With my writing (and podcast appearances) spread over a few different platforms, including this blog, I wanted to put together a post capturing some insights that could prove useful for you. Please share this with anyone you think would benefit.
As we keep moving forward, hopefully the newsletter — including the curated aspects — will find a groove. Meanwhile, this is an attempt at keeping in touch. A way to share news on a more regular basis. An opportunity to outline some areas of research, and offer a heads-up about future writing topics. Maybe it affords us a reason to connect and chat. Consider it an invitation to educate me and have your own experience amplified for others.
Also seeing a welcomed interest in Into the Breach. Did you know it’s available on kindle for only $2.99? As I explore the steps to revamp the marketing, can you help get the word out that executives and others that would benefit from reading this book?
I selected to re-share this image because it reflects on my commitment to change. I’ve spent a few years exploring and embracing the discomfort of my own change. Now I’m ready for that change to manifest itself. I’m ready to serve others on their journey to take friction out of communication. To improve how we create, measure, and effectively communicate value.
Writing for CSO Online (Chief Security Officer)
The articles I pen for CSO are focused on “translating security value” and intended for leaders and influencers. The goal is to present different insights and the structure to draw individual conclusions. I always welcome suggestions, challenges, and other topics of interest to explore in the column.
My contributions to the conversations we need to have (regardless of whether you’re in security or not) include:
- Executives to blame for bad risk decisions? Hardly. The real problem is our failure to communicate: http://blogs.csoonline.com/security-leadership/2987/executives-blame-bad-risk-decisions-hardly-real-problem-our-failure-communicate
- If Target got breached because of third party access, what does that mean for you?: http://blogs.csoonline.com/security-leadership/2984/if-target-got-breached-because-third-party-access-what-does-mean-you
- Does chip-and-PIN actually solve the problem? Find out by asking these questions: http://blogs.csoonline.com/security-leadership/2977/does-chip-and-pin-actually-solve-problem-find-out-asking-these-questions
- By missing the upside of recent data breaches, we lose the opportunity to improve: http://blogs.csoonline.com/security-leadership/2973/missing-upside-recent-data-breaches-we-lose-opportunity-improve
- Where’s the harm? The real conversation we need to have about Target and other breaches: http://blogs.csoonline.com/security-leadership/2943/wheres-harm-real-conversation-we-need-have-about-target-and-other-breaches
- An interesting finding in the Coke data breach and why you need to prevent it from happening to you: http://blogs.csoonline.com/security-leadership/2957/interesting-finding-coke-data-breach-and-why-you-need-prevent-it-happening-you
- Does the status of premium retailers increase the harm they experience from a breach?: http://blogs.csoonline.com/security-leadership/2962/does-status-premium-retailers-increase-harm-they-experience-breach
The latest articles are always at http://blogs.csoonline.com/user/michael-santarcangelo
Articles on Security Catalyst
I’m slowing revamping my writing approach and finding my voice for “catalyst” branded articles. This is the beginning of an exciting backlog.
- Why problems defined in terms of solutions decrease value and increase risk: http://securitycatalyst.com/why-problems-defined-in-terms-of-solutions-decrease-value-and-increase-risk/
- Why friction is the key to your ability to innovate like Apple: http://securitycatalyst.com/why-friction-is-the-key-to-your-ability-to-innovate-like-apple/
- Protecting my children on line just got easier – looking forward to testing out the Skydog family router: http://securitycatalyst.com/protecting-my-children-on-line-just-got-easier-looking-forward-to-testing-out-the-skydog-family-router/ — the first look/impressions coming this week.
I’ve starting writing for others, too. Here’s the first to appear:
- The Real Failure of a Password Breach Is the Inability to Explain Their Value: https://blogs.rsa.com/real-failure-password-breach-inability-explain-value/
I’m starting to make some semi-regular appearances on the Down the Rabbithole podcast hosted by Rafal Los and James Jardine. My two appearances are here:
Interview for The Cyber Jungle about chip+PIN:
- http://datasecurityblog.wordpress.com/2014/02/12/feb-12-2014-episode-328-show-notes/ (starting to feel like I’m one of the only people questioning it’s value)
I have another appearance coming up this week. I’m enjoying the slow transition back to the mic. It’s a chance to let my passion show through and bring some depth to the writing.
Let me know what you think. Would you like me to get back behind the mic for a regular show about communicating value (of security). Thinking short segments. Maybe 1-2 a month?
Have a show? Looking for a guest? Reach out – let’s connect.
Future writing & resource projects
My business focus is on exploring and helping leaders address the friction of communication. In order to successfully take friction out of communication, we need to explore transformation/change, value, measurement, and communication.
Look for more on those topics in the coming weeks and months; it’ll coincide with the change/evolution in my own business.
I’m working on some resources that explain the friction of communication and the pathway to effectively communicate value. I always welcome help and reviewers. Hit me up if interested.
Upcoming the article topics
Here is a preview of some of the topics I plan to explore. Your insights, ideas, and opinions welcomed:
- Authentication: passwords and biometrics (quite a bit here to cover)
- More on chip+PIN: working to understand the actual challenge and the cost of potential benefits – so far, it’s an expensive solution looking for a problem
- Entry-level security jobs: how the friction of communication impedes hiring (and what to do about it). I also sense a larger effort here to really improve the industry. Suggestions?
- Rethinking breaches: the role of prevention, detection, and resilience
- Security awareness: what it means, and the single (only) outcome to expect (and measure)
Possible resource: The Fallacy of Controls
I anticipate this taking some time based on the changes underway and the backlog of writing I’m excited to clear. However, I just got an offer from someone to co-author. Hopefully that speeds the process of a document 3-4 years in the making.