A Universal Lemma For Compliance

2500 words, 12 minutes. Here I describe a lemma1 or helping theorem for technical compliance of IT with a focus on Information Security. It’s an approach for all compliance regimes whether regulatory or corporate. It doesn’t date, nor is it predicated on a technology or platform. It isn’t a trick. It doesn’t provide cover for inadequate security or incompetent staff. If you’re looking to evade compliance, disguise incompetence, or shirk accountability then you’re in the wrong article. »

NSA PRISM's Commercial Cousin

2200 words, 11 minutes. “In 1882 I was in Vienna, where I met an American whom I had known in the States. He said: ‘Hang your chemistry and electricity! If you want to make a pile of money, invent something that will enable these Europeans to cut each others’ throats with greater facility.’” - Hiram Maxim. Selling arms during an arms race is such an interesting topic it warrants its own post. »

Avoiding The Infosec Extinction Part 2.

1600 words, 8 minutes. Turning Up The Magnification This is the second of a short series of posts about the Cyber Security market. This market is interesting now because I believe it’s at a juncture where we can choose one of two possible futures. We being the product builders, investors, and customers. In the previous post I presented you with a choice. A choice between a beautiful fantasy, and practical reality. »

Don't help the CSO out. Build him up!

950 words, 4 1⁄2 minutes. One of the reasons why organisations ultimately fail at Cyber Security, is because the office of the CSO lacks power. In this post I’ll explain why that is and what we can do about it. Why The CSO Lacks Power The Cyber Security industry constantly strives to produce better products and services. Engineers work tirelessly to improve deployment practices. There are dozens of courses and certifications designed to improve skills. »

Avoiding The Infosec Extinction Part 1.

800 words, 3 1⁄2 minutes. Making Your 1st Decision This is the first of a short series of posts about the Cyber Security market. This market is interesting now because I believe it’s at a juncture where we can choose one of two possible futures. We being the product builders, investors, and customers. The choice being whether to align ourselves with reality or fantasy. Plenty of markets perpetuate a degree of fantasy. »