// POSTS TAGGED "ciso"
Ciso.
All posts tagged ciso.
← back to all posts
Why Your Incident Response Plan Will Fail (And What to Build Instead)
Most IR plans fail not because they're poorly written, but because plans don't survive contact with reality. Here's how to build response capability instead of just documentation.
NIST Just Stopped Doing Part of Your Job. Now What?
NIST is no longer enriching every CVE in the National Vulnerability Database. If CVSS scores were the backbone of your vulnerability management program, you have a problem that predates this announcement.
The Engineered Forest: Why the Best Security Programs Are Invisible
What a carefully managed New Hampshire forest taught me about building security programs that enable rather than block. The best security, like the best ecosystems, looks effortless but is intentionally designed.
When Everything Is Critical, Nothing Is Critical
Your vulnerability scanner flagged 10,000 issues. Your SIEM has 500 critical alerts. Every project is top priority. So what do you actually fix first?
Intentions, Not Resolutions: On Choosing Presence Over Urgency
On knowing the always-on CISO life isn't sustainable, doing it anyway, and what fractional work is teaching me about presence.
Security Theater vs. Security: How to Tell the Difference
That shiny new security tool looks impressive in the demo. But will it actually reduce risk? Here's how to tell security theater from real security before you waste the budget.