Great Minds

Great minds discuss ideas; average minds discuss events; small minds discuss people. Eleanor Roosevelt


Risks vs Resources

You need to evaluate the short-term, medium-term, and long-term risk, and ask, how willing are you to tolerate that risk? Then invest limited security resources to deal with risks you are least likely to tolerate. Betsy Cooper, executive director of the Center for Long-Term Cybersecurity at UC Berkeley (via CSO Online)

Always Write Dumb Code

Always code as if the guy who ends up maintaining, or testing your code will be a violent psychopath who knows where you live. Dave Carhart

Insider Threat

The biggest threat to corporate security is corporate employees – whether malicious or not. Jason Hill, Director of Strategic Services, Cybriant

The Essense of Strategy

The essence of strategy is choosing what not to do. Michael Porter, “What is strategy?” In: Harvard Business Review, November (1996)


Everyone using “secure” as an adjective, as in “secure remote access,” is either selling something, or has just bought something. Andrew Ginter, from SCADA Security: What's Broken and How to Fix It


Compliance with standards means doing what someone else has told us to do, whether it is useful or not. Paul Feldman, from SCADA Security: What's Broken and How to Fix It