Cybersecurity’s Need for Speed & Where To Find It
www.philvenables.com/post/cyberse...
Things Are Getting Wild: Re-Tool Everything for Speed
In the end, despite the short term pessimism, I remain wildly optimistic for the future.
www.philvenables.com/post/things-...
Top Posts of '25
www.philvenables.com/post/2025-ye...
Security Leadership Master Class 7 : Contrarian Takes
- The curse of binary thinking
- Ceremonial security
- Caricatures of security people
- You just might be a ̶r̶e̶d̶n̶e̶.....security professional
www.philvenables.com/post/securit...
Security Leadership Master Class 6 : When Disaster Strikes
- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..
www.philvenables.com/post/securit...
Taking your established security program to the next level.
Preventative maintenance, risk quantification, navigating the uncanny valley, continuous assurance, architectural choices to reduce whole classes of risk and more.
www.philvenables.com/post/securit...
Security Leadership Master Class - Part 1: Leveling up your leadership
philvenables.com/post/securit...
Everyone Has A Plan Until They Get Punched In The Face.
Resilience is about capabilities not just plans.
www.philvenables.com/post/everyon...
Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype
A new NASEM report reveals the truth about #cybercrime stats: our data is fragmented, inconsistent, & underreported. We can't fight what we can't accurately measure.
www.philvenables.com/post/decodin...
The Don't Fire Me Chart
A lot of premature CISO turnover is caused by the security program uncovering previously unknown risks and issues. So, paradoxically, the best CISOs make the situation *seem* worse before it then *actually* gets better.
www.philvenables.com/post/career-...
Cyber Insights Needed & Delivered
My analysis of the recent Cyentia Institute report. Things are getting worse in absolute terms but it’s not clear (my take) they are getting worse relative to what the situation might be.
www.philvenables.com/post/cyber-i...
Segmentation Technologies / Zero Trust
Thinking about doctrine vs. structure is a useful mental model to validate a technology’s adequacy for a particular task. In short, to know whether we are jamming a square peg into a round hole.
www.philvenables.com/post/segment...
A different taken on the CISO / Cybersecurity Leader Job Description.
www.philvenables.com/post/ciso---...
Starting a Security Program from Scratch (or re-starting).
www.philvenables.com/post/startin...
Security Leaders’ Reading List
Not many security books. Security leader challenges are mostly, well, leadership along with a healthy dose of program mgmt, culture, attention to detail, risk mgmt and more.
www.philvenables.com/post/leaders...
Turning the Security Flywheel
This post explores the "flywheel" concept and its application to security, demonstrating how to create self-reinforcing cycles that improve effectiveness.
www.philvenables.com/post/turning...
Cryptanalytically Relevant Quantum Computers (CRQCs) are coming. Perhaps sooner than we think, but we can conservatively (and usefully) assume in the 2032 - 2040 time frame. Beware the snake-oil of non-standard solutions.
www.philvenables.com/post/post-qu...
Keys to Career Success
www.philvenables.com/post/keys-to...
Top Ideas and Posts from 2024
In closing the year let’s take a look at the top 10 posts of 2024 in order of most read.
www.philvenables.com/post/top-ide...
Want to know more about cyber-physical resilience & why leading indicators like software reproducibility & cold-restart time are more effective than just focusing on lagging indicators?
Then take a listen to the 2024 season finale of the cloud security podcast.
cloud.withgoogle.com/cloudsecurit...
Cloud CISO Perspectives for end of Dec ’24 is up covering:
- Year end review from AI to Threats
- Forecast for 2025
- AI ISO certifications
- NIS2 compliance
- Threat intel. program development
- Detection as code
- and much more….
cloud.google.com/blog/product...
Remember, as security professionals we are defending the free flow of ideas and capital that are essential for human progress. Defending lives and livelihoods. That's the mission. Happy Holidays.
sketchplanations.com/the-three-br...
Leadership: One Day at a Time, One Step at a Time.
www.philvenables.com/post/leaders...
Proud to see @googlecloud as the first cloud service provider to partner with the @GRFederation and its affiliates to help further strengthen the manufacturing industry's cyber resilience.
Read more on what this means here:
cloud.google.com/blog/product...
Cloud CISO Perspectives for early Dec '24 is up covering:
- Forecasting 2025: Notes from the Field
- Open source security patch validation
- C2 in browser isolation environments
- Every CTO should be a CTSO
- and more......
cloud.google.com/blog/product...
Oops! 5 serious gen AI security mistakes to avoid
cloud.google.com/transform/oo...
How has the development and adoption of AI changed over the last year? Dive into the current landscape in this issue of the Dialogues magazine, from @Google and @atlanticrethink for insightful perspectives on the transformative power of AI.
Read here: www.theatlantic.com/sponsored/go...
Regulatory Harmonization - Let’s Get Real
Most cyber controls are relatively aligned. Calls for action on harmonization are really induced by obligations from other technology risk domains or broader. Focusing on reducing compliance toil is the right approach.
www.philvenables.com/post/regulat...
