Curious about …
Emerging technology, security, risks, philosophy, … STUFF!
And trying to use plain language wherever I can
“Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that’s creativity.” ~ Charles Mingus
The views and opinions expressed on this site and in the blog posts are my own
-
The AI Boardroom Playbook – Approve Thoughtfully, Avoid Disaster
Boards can’t blame the algorithm when AI goes wrong. Courts want human accountability. This guide shows how to govern AI projects without killing innovation—fix accountability, make oversight real, and distinguish between recoverable mistakes and catastrophic failures.
-
Cyber Risk is Business Risk: Why Security Belongs in the Boardroom
Cybersecurity is not a technical issue but a board-level ethical responsibility. Organisations make a promise to protect the data they collect, and failing to do so erodes trust, damages reputation, and creates strategic risk. Strong governance, honest risk decisions, and a security-driven culture are essential for leadership.
-
The Emperor’s New Algorithm
Many vendors exaggerate or fabricate their use of AI, putting buyers at legal and operational risk. From false automation claims to failed “AI” safety systems, the costs are real. Regulators are cracking down, so buyers must demand technical evidence, measurable performance, and contracts that clearly assign liability and exit rights.
-
Stop Telling CISOs to ‘Stop Complaining’
CISOs seem negative because you’ve created an environment that rewards negativity. You measure them on problems found, exclude them from planning, and ignore their proactive work. Change how you measure, engage, and fund security—and the “complaining” disappears. Most CISOs are already enabling business. You just need to notice.
-
The Board’s Cybersecurity Blind Spot
Boards receive detailed cybersecurity presentations but leave meetings uncertain about actual business risk. Technical metrics like vulnerability counts fail to translate into meaningful governance insights. Effective oversight requires boards and management to collaborate, transforming cyber reporting from technical dashboards into business risk conversations that enable informed decision-making.
-
Cyber Risk Appetite – The Strategic Decision Every Board Must Master
Setting a cyber risk appetite is a critical boardroom activity, defining how much risk a business can tolerate. Moving beyond technical metrics, boards must align cybersecurity with strategic goals using frameworks like NIST and MITRE ATT&CK. Clear governance and realistic stress-testing ensure resilience, fostering trust and competitive advantage.
Subscribe
Subscribe to get my latest updates in your inbox.
Curious About 