Cybersecurity: Real Protection vs. Security Theater

What a Security Leader Actually Does

This entry is part 3 of 14 in the series Technology

TL;DR I was never a CISO by title. My networking partner and I were both directors, and since our boss was not security savvy, the two of us functioned as

Most Security Tools Are Theater

This entry is part 4 of 14 in the series Technology

TL;DR Most security tools are theater. I sat through endless vendor pitches for products with huge dashboards full of blinking widgets that looked impressive and did almost nothing. Security is

The Human Layer Is Where Security Actually Breaks

This entry is part 5 of 14 in the series Technology

TL;DR The human layer is the biggest security weakness, and the one people are least ready for, because they do not expect other people to be malicious. They do not

Security Policies and Procedures such as NIST 800-53 and PCI DSS

How to Document Security Policies and Procedures: A Strategic Approach Beyond Compliance Checklists

Passing an audit and being secure are not the same thing. Here’s how to document security policies that reflect how your organization actually operates.

home computer security for writers and leaders

Home Computer Security: A Complete Guide from 33 Years in Enterprise IT

Passwords, backups, network security, phishing defense, and threat protection. A guide from a former Director of Computer Operations who managed cybersecurity.

Security Policy Regulatory Documents: How to Identify, Organize, and Interpret the Standards That Apply to Your Business

An outdated version of a regulatory standard is one of the most common compliance mistakes. Here’s how to find, organize, and interpret what applies to you.

The Boring Security Work That Actually Keeps You Safe

This entry is part 6 of 14 in the series Technology

TL;DR Security is mostly boring work nobody wants to do. Patching, access reviews, and backups. I ran enterprise security for two decades, and the one time everything went wrong, it

What Actually Gets Attacked First in a Cyberattack

This entry is part 7 of 14 in the series Technology

TL;DR Attackers do not usually come through your firewall. If they do, you were sloppy, because firewalls and pen testing are the easy part. The real ways in are social

Good Security Policy Names Names

This entry is part 2 of 14 in the series Technology

TL;DR I wrote the security policies and procedures for a company against NIST CSF and NIST 800-53, and these days I ghostwrite books for the security leaders who live this

What Eight PCI Audits Taught Me About Real Security vs. Checkbox Security

This entry is part 1 of 14 in the series Technology

TL;DR I led cybersecurity at a major national retailer for twenty years. Once PCI DSS applied, we passed every audit we faced. Now I ghostwrite books for the security leaders

Tag: Cybersecurity

What a Security Leader Actually Does

How to Document Security Policies and Procedures: A Strategic Approach Beyond Compliance Checklists

Home Computer Security: A Complete Guide from 33 Years in Enterprise IT

Security Policy Regulatory Documents: How to Identify, Organize, and Interpret the Standards That Apply to Your Business

The Boring Security Work That Actually Keeps You Safe

Good Security Policy Names Names

What Eight PCI Audits Taught Me About Real Security vs. Checkbox Security

Ready to write your own book?

Books & Reviews

Services

Resources

Get In Touch

Or follow Richard's work