All Posts

If you pay attention to the headlines, the tech and cybersecurity industries are facing a massive talent shortage. Yet, if you talk to students at university career fairs, you hear a completely different story: an impenetrable wall of rejection, silent employers, and a seemingly nonexistent entry-level job market. So, what is actually going on? The truth is, we are facing an "entry-level paradox." As an industry, we created a structural bottleneck that is locking out new grad

A recent CSOonline article by Evan Schuman brought a sobering statistic to light: 69% of CISOs are open to leaving their roles , with many looking to exit the publicly traded enterprise space entirely. According to the IANS Research and Artico Search survey cited in the piece, security leaders are exhausted by "role design failure,” carrying outsized responsibility without the budget or authority to match. The CSOonline piece correctly identifies the panic, but if you ask vet

No Employee Left Behind will Fail We are standing at the edge of a technological precipice that makes the shift from on-premise to cloud look like a minor upgrade. The era of "Chatbot AI", where we ask a bot to write an email or summarize a PDF, is ending. We are entering the era of Agentic AI : digital employees that don't just talk, but act . Consider a simple, high-value use case: Invoicing. In the old world, a human reviews an invoice against a contract. In the Generativ

From the Boardroom to the Battleground. No professional sports team takes the field without practice. They don’t just read the playbook; they run the drills until the movement is instinctual. They build muscle memory . Yet, in cybersecurity, we often expect our organizations to perform perfectly during a crisis with nothing more than a paper plan and a once-a-year generic drill. I’ve run tabletop exercises (TTX) across various organizations, from technical deep dives to board

It started with a question in the boardroom, one of those questions that stops the room cold. A board member looked at me and asked, "How are adversaries using 'genetic' AI against us, and what are we doing to combat it?" He meant Agentic AI , but the slip of the tongue was almost poetic. "Genetic" implies evolution, something built into the DNA of the threat. And he was right. The threat landscape has evolved. We are no longer fighting static scripts; we are fighting autonom

How to Shift the Board Conversation from "Target Scores" to Strategic Resilience Early in my tenure at a previous organization, I found myself in a familiar cycle. We had just finished an annual risk assessment. Naturally, the Board asked the question that every Director is conditioned to ask: "Okay, we are at a 2.5 today. What is the target score for next year? Should we be a 3.5? A 4.0?" They were treating cybersecurity maturity like a sales forecast, pick a number, hit the

How we moved the Board from asking "Are we safe?" to understanding "How we are managed." At a previous organization, I walked into a boardroom that was on edge. We were just emerging from the pandemic, which meant our reliance on VPNs and remote infrastructure was at an all-time high. Simultaneously, the headlines were dominated by the "boogeymen" of the industry: the Equifax breach was still fresh, the chaos of Log4j was unfolding, and a constant stream of VPN zero-days was

The Day the Infrastructure Turned: A CISO's Post-Mortem of the Cuba Siege In the world of cyber resilience, there is a distinct difference between a "security event" and a "material crisis." As a CISO, you live with the quiet knowledge that it isn't a matter of if, but when. My first major encounter with a material ransomware event was against the Cuba ransomware variant  (linked to the Russian-aligned Tropical Scorpius group). It was an incident that didn't just test our tec

In late 2022, during the Global Resilience Federation (GRF) Summit , a group of us from the Consumer Packaged Goods CPG)  sector formed a working group to confront a shared reality. While our peers in Finance or Tech were managing digital assets, we were managing a physical-digital hybrid: a sprawling ecosystem where a cyber incident at a tier-one logistics provider or a "mom-and-pop" tomato farmer could equally halt our operations. By 2022, 85% of businesses  viewed Third-Pa