
Getting security ‘right’
We love to talk about doing things right, there is no such things as doing it right. Perfect is the enemy of good and also of modern infrastructure.

The immature security industry
The security industry often tries to do everything instead of putting focus on a singular area where we can make a real difference. This is a sign of an immature industry.

You’re too busy to get your security right
The idea of having a few people who can do a little bit of everything isn’t really working anymore. We’re all too busy to be effective.


Lessons from Hawaii – how prepared should we be?
If something happens you’ve never seen before, how do you know what to do next?

Awareness training has failed us
And if awareness isn’t enough, is it time to look at our problems in a new way?

Hard things are hard, security will never be easy
There isn’t a skills shortage for security because these are skills you can’t teach.

GitHub’s new security scanner
A new service from GitHub is going to change how we build software. Again.

Are you giving useful advice?
If you can’t measure it, it’s not actionable. If it’s not actionable, it’s not useful. And if it’s not useful, is it actually advice?

Suddenly, the CEO cares about cybersecurity
When the business leaders start to ask questions about how the organization’s security looks, it’s time to make sure they grasp what’s going on and what needs to happen, so we can do it right.

Cybersecurity: why is it so hard to get anything right?
When it comes to cybersecurity, why does it feel like everything is on fire all the time?