure’. This is unsurprising; in the cyber security domain, being secure and doing things securely is considered so obvious as to not even need explicit reference. Many practitioners would argue that more ‘secure’ is the the goal and the entire point of their exercise.