Home

Blog

Security Leadership Insights

On cybersecurity leadership, strategy, and translating cyber risk into business value.

Get new posts in your inbox

Frameworks and frontline lessons for security leaders. No spam, unsubscribe anytime.

Frameworks for Security Leaders

You Never Get Money from the Board

A peer CISO sent me his board deck and asked for feedback. The eighth slide had the ask. I told him the deck would not get him the money. The slides were aimed at the wrong room.

May 27, 20267 min read
Read
Security Strategy

Security Is the Downforce

My old boss had a formula: security equals one over productivity. I believed him for years. I don't anymore. The job isn't to slow the car down. It's to build one that can take the corners.

May 20, 20269 min read
Read
Leadership Reflections

The Closet Floor

Midnight before Black Friday at PayPal. I'm on the closet floor holding calls so the house stays asleep. The visible work is the slide. The actual work is this.

May 18, 202611 min read
Read
Leadership Reflections

The Shoulder, the Agent, and the Job

A torn rotator cuff, ninety minutes of insomnia, and Claude Code. What a CSO's pre-dawn build session taught me about product thinking in security today.

May 9, 20266 min read
Read
Leadership Reflections

The Three-Day Draft

In 2020 I drafted a Slack message disclosing my PTSD and held it for three days. For Mental Health Awareness Month, what sending it taught me about silence.

May 7, 20266 min read
Read
AI & Emerging Threats

The Attack Surface Diet: Lessons from Remission

A phrase from David Moulton on Threat Vector named what AI is doing to security programs. Four moves to shed weight, build muscle, and keep the program lean.

April 23, 20269 min read
Read
AI & Emerging Threats

We Didn't Start the Fire. We Have to Put It Out.

The AI security inflection point arrived in 2023, not last week. Organizations still treating this as a future problem are running out of time to change course.

April 13, 20268 min read
Read
Leadership Reflections

Familiarity Is Not Knowledge

Even a little familiarity is enough to stop you from really looking. In security, that's not just a personal liability — it's a structural one.

April 7, 20267 min read
Read
Security Leadership

The Workforce Problem Nobody at RSA Wanted to Talk About

AI agents are taking over the entry-level security work that built our careers. If we don't act now, we're building a 10-year workforce crisis that makes today's shortage look manageable.

March 26, 20269 min read
Read
Security Leadership

Trust Is the New Baseline

Two conferences, two different worlds, but the same word kept coming up: trust. The CX and security communities are having parallel conversations that need to converge.

March 19, 20268 min read
Read
AI & Emerging Threats

AI Isn't the Threat. Your Reaction Is.

Half of employees use AI regularly. 80% mix in tools IT never approved. Your adversaries are already using AI to scale their attacks. The question is whether your team is keeping pace.

February 26, 202611 min read
Read
Frameworks for Security Leaders

The Security Investment Playbook, Part 2: Kill Your Science Experiments

Security teams run science experiments all the time, and it's one of the biggest drains on our effectiveness as an industry. Here's how to spot them and what to do instead.

February 16, 20269 min read
Read
Frameworks for Security Leaders

The Security Investment Playbook, Part 1: Core, Context, Commodity

The Core, Context, Commodity framework is the single most useful lens for deciding where your security team should spend its energy.

February 12, 20268 min read
Read