"Who asked for this?" One of the most fundamental questions in design and development or any product or process stays open. It was true for the Ford Edsel and it's true for your team's activities. Yes, the number one question your executive leadership asks is whether we're 'safe.' Yes, AI is changing the rules. (Well, some of them.) Yes, you can do "more" with AI than you could do in the past. Who asked for this? One of the key functions of leadership is to identify customer needs and then align work processes to meet or exceed those needs, typically by organizing teams to accomplish more than in the past. A significant challenge in an AI-oriented environment, especially when AI-leveraging gangs are attacking constantly, is to create more products as a way to satisfy the AI itch while anticipating novel demands.  The problem is, as Rich Mironov recently put it , you're creating "DOA products." According to Rich, implementation of AI...

A classic is something that everybody wants to have read and nobody wants to read--Mark Twain With apologies to Mark Twain, cybersecurity is something everybody wants to have and nobody wants to have to do. Over and above the sad truth that security is inconvenient  is the sadder truth that cybersecurity touches the entire organization so many of us are required to interact with cybersecurity without really knowing what it is or why it demands what it demands. Thus most of us either have to trust our cybersecurity team to have made the right trade-offs between convenience (productivity) and security, or we have to find a way to join the conversation without wasting anyone's time. (The second option is the one we at Pythia Cyber recommend, but it is difficult which is why our cybersecurity consulting practice is half behavioral science and half classic cybersecurity.) As with so many other aspects of life in the rapidly-changing, technology-driven 21st century, finding the balance ...

We take a moment to note the death of Eric Cole, PhD. We found his writing about cybersecurity to be enlightening, inciteful, and thoughtful. RIP. (image credit: LinkedIn post)

Sayings that seem to be true: In life, the only things you can count on are death and taxes The only constant is change In the valley of the blind, the one-eyed man is king [modify re: gender & ruler terms as appropriate] Here's a new one: You get to engineer the shape of your career. We write a lot about shaping your career . The emphasis is on you , as a cybersecurity professional, creating a career path for yourself appreciating that frequently there is more of a bush than a path .  Our approach grows from applied behavioral science because that community has a focus on career identification, management, and development.  The fact that your career path is a nonlinear journey rather than a process with clearly defined stages and edges can be disconcerting. Yet it is so. Phil Venables is out with a new post at his blog on managing your career. Phil is an engineer, not an organizational scientist or practitioner. We will thus say that he is writing about engineeri...

Spring is over, back to the grind. The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen. And so, the litany of the hacked for May 2026: San Diego Community College…Canvas (technically, Instructure; Canvas is the product)…WhatsApp accounts of some US military personnel…Medtronic…Cushman & Wakefield…Trellix…MediaWorks…supply chains for NVIDIA…Foxconn…West Pharmaceutical…GitHub…7-Eleven…Charter Communications...Lithuanian government offices...Hartford HealthCare...various Microsoft products (via routers)... Attacks via vendors continue to be problematic -- for you & your company. The law and & insurance  worlds are starting to notice. Here's how Cynthia Kaiser puts it: "Ask your security and tech teams this week: 'If our top three vendors were hit with ransomware tomorrow, what data of ours would be at risk? Do our contracts r...

Predicting the future is hard. As the great philosopher and baseball player, Yogi Berra, once put it: "It's tough to make predictions, especially about the future." A new hire is a prediction of the future. Over at Employment Group, a recent post of theirs put it this way in terms of predicting how would be successful as a new hire: "At its core, hiring is a signal detection challenge. You’re trying to answer one question: Who is most likely to succeed in this role, in this environment? But most hiring processes rely on weak proxies: Resumes as indicators of performance  Interviews as indicators of fit  Experience as a substitute for capability  Without stronger signal, speed becomes dangerous—and slowness becomes inefficient. Neither solves the problem." It seems that it should be easier to find your new best hire. The answer to this problem is that it this is a problem on your end. Bottom line, you're the one who's making it difficult . But you also b...