Curious about …
Emerging technology, security, risks, philosophy, … STUFF!
And trying to use plain language wherever I can
“Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that’s creativity.” ~ Charles Mingus
The views and opinions expressed on this site and in the blog posts are my own
-
Cyber Risk is Business Risk: Why Security Belongs in the Boardroom
Cybersecurity is not a technical issue but a board-level ethical responsibility. Organisations make a promise to protect the data they collect, and failing to do so erodes trust, damages reputation, and creates strategic risk. Strong governance, honest risk decisions, and a security-driven culture are essential for leadership.
-
The Emperor’s New Algorithm
Many vendors exaggerate or fabricate their use of AI, putting buyers at legal and operational risk. From false automation claims to failed “AI” safety systems, the costs are real. Regulators are cracking down, so buyers must demand technical evidence, measurable performance, and contracts that clearly assign liability and exit rights.
-
Stop Telling CISOs to ‘Stop Complaining’
CISOs seem negative because you’ve created an environment that rewards negativity. You measure them on problems found, exclude them from planning, and ignore their proactive work. Change how you measure, engage, and fund security—and the “complaining” disappears. Most CISOs are already enabling business. You just need to notice.
-
The Board’s Cybersecurity Blind Spot
Boards receive detailed cybersecurity presentations but leave meetings uncertain about actual business risk. Technical metrics like vulnerability counts fail to translate into meaningful governance insights. Effective oversight requires boards and management to collaborate, transforming cyber reporting from technical dashboards into business risk conversations that enable informed decision-making.
-
Cyber Risk Appetite – The Strategic Decision Every Board Must Master
Setting a cyber risk appetite is a critical boardroom activity, defining how much risk a business can tolerate. Moving beyond technical metrics, boards must align cybersecurity with strategic goals using frameworks like NIST and MITRE ATT&CK. Clear governance and realistic stress-testing ensure resilience, fostering trust and competitive advantage.
-
AI’s Causal Illusion: A Hidden Threat to Business Decisions
LLMs simulate causal reasoning by recalling patterns from their training data, not by understanding cause and effect. This leads to a significant business risk: AI recommendations may seem confident but are often flawed, particularly in novel situations.
Subscribe
Subscribe to get my latest updates in your inbox.
Curious About 