Pinned
Attackers have bosses and budgets too.
Phil Venables
9,673 posts
Phil Venables
@philvenables
All about cyber, resilience, risk, AI - at scale.
Partner - Ballistic Ventures / 4 x CISO / Board Director / Chief Risk Officer
- Yes, it's true. Today is my last day at GS and after a long rest period of.......a weekend.......I'm super excited to get started as CISO for Google Cloud on Monday.
- Simple Rules of (InfoSec) Career Success. A thread. Over the years I made note of what behaviors I’ve seen from successful people. By success, I mean getting results, increase span of influence and are highly regarded as coaches for improving the lives of their teams. 1/11
- Threat Intelligence. A Thread. Threat intelligence seems, at least to me, to get maligned too much. For many years I’ve found it an immensely useful element of an enterprise security and risk program. So, some perspectives on this. 1/11
- I'm amazed cybersecurity doesn't draw more lessons from safety engineering. As I read up more on this there's huge learning opportunities. Yes, not totally applicable due to adversarial nature of cyber but many useful cross over design principles. This book is a great primer.
- Some news...... Over 4 years ago I became Google Cloud’s first CISO and brought many teams together into a unified security, compliance, privacy and risk team focused on securing the cloud, securing our customers and securing the planet. However, it’s now time for me to
- Technology. A thread. In the late 1980’s I was a developer using virtualized systems and containers, software defined networks, thin-client end points that could graphically render serialized content in a standard mark-up language.
- Apparently an Ancient Persian decision making technique was to debate a group decision twice. Once when sober and once when drunk. Only if the decision was the same in both circumstances would it proceed. I suspect I won’t be able to introduce this approach at work.
- A big part of the CISOs role is: Escalation-as-a-Service.
- It is incredible it has been 20 years since 9/11/2001. I used to work next to the World Trade Center and my wife and I lived 2 blocks away in Battery Park. This was the view from our apartment after the first plane hit. 1/13
- After several days of 2 person building, the 10,001 piece Lego Titanic is done and it’s epic.
- Cybersecurity and the Curse of Binary Thinking. - Certifications - Compliance - Security through obscurity - Security ratings - End user shaming - Information sharing - Cloud is someone else's computers - Sophisticated attacks - and more..........
- Vulnerability Management. A thread. I don’t see much written on vulnerability management in more holistic terms vs. patch/bug fixing. This might be ok given a lot of vuln. mgmt. should be contextualized into enterprise risk/control. But still worth a short thread....... 1/13
- The Art of Influencing. A thread. A critical measure of success for most security roles is the ability to influence. I’ve often found people think influence skills are innate - you have them or you don't. But, as with most “soft skills”, they can be learnt. Here are some: 1/16
