Adversarial Risk Management
Cybersecurity Governance, Strategy, and Risk Management

Latest

Dec
07
Network Egress and Ingress Fundamentals

Network Egress and Ingress Fundamentals

There is a lot of confusion about network ingress and egress. This isn't limited to junior staff; I've witnessed this
5 min read
Nov
22
Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 2 of 4

Episode 2: Risks In Episode 1 of this series I talked about oversight of cybersecurity threats and how a Board
6 min read
Nov
11
Bad CISO Archetypes

Bad CISO Archetypes

As part of my advisory work, I often help companies find and/or interview security leaders. While I'm a huge
4 min read
Oct
20
Episode 07 - Bug Bounties with guest Casey Ellis

Episode 07 - Bug Bounties with guest Casey Ellis

Bugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber
1 min read
Oct
17
Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4

Cyber Governance: What is Fair to Expect from Board Directors and Management? 1 of 4

With mounting pressure around cyber literacy in the Boardroom, Directors are looking for specifics around what will be expected of
8 min read
Sep
10
An open letter to a fresh cybersecurity hire

An open letter to a fresh cybersecurity hire

Congratulations on your first cybersecurity job! Whether you are just entering the workforce or pivoting to a new field, here
4 min read
Sep
06
Episode 06 - Retire Many Times with guest Sounil Yu

Episode 06 - Retire Many Times with guest Sounil Yu

Sounil Yu joins the #lifeafterCISO podcast and shares the idea of "retiring many times". Sounil is the renowned author of
1 min read
Aug
23
Episode 05 - Deciding When It's Time to Go with guest Jason Chan

Episode 05 - Deciding When It's Time to Go with guest Jason Chan

An essential part of moving on from a long tech career is just figuring out when the time is right.
1 min read
Aug
22
Vulnerability management is dead. But GRC is hiring...

Vulnerability management is dead. But GRC is hiring...

I used to have a TVM team. Threat & Vulnerability Management. The individuals in there had the word "Vulnerability" in their
2 min read
Aug
19
How much AppSec is too much?

How much AppSec is too much?

I've been using the term "West Coast CISO" a lot lately. While it feels like CISOs used to be either
3 min read