Hello —

I'm Jonathan. I help technology executives protect profits and maximize investments through security by design.

Subscribe below to get actionable insights on security strategy.

    Most recent posts

    Jun 30 2022   Ask for confidence levels
    Jun 23 2022   Spend more time on the out breath
    Jun 8 2022   How to manage vendor risk
    Jun 7 2022   Avoid shared service accounts
    Jun 2 2022   Prevention is not enough
    May 19 2022   Principals make the rules
    May 18 2022   Backing up passwords
    May 17 2022   Grow with repetition
    May 16 2022   Bad rules create more problems
    May 12 2022   Threat is not vulnerability is not risk
    May 11 2022   You have free money in the cloud
    May 10 2022   How much to protect a sandwich
    May 9 2022   Use business goals to scope your program
    May 5 2022   How much should you spend?
    May 4 2022   You don't store the key in the vault
    May 3 2022   3 metrics cyber insurers appreciate
    May 2 2022   Remove some noise
    Apr 29 2022   This is what you have to do
    Apr 28 2022   How to stay on top of so many security projects
    Apr 27 2022   How to get to SOC 2 faster
    Apr 26 2022   What you found is not risk
    Apr 25 2022   Prioritize these vulnerabilities
    Apr 22 2022   Show me you care
    Apr 21 2022   4 features to help you close enterprise clients
    Apr 20 2022   Rapid third-party risk check
    Apr 19 2022   What HIPAA says you should do
    Apr 18 2022   Cost of ownership
    Apr 15 2022   Hidden assumptions
    Apr 14 2022   How to fix t-shirt sizing
    Apr 13 2022   Play more often
    Apr 12 2022   A lot of small things
    Apr 11 2022   Protect your insurance
    Apr 9 2022   SCIM
    Apr 7 2022   The efforts you've made
    Apr 6 2022   7 tips to help you document
    Apr 5 2022   No time for that
    Apr 4 2022   Security postures
    Apr 1 2022   Security awareness roadmap
    Mar 31 2022   Everything is lava
    Mar 30 2022   The hidden budget in your cloud bill
    Mar 29 2022   A reasonable rate
    Mar 28 2022   Develop capabilities
    Mar 25 2022   Permission as a function of responsibility
    Mar 24 2022   Identification
    Mar 23 2022   Blank side
    Mar 22 2022   Repetitions
    Mar 21 2022   Detection with decoys
    Mar 18 2022   Fail forward
    Mar 17 2022   We want better apps
    Mar 16 2022   Not yours, not your problem
    Mar 15 2022   Things customers ask for
    Mar 14 2022   Unblocking change requests
    Mar 11 2022   The price of inaction
    Mar 10 2022   Don't let security slow you down
    Mar 9 2022   Test your assumptions
    Mar 8 2022   A basic cyber risk matrix
    Mar 7 2022   You have enough stuff
    Mar 4 2022   A primer on HIPAA for startups
    Mar 3 2022   Lost time and productivity tax
    Mar 2 2022   Information assurance
    Mar 1 2022   Hiring for cultural fit
    Feb 28 2022   How to red team on a shoestring
    Feb 25 2022   Composing faulty assumptions
    Feb 24 2022   Recommendations from the Cyber Centre
    Feb 23 2022   Common DeFi vulnerabilities from 2021
    Feb 22 2022   Get the build automated
    Feb 21 2022   The real cost of custom systems
    Feb 18 2022   TIL about PCMLTFA
    Feb 17 2022   Take one step
    Feb 16 2022   See == download
    Feb 15 2022   That one integration
    Feb 14 2022   Smart contract risk is not your only risk
    Feb 11 2022   How this website works
    Feb 10 2022   Bringing information systems under management
    Feb 9 2022   Frameworks help you avoid getting fancy
    Feb 8 2022   Measure things
    Feb 7 2022   Separation of duties
    Feb 4 2022   Minimizing exploitability
    Feb 3 2022   Using both risk control levers
    Feb 2 2022   Protect the fun
    Feb 1 2022   On counting
    Jan 31 2022   Adopting practices instead of rules
    Jan 28 2022   You're not ready for a bug bounty program
    Jan 27 2022   Notes on using Kanban
    Jan 26 2022   Controls when you don't have control
    Jan 25 2022   How to adjust the scope of your security program
    Jan 24 2022   Getting started with an asset inventory
    Jan 18 2022   Advice for entry-level cybersecurity resumes
    Jan 17 2022   Simple tricks for document control
    Jan 13 2022   8 basic security topics to consider early on
    Jan 12 2022   Technical controls projects
    Dec 17 2021   Default to safe, private and secure
    Dec 15 2021   Should you keep an inventory?
    Dec 13 2021   ISO27K in short
    Dec 10 2021   How to classify incident severity
    Dec 9 2021   7 organizational controls