Insights/Strategy

Security Strategy

Security strategy and program design. Moving beyond compliance toward operational resilience.

29 articles

AllAIIntelligenceCloudThreat BriefAdvisoryGuideSMBStrategyWhitepaperForensics
The Three Conversations Every CFO Needs About Cyber
StrategySMB

The Three Conversations Every CFO Needs About Cyber

CFOs are increasingly accountable for cybersecurity outcomes, SEC disclosure, insurance underwriting, M&A diligence, without being trained in the field. Three conversations bridge the gap.

Why Your Vulnerability Scanner Lies (and What to Do)
GuideStrategy

Why Your Vulnerability Scanner Lies (and What to Do)

A typical enterprise vulnerability scan reports 40,000 findings. The number of those findings that actually reduce risk if remediated this quarter is closer to 200.

The Case for Privileged Access Management
StrategyGuide

The Case for Privileged Access Management

PAM tools are expensive and operationally heavy. They are also, by a wide margin, the control with the highest evidence base for reducing the impact of an intrusion.

Tabletop Exercises That Don't Waste Anyone's Time
GuideStrategySMB

Tabletop Exercises That Don't Waste Anyone's Time

A bad tabletop is a two-hour status meeting in costume. A good tabletop is the cheapest insurance you can buy.

PCI DSS 4.0: What Changed and What to Do
AdvisoryGuideStrategy

PCI DSS 4.0: What Changed and What to Do

PCI DSS 4.0 became mandatory in early 2024 with a long tail of "future-dated" requirements landing March 31, 2025. If you are still operating to 3.2.1, the gap is wider than it looks.

AI-Generated Phishing: New Defenses for an Old Problem
AIThreat BriefStrategy

AI-Generated Phishing: New Defenses for an Old Problem

The grammar mistakes are gone. The bizarre formatting is gone. The "Dear Sir/Madam" salutations are gone. Generative AI removed the surface-level tells that defenders trained users to look for.