Sun Tzu’s Five Factors and Cyber Security Strategy I’m a big fan of Sun Tzu and also Wardley mapping, which uses Sun Tzu’s Five Factors. The way swardley summarises it and relates to the OODA loop is absolutely brilliant and how I like to think and navigate the business of defining a security strategy. Wardley mapping […]
Security Strategy and the ‘Why of Purpose’ I’m a big fan of Wardley mapping, which includes a lot of elements which are influenced by Chinese strategic thinking into a framework that is easy to understand for us, Westerners. I’ll be doing some blog posts on how I think Security Strategy can be developed using Wardley mapping […]
Chinese Strategic Thinking and Cyber Security: Remaining Flexible One really important concept for me, is that of avoiding fixed responses or “one-size-fits-all” approaches in most things we do in Cyber Security. A key aspect to that effect is to ensure we appreciate the nature of each of the problems we’re facing and that we apply […]
How Cyber Security can benefit from Chinese Strategic Thinking This is likely to become a series of posts I’ll be doing over the coming months, as there’s no way I could write what I’d like to about this subject in a single blog post. Over the past year or so, I’ve been focusing a significant […]
“Why are many of your cybersecurity maps missing user considerations?” A fair challenge A few days ago, I had the privilege of running a session at MapCamp (an annual event for Wardley mappers where we learn from applications of Wardley mapping in both Government and Industry from some of the greatest minds I’ve had the […]
On Security Strategy: Reviving the case for Deception and Obscurity Lately, I’ve become aware of a book called “Deciphering Sun Tzu” by Derek M C Yuen which I’m avidly going through currently. But even before finishing, I’m learning so much that I couldn’t wait to write about some of the insights I’ve been having from […]
Reasonable Assurance against predictable Threats I’m privileged to have been part of the security “scene” since the late 90s and security industry since early 2000s, when I was still a teenager. Due to this long exposure, and having had multiple types of roles including operations, engineering, penetration testing, marketing and product management, and governance, risk […]