While not being books about cybersecurity — The following books are not just a nice read, they give essential insights about topics that touch core issues of cybersecurity, while not being books about cybersecurity. These books changed my perspective and shaped quite a bit of my ability to analyze and provide cybersecurity solutions in environments where there…

Once upon a time… — THIS IS A CHOOSE-YOUR-OWN-STORY, YOU CAN CHOOSE THE ENDING! Once upon a time there was an information technology student named Ziso. Ziso’s parents sent her to school in the hopes she would become an Product Manager like his grandfather. …

Is there a definition everyone can agree on? — So, the antivirus detects a virus in the computer of the training room as someone mistakenly downloads something during training. Is this a security incident? Some professionals will say yes, some will say no, some will say it depends. Some will say it is an incident if it is a…

In defense of documents — Most people who are in cybersecurity love love love technology. A command line, a PoC, a challenge, some source code to decypher, that is what lights up most eyes. But besides the excitement of the hunt when chasing a cybercriminal, and the many hours of research that can take to…

The most famous equation in mathematics — The Euler identity is well known among math buffs as the best example of mathematical beauty, connecting in a brief equation several fundamental numbers, among them (list from Wikipedia): The number 0, the additive identity. The number 1, the multiplicative identity. The number π (π = 3.1415…), …

You know what I mean? — Reports and Dashboards are very valuable tools for CISOs and cybersecurity managers, but are notoriously difficult to get right. It is easy to fall for the Numbers Buffet Dashboard anti-pattern, for example. Ideally a report should have a graphical representation of metrics that are a reflection of the results of…

If you were ever wrong, how would you know? — When you are competent you can eventually fall into the trap to believe that you are always right. This is why I believe is important to use methods that have self-correcting characteristics, in other words, if you are wrong, and you WILL be wrong, you will find out. Probably one…

…or, ask himself/herself at the very least — “Wise is not the one who knows all the answers but the one who knows what questions to ask” More than an article, this is a conversation starter for the CISO and his/her team: What are your answers for this list of essential question that any information security department must…