RANT WARNING Someone I know watched a million-dollar deal die last week. Not because the terms were bad. Not because the other side walked. Not because the market shifted or the numbers didn’t work. It died because one person in the room couldn’t shut up. A board member — someone with zero context on the negotiation, no seat at the table where the real work…
I’ve said this for years, and it usually gets one of two reactions: a slow nod of understanding or a look of pure, offended confusion. Most people think love and liking are the same thing, just at different volumes. They think “liking” is the base level and “loving” is what happens when you turn the dial all the way to the right. They’re wrong. In…
You’ve heard it in every boardroom, read it in every “State of the Industry” report, and seen it plastered across LinkedIn by people who haven’t managed a real incident in a decade. “It’s industry best practice.” It sounds safe. It sounds authoritative. It sounds like a shortcut to security. In reality, it’s usually just a fancy way of saying: “We’re doing exactly what everyone else…
In 2022, I sat in a meeting where three companies were pitching vCISO services to a consortium of 26 organizations. The question was simple: “Tell us how your vCISO services work.” The first company — a consulting firm from the east coast — answered: “Well, we sell you a block of hours, and as you need services performed, we deduct from your hours.” The second…
I ask almost every CISO (Chief Information Security Officer, for the non-security folks) I meet the same question. “Tell me what you do — but explain it like you’re talking to some random stranger walking down the street. Not to me.” Then I wait. More often than not, within 30 seconds, I stop them. “You’ve already lost me.” The look I get is hard to…
It was 2:00 in the morning. I had an information security assessment report due in a matter of hours. FRSecure was young — just a handful of employees — and I was routinely working 90-plus hour weeks. Not because I was lazy with my time. Because there was that much work to do. I wasn’t procrastinating. I just hadn’t had time to finish. Sitting there,…
We’ve got it backwards. The cybersecurity industry spends billions on tools, certifications, frameworks, and compliance programs. Companies hire armies of analysts. Vendors peddle the next “AI-powered” solution that’s going to save us all. And still — still — the breaches keep coming. The scams keep working. The ransomware keeps paying out. Why? Because we’ve been focused on the wrong things. We’ve made cybersecurity so complicated,…
How to Disagree Like an Adult — Part 5 (Final) This post is part of the How to Disagree Like an Adult series. If you missed earlier posts, start there. Not every conversation deserves your energy. That might sound like giving up. It’s not. It’s one of the most underrated skills in disagreement — and the one most people never develop. We’ve spent four posts…
The Skills Nobody Taught Us How to Disagree Like an Adult — Part 4 This post is part of the How to Disagree Like an Adult series. If you haven’t read the earlier posts, start there. This one builds on them. So far, I’ve written a lot about what’s broken. Why debate has collapsed. Why identity hijacks thinking. Why insults replace arguments. Now it’s time…
In my previous post, I made the claim that as long as Americans keep buying drugs, someone will keep supplying them. Mexico has not always been the primary supplier of drugs to American consumers. The supply has shifted repeatedly over time, tracking enforcement pressure, geopolitics, and—most importantly—where demand could be profitably met. This is one of the strongest pieces of evidence that the drug war…