Why aren’t we learning from (security) incidents – views from resilience and complexity

It’s been way too long since I last blogged, and this particular post has been on my mind for weeks now so decided today was the day to get it out. I’m privileged to be part of a community of Safety and Resilience Engineering experts from whom I learn a lot, and as some of […]

Learning from Safety – Concepts (1)

If you follow me on Twitter, you’ll have seen that I’ve recently been doing a lot of reading on Safety and how the practices have been evolving in the past 30 years. There are 3 authors in particular that I’m finding fascinating, Erik Hollnagel, Sidney Dekker and Nancy Leveson. This post will mostly rely on […]

Anthro-Complexity and Cyber Security

Anthro-Complexity and Cyber Security I’ve been meaning to write about Anthro-complexity and Cynefin framework and making a quick introduction to what it is, how it works and it isn’t. For that, I’ll position Anthro-complexity first and in future blog posts discuss Cynefin as opposed to focusing on the visualisation that most people come into contact with. […]

Security for the 2020s: Addressing the Management Problem

Security for the 2020s: Addressing the Management Problem “There is too much spending on the wrong things. Security strategies have been driven and sold on fear and compliance issues with spending on perceived rather than genuine threats” Art Coviello, RSA Chief Exec (2017) “No one ever got fired for spending their budgets according to Gartner’s […]

Chinese Strategic Thinking and Cyber Security: Remaining Flexible

Chinese Strategic Thinking and Cyber Security: Remaining Flexible One really important concept for me, is that of avoiding fixed responses or “one-size-fits-all” approaches in most things we do in Cyber Security. A key aspect to that effect is to ensure we appreciate the nature of each of the problems we’re facing and that we apply […]