On Governance
My thoughts here on governance, not just for security, but also other areas; going beyond requirements of 'Management Reviews' to have something that can work for all orgs, regardless of the size
Newsletter
ZeroTrust
ZeroTrust has a lot of different meanings, depending on who's mentioning it. Here I attempt to break down what I think of with words and diagrams.
A very large security team
Start small, and work out what you need first… but to answer the question: "what does a full security team look like to you…"
The Policies
Policies are one of the unavoidable assets that you will need during your infosec journey. This post is about my thoughts on these including where me and ChatGPT disagree 😼
The Estate
Before you can secure something, you need to know what you've got, and how important it is — to the business, to customers, to you. This post is about building an inventory.