This McKinsey & Company report on cyberrisk maturity models is clickbait-y, tone-deaf, judgemental, and even a little elitist. And it looks like they know it. The irony is delicious.

Quantifying Risks is Better Than Maturity

They start off their position saying that the maturity approach “has had its day” and that organizations should move to a “risk-based” approach. What they mean, though, is a “risk-quantified” approach, but:

1. They choose a broad term that connotates that a maturity approach is not risk-based, and;
2. They assume that everyone has the kind of data necessary to quantify risks.

So, they start off by contriving that “they know better” and…

I’ve been very interested in behavioural science since I was a Department Head of a college. It’s never enough to just know what to teach; that part is surprisingly easy. It more about getting what you want into the learner’s head, and that part is surprisingly difficult to accomplish consistently over a diverse population.

The same challenge is experienced by management and felt even more keenly by the cybersecurity department when they want employees to adopt a secure or compliant way of operating. How do you address failure or non-compliance?

This challenge comes up quite often when I’m drafting information…

Cybersecurity Leaders reside in an exceptionally important role to ensure that an organisation, and the digital economy as a whole, can survive and thrive as it pursues new opportunities and creates never-before-seen value in the world. They facilitate innovation and growth on one hand and people’s rights and safety on the other.

That’s what differentiates a Cybersecurity Leader from a Technician: it is the bigger view, that we are all called and positioned to make decisions and take actions that are so much bigger than ourselves, or systems, or our organisations.

Five Core Beliefs

As a Cybersecurity Leader, I have five core beliefs…