Chris Brown

An executive coach makes dispassionate observations. I find myself in the position of asking CISO clients: When does 'security culture' override 'business culture?' After their long pause, I ask: What does this tell you about what security culture gives you vs how it's very notion deludes you?

‘I see we share some connections’ is the LinkedIn equivalent of ‘you come here often?’ Just say what you want, Bro.

I may have finally gotten OpenAI/ChatGPT to behave.

medium.com/@chris-brown...

Interesting. It's the product analogy to corporate-level strategic self-disruption / s-curve jumping.

I use chatGPT as a foil sometimes and it's really off right now. I think I just broke it by asking:

No, you're not even paying attention. Are you in the bathroom?

What If the CISO Didn’t Exist? What would we see — organizationally, intellectually, culturally — if we leveraged this thought experiment to see challenges in a new…

What if the CISO Didn't Exist? medium.com/@chris-brown...

CISO Impact and Influence: How Cybersecurity Executives Can Take the Lead and Nudge the World Amazon.com: CISO Impact and Influence: How Cybersecurity Executives Can Take the Lead and Nudge the World eBook : Brown, Chris: Kindle Store

For those interested: www.amazon.com/CISO-Impact-...

Book laying on an unseen surface with title CISO Impact and Influence: How Cybersecurity Executives Can Take the Lead and Nudge the World

I started a journey two years ago, because I was called to, compelled to. My first book is now widely available, and the whole thing has been life-changing... writing, rewriting, beta readers, being done writing. Standing back and appreciating what I've done. *Phew* what a trip.

I assume they were wearing suites while messaging, as that’s the important bit.

Where’s the circumspect about using systems not under government or personal control? What’s next… Facebook messenger? TikTok DMs?

23andMe files for bankruptcy, customers advised to delete DNA data ​California-based genetic testing provider 23andMe has filed for Chapter 11 bankruptcy and plans to sell its assets following years of financial struggles.

🚨 23andMe files for bankruptcy — with assets now up for sale, privacy experts warn customer DNA data could fall into the wrong hands. Delete your data to protect your privacy now‼️ 🧬🔒 #Privacy #DataSecurity #DNA

www.bleepingcomputer.com/news/securit...

Ignore what you know. Prioritizing specialist knowledge is a trap. Questioning its relevance as contexts evolve is a litmus test of adaptability, a hallmark of leadership, recognizes limits of our understanding, and keeps us open to new insights, even when they contradict ideas previously held.

Attorney General Bonta Urgently Issues Consumer Alert for 23andMe Customers Californians have the right to direct the company to delete their genetic data OAKLAND — California Attorney General Rob Bonta today issued a consumer alert to customers of 23andMe, a genetic testing ...

23andMe is going under. Californians have the right to delete their genetic data before it's turned over to next party buying the assets. If you have a 23andMe account, go log in to download whatever reports you want to save, then follow these instructions to delete your data.

YouTube video by Microsoft Majorana 1 Explained: The Path to a Million Qubits

I had not really worried (much) about the next 10 years regarding the advancement of quantum computing. That timeline might have just moved up a little... www.youtube.com/watch?v=wSHm...

“The presentation stays the same, the problem framing changes” for each audience, on communication and influence. @siliconchef.bsky.social at @bsidespdx.bsky.social

The design *aesthetic* has been amazingly consistent over almost 30 years. But I remember from 2.1 to 6.2, waiting for the new distro to show up, often in part for slight changes to Beastie or fonts.

We dispensed with ‘owner’ right away. It was ambiguous, confusing, and subject to implicit reframe.

We chose: (data) steward, (data) custodian, (application) sponsor.

We redefined owner as always the subject (patient for patient data, company for company data).

And we don’t talk about it enough. We have poor language for it. Circa 2005, my first time CISO, I sat down with the director of corporate of strategy. We picked a set of ordinary words from English dictionary. Those words were key to having the conversations needed to addressing our challenges.

Is “live-tweeting” a thing on Bluesky?

“Unhackable” — yeah, sure.

Reminds me of my FreeBSD CD distro days in the mid 90s. Good times.

This is such a great podcast series.

Certs help, but in the job, on the ground circumstances create a lot of erosion. Tech folk are not generally great at feedback - giving, asking for, receiving.

It’s a confidence gap at all levels, from interns up to and including senior cyber execs.

But they actually disclose the number, just via another agency Check here for the up to date info: www.census.gov/popclock/?os...

Expecting cyber to address patching is like expecting the communications team to address how employees park in the company lot.

Business don’t make risk-based decisions. They make risk-informed opportunity decisions.

I looked up necroing.

I suddenly feel like I’m at a fancy dinner with a five fork place setting and only know what the first two are for.

Didn’t intend to be break etiquette. I’ll try to mind my manners better.

Thank you for pointing out what I did.

It’s going to get real interesting if or when the West finally gets tired of defense and starts offense at the skill level of attacking air-gap centrifuges at the volume of shock and awe.