Posts

Managing Tech Work Risks -- Not Those, These

Image
Phishing scams? Cake! AI-based cyber-attacks? Sure! Quantum apocalypse coming at ya? You got it! Return to the office mandates, 80-hour work weeks, constant threat of layoffs? But of course! Workplace wellbeing?  Workplace wellbeing, come in workforce wellbeing... Your cybersecurity workplace is lacking in workforce wellbeing. The term wellbeing can be defined as follows: "[It] is a measure of how well life is going for someone. In the broadest sense, it covers the balance of all positive and negative aspects of a person's life. More narrowly, it refers only to positive degrees and contrasts with ill-being, which denotes negative ones. In this sense, well-being is what egoists typically seek for themselves and altruists aim to enhance in others, serving as a central goal of many individual and societal endeavors. Researchers discuss different types of well-being by how they are measured, who they belong to, and which domain of life they affect. Subjective well-being refers to...

Tech Leadership Is Not Going To Wait For You To Learn How To Be Effective

Image
We've seen several thought pieces recently on the future of technology leadership. The bad news is that it's evolving probably faster than people can cope with. The good news is that the future of technology leadership is creating opportunities for leaders who deliberately work at being effective. I like how  James Azar  put it: "Modern business isn’t built anymore. It’s integrated." That's right. Your AI models, your platforms, your security systems -- all of it is on an 'as-a-service' model. That creates modularity compatibility challenges. It also creates team utilization challenges and possible threats from over-servicing especially when supply chains are added.  Over at Deloitte Consulting  they think a lot about agentic AI. Here is their key chart: As they put it (quoting at length): What’s clear is that the underlying shifts aren’t happening in isolation. They operate across every layer of the tech stack: computing, coordination across agents and da...

How To Upskill Yourself (Or Your Team) In Cybersecurity

Image
The old joke goes like this: "How do you get to Carnegie Hall?" "Practice, practice, practice." Speaking of, the great pianist Vladimir Horowitz -- who played Tchaikovky's Piano Concerto #1 at Carnegie Hall in April 1943 as a WWII bond fundraiser, a performance that is still a masterpiece -- once said that if he didn't practice for one day, he would know it, and if he didn't practice for two days the whole world would know it. How about you?  Be honest in answering this question: how have you improved yourself as a cybersecurity professional in the past year? To get ahead of things, the wrong answer is along the lines of "I listened to some podcasts" or "I attended an industry event." The challenge in answering this question is that you had to change something. If you do not now do things differently than you did before, you did not develop yourself as a cybersecurity professional no matter what you think. Disclaimer : connecting wit...

Happy Semiquincentennial!

Image
You may have been around for the bicentennial...maybe you'll be here for the tercentennial...but seize the semiquincentennial while you have it! (image credit: After Jasper Johns, Public domain, via Wikimedia Commons)

The Art of Cybersecurity

Image
I love the phrase "more art than science" because I feel that only pure science is "science" in the popular sense of "following clearly defined rules and therefore providing clear, reliable answers." There is a similar issue with logic and mathematics; if you can somehow cram a topic into either one of these containers then whatever ridiculously wrong conclusions you come to are given instant credibility. For example, this old chestnut: All apes are hairy. All men are hairy. Therefor all men are apes. This seems logical, but it isn't logical and it certainly isn't true. So it is with cybersecurity: Cybersecurity is about access to computer technology. Technology is science. Therefore cybersecurity is a science. Cybersecurity is about human beings interacting with computer technology. Human beings are inconsistent and capable of ignoring reason and of using terrible judgement. Therefore cybersecurity is most definitely not purely a science. If you p...

Automation Complication

Image
With so many people spending so much time and money and attention on AI, let's consider what happens if all the hype is justified and AI suddenly can do almost any job. Uh, I mean, can be used to boost almost anyone's productivity. Applying AI to the workplace the choice is enhancement versus replacement. By "enhancement" I mean that employers will ride the productivity gains to provide better service at a better price. By "replacement" I mean that employers will ride the productivity curve to fire people and increase profits by delivering worse service at the same price for higher profit. Which option is best? Which is most likely? What happened the last time this option arose? The answer is "it depends." As is so often the case, the follow-up question is "what is the right question?" I was working in "business process engineering" through the 1980s and 1990s when "computerize" was a verb. It meant "to apply a co...

Litany Of The Hacked: June 2026 Wrap-Up

Image
The litany of the hacked is our listing for each known/reported hack in the previous month. The point of the litany is not shame but awareness-raising that, well, these sorts of things happen. Apparently, hackers went for the lay-up while the NY Knicks wrapped up a WORLD CHAMPIONSHIP to attack MSG. Thanks -- not -- a lot, MSG. And so, the litany of the hacked, which for June 2026 now includes: Madison Square Garden Sports Corp...Station Casinos… Israel Holocaust Support Center…Dashlane…Meta’s AI support bot…Anthropic's Claude platform...MyPillow…Fortinet...California Water Service...NAIC...Sacramento Fire Department...University of Nottingham...Texas Department of Fish and Wildlife...Alamo Heights ISD...Prince George's County (MD)... Other than the MSG hack, the one that catches our attention is the attack on Anthropic. In this attack, Anthropic accused a Chinese commerce company that shall not be named in setting up a flood -- almost 25000 -- of fake accounts to steal informat...