When you are first starting out in redefining how you are operating your security program in a customer-centric context, you need to think about a few key concepts familiar to any new business. What business you are actually in? Do you want to be perceived, and perhaps more importantly, do you want to operate, as […]
Tag Archives: information security
Defining Security Strategy
IntroductionWhen developing your security strategy, it is important to recognize the limitations on your team. In this case, choosing what to do is often less important than choosing what NOT to do. This deck is used to drive conversation around the choices we make as security practitioners in what we choose to tackle, and what […]
Language of Risk
IntroductionWhy is “The Language of Risk” so important right now? What are the drivers for Business and Security to speak the same language? The answer is change: massive, fundamental change in both camps. Technology has moved to center stage as a partner in business enablement, and has brought along its associated risks. IT and IT […]
Information Security as a PSF
UncategorizedCan security operations be run as though it were a Professional Services Firm (PSF)? Management guru and firebrand Tom Peters thinks so, and so do I. I first read Tom’s book, “The Professional Services Firm 50″, when it first came out, back in 1999. And I have to say, after spending the first few years […]