So, information security finally has a seat at the same table as the other executives. That seat is at the metaphorical adult’s table and the invitation has been opened at many organizations now. We, as infosec practitioners, asked for that seat and, in many ways the potential reputational and regulatory…


Long the domain of ex-developers, application security as its own discipline is maturing and beginning to gain interest from traditional information security practitioners and information security leaders. …


As information security professionals, we love the easy answers when easy is available. We should because, well, there is so little that is easy about our career path. …


Application security is finally getting the visibility the discipline deserves. Multiple blog posts and new books are bringing the craft of application security to the infosec masses. That’s a good thing.

What might not be clear to aspiring application security practitioners or to CISOs and other senior cyber security practitioners…


Servant leadership seems to be a growing buzzword in cyber security.

Robert K. Greenleaf coined the words “servant-leader” and “servant leadership” in 1970 with the publication of his classic essay, The Servant as Leader.

Greenleaf wrote: “The servant-leader is servant first… It begins with the natural feeling that one wants…


As cyber practitioners, we are often keen on activity. The problem is that activity doesn’t always move our cyber program if the activity isn’t measurable. This post discusses how non-measurable activities, no matter how cool or fun, are antithetical to the success of a healthy or improving cyber security program…


The internet makes finding examples of sound leadership principles easy. Finding examples of great leadership and world class program development within the cyber security community is a bit harder to find. …


Presenting complex programs such as 24x7 monitoring is often a multi-slide exercise that does little to help executives or the Board to understand your your level of maturity or progress. You can’t just dump a bunch of log data in front of executives and expect them to understand what it…


Is the cyber security team performing their duty, if, without further action, they accept any cyber risk that could potentially put the company at significant risk including potentially a position that may be considered negligent? …


In the bosom of one of those spacious second-tier digitally transformed technology tax zones that dot the coast, you can find the small newly gentrified section of the city in which resides Blue Team Pat.

Blue Team Pat had always been considered an odd lot by friends — never having…

Opinionated Security

Tony Grey * CISO for an insurance company * grew team from 3 to 22 * led large software teams at Microsoft * blogs about cyber leadership & program development

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store