Understanding Security Architecture Security architecture is not merely about technology choices. It involves creating a holistic strategy that aligns security capabilities with business objectives, risk tolerance, regulatory requirements, and operational realities. Think of it as the blueprint for how all the pieces fit together. Without this blueprint, an organization may invest significant time and money in isolated security efforts that fail to contribute to meaningful r

About 10+ years ago, one of my fellow enterprise architects came to me and said, "Joel, would your opinion on the cloud change if I cloud...

When Heathrow Airport’s check-in systems went dark this week (September 2025) (see, for instance, https://www.capacitymedia.com/article-c...

I spent a good amount of time reading the two versions of the Presidential Executive Order on Cybersecurity 14144 from the Biden...

The image features a bold, red "ASK" sign, emphasizing the importance of inquiry and curiosity in the realm of artificial intelligence....

Another day, another 14 point program inspired by a consulting company with project management to make a large checklist of controls that...

Security is a continuous process of adjustment and improvement as the threat environment changes.  I recently read an article in CPO...

Many times in my decades of Cybersecurity I’ve been in a place where the Cybersecurity Program is in the skids.  The CISO leans over the...

Risk Controls Compliance and Risk Reduction are 2 fundamental concepts in CyberSecurity. You can have the first without a lot of the 2nd,...

It’s spring (officially anyway), and everyone trots out the organizational article, who should the CISO report to?  Besides being fun,...

For the first article of the year I wanted to take a big picture approach.  It’s often been said that the Cybersecurity department...

I often hear this in meetings where we discuss risk.  “Are you comfortable?”  I always feel like answering:  yes, I’m working from home,...

One of the things you regularly get involved in as a CyberSec practitioner (sometimes several times a day) is an implementation of a...

Widely Used Software Company May Be Entry Point for Huge U.S. Hacking (Published 2021) ( https://www.nytimes.com/2021/01/06/us/politics/r...

I’ve been coming across this with many 3rd party outsourced relationships. This is why there is so much risk in 3rd party relationships....

Data from companies, governments, and people are becoming less contained. You can find data from each of these on public, private and...

We have such great tools to solve problems that befuddled us 20 years ago that we sometimes forget the basics. But, the basics, like...

“The Concept of Measurement As far as the propositions of mathematics refer to reality, they are not certain; and as far as they are...

Last week I posted on the accelerating frequency and size of breaches and their effect, or lack thereof, on CyberSecurity employment and...

At the beginning of the month I found this very interesting report “2021 US Cybersecurity Salary & Employment Study”...