Bigger is Bitter

The bigger the better is a worn old chestnut of an expression that has distinct applicability to certain professional sports, say basketball for example, and clear downsides when applied to adverse events. In the latter example one might more readily turn to the admonition bequeathed to us by E.F. Schumaker—“Small Is Beautiful”, or at least[…]

Cybersecurity Requires a Whole of Organization Approach

I am confident many of you have heard the phrase “whole of government” before.  Just in case you haven’t, in a nutshell, here is what it is: agencies and departments working across portfolios to execute on a shared purpose.  For some time now, I have even called for a “whole of nation” approach, specifically relating[…]

Is This Fini for Fin7? (probably not)

Yesterday the Department of Justice announced that it had arrested three Ukrainian nationals — Dmytro Fedorov, Fedir Hladyr, and Andrii Kopakov. At first blush the announcement falls well short of generating the kind of attention that would stem from announcing the arrest of Al Capone or some other legendary crime figure. However, viewed in terms[…]

Keep it Local: Cybersecurity is Everybody’s Problem

Two recent interactions – one business meeting and one personal conversation – prompted me to write this piece.  Both these experiences, coupled with experiences over the last few years, drove me to these conclusions: People don’t see cybersecurity as a problem they are responsible for; and People just don’t care about cybersecurity. While these conclusions[…]

Security By Design Applies to Organizations Too

If you are an engineer or software developer, there is a good chance that you have heard the phrase “security by design” before (sometimes also referred to as “secure by design”).  If you are unfamiliar with the phrase, it pretty much means what you think it would mean: something has been designed, developed, and manufactured[…]