Advertisement · 728 × 90

Posts by Phil Venables

Post image

Stop Selling, Start Securing: The Real Role of the Field CISO

Attributes of success are, of course, sheer competence but also a huge amount of customer empathy from having real lived experience of being in a security leadership role before being a Field CISO.

philvenables.com/post/the-rea...

2 weeks ago 0 0 0 0
Cybersecurity’s Need for Speed & Where To Find It As we talked about in the last post, a world going through a massive AI-driven transition means speed becomes vital. This is the speed of adapting to change and the speed of dealing with a world of th...

Cybersecurity’s Need for Speed & Where To Find It

www.philvenables.com/post/cyberse...

1 month ago 2 0 0 0
Post image

Things Are Getting Wild: Re-Tool Everything for Speed

In the end, despite the short term pessimism, I remain wildly optimistic for the future.

www.philvenables.com/post/things-...

2 months ago 0 0 0 0
The CISO's Craft: Watchmaker or Gardener? Some time ago I saw a comment about the distinction between acting like a “watchmaker” or a “gardener” when undertaking organization transformations. I misplaced the original reference so, unfortunate...

CISO: Watchmaker or Gardener?

www.philvenables.com/post/the-cis...

2 months ago 2 0 0 0
Post image

Top Posts of '25

www.philvenables.com/post/2025-ye...

3 months ago 1 0 0 0
Post image

Security Leadership Master Class 7 : Contrarian Takes

- The curse of binary thinking
- Ceremonial security
- Caricatures of security people
- You just might be a ̶r̶e̶d̶n̶e̶.....security professional

www.philvenables.com/post/securit...

3 months ago 2 0 0 0
Post image

Security Leadership Master Class 6 : When Disaster Strikes

- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..

www.philvenables.com/post/securit...

4 months ago 1 1 0 0
Post image

Taking your established security program to the next level.

Preventative maintenance, risk quantification, navigating the uncanny valley, continuous assurance, architectural choices to reduce whole classes of risk and more.

www.philvenables.com/post/securit...

5 months ago 1 0 0 0
Post image

Security Leadership Master Class - Part 1: Leveling up your leadership

philvenables.com/post/securit...

6 months ago 4 0 0 0
Everyone Has A Plan Until They Get Punched In The Face Apparently what Mike Tyson actually said in a 1987 interview was, "Everybody has plans until they get hit for the first time". In any case this is still a variant of the common theme of “No plan survi...

Everyone Has A Plan Until They Get Punched In The Face.

Resilience is about capabilities not just plans.

www.philvenables.com/post/everyon...

7 months ago 3 1 0 0
Advertisement
Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a "multi-trillion dollar problem." I’ve never seen any comprehensiv...

Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype

A new NASEM report reveals the truth about #cybercrime stats: our data is fragmented, inconsistent, & underreported. We can't fight what we can't accurately measure.

www.philvenables.com/post/decodin...

8 months ago 1 0 0 0
Post image

The Don't Fire Me Chart

A lot of premature CISO turnover is caused by the security program uncovering previously unknown risks and issues. So, paradoxically, the best CISOs make the situation *seem* worse before it then *actually* gets better.

www.philvenables.com/post/career-...

9 months ago 3 1 0 0
Post image

Cyber Insights Needed & Delivered

My analysis of the recent Cyentia Institute report. Things are getting worse in absolute terms but it’s not clear (my take) they are getting worse relative to what the situation might be.

www.philvenables.com/post/cyber-i...

9 months ago 1 1 0 0
Post image Post image

Segmentation Technologies / Zero Trust

Thinking about doctrine vs. structure is a useful mental model to validate a technology’s adequacy for a particular task. In short, to know whether we are jamming a square peg into a round hole.

www.philvenables.com/post/segment...

10 months ago 2 0 0 0
CISO / Cybersecurity Leader Job Description There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too detailed to capture the actual essence of the role. I developed t...

A different taken on the CISO / Cybersecurity Leader Job Description.

www.philvenables.com/post/ciso---...

10 months ago 3 1 1 0
Post image

Starting a Security Program from Scratch (or re-starting).

www.philvenables.com/post/startin...

11 months ago 3 0 0 0
Post image

Security Leaders’ Reading List

Not many security books. Security leader challenges are mostly, well, leadership along with a healthy dose of program mgmt, culture, attention to detail, risk mgmt and more.

www.philvenables.com/post/leaders...

1 year ago 7 1 0 1
Advertisement

Turning the Security Flywheel

This post explores the "flywheel" concept and its application to security, demonstrating how to create self-reinforcing cycles that improve effectiveness.

www.philvenables.com/post/turning...

1 year ago 5 3 0 1
Post Quantum Cryptography Migration: Time to Get Going Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the numbers of qubits but also their quality. We are well on our way t...

Cryptanalytically Relevant Quantum Computers (CRQCs) are coming. Perhaps sooner than we think, but we can conservatively (and usefully) assume in the 2032 - 2040 time frame. Beware the snake-oil of non-standard solutions.

www.philvenables.com/post/post-qu...

1 year ago 2 1 0 1
Post image

Keys to Career Success

www.philvenables.com/post/keys-to...

1 year ago 1 1 0 1
Top Ideas and Posts from 2024 I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog of topics is running low, then something always manages to com...

Top Ideas and Posts from 2024

In closing the year let’s take a look at the top 10 posts of 2024 in order of most read.

www.philvenables.com/post/top-ide...

1 year ago 0 0 0 0
Post image

Want to know more about cyber-physical resilience & why leading indicators like software reproducibility & cold-restart time are more effective than just focusing on lagging indicators?

Then take a listen to the 2024 season finale of the cloud security podcast.

cloud.withgoogle.com/cloudsecurit...

1 year ago 3 1 0 1
Preview
Cloud CISO Perspectives: From gen AI to threat intelligence: 2024 in review | Google Cloud Blog To close out the year, our CISO Phil Venables shares the top Google Cloud security updates in 2024. There’s a lot of AI, of course, and a few surprises.

Cloud CISO Perspectives for end of Dec ’24 is up covering:

- Year end review from AI to Threats
- Forecast for 2025
- AI ISO certifications
- NIS2 compliance
- Threat intel. program development
- Detection as code
- and much more….

cloud.google.com/blog/product...

1 year ago 1 1 0 1
Post image

Remember, as security professionals we are defending the free flow of ideas and capital that are essential for human progress. Defending lives and livelihoods. That's the mission. Happy Holidays.

sketchplanations.com/the-three-br...

1 year ago 1 0 0 0
Preview
The Maintenance Paradox Maintenance never makes sense in the short term, yet it is indispensable in the long term.

The Maintenance Paradox.

luca-dellanna.com/posts/mainte...

1 year ago 1 0 0 0
Advertisement
Post image

Leadership: One Day at a Time, One Step at a Time.

www.philvenables.com/post/leaders...

1 year ago 0 0 0 0
Preview
Google Cloud first CSP to join BRC, MFG-ISAC, and affiliates to advance security | Google Cloud Blog Google Cloud is proud to be the first cloud service provider to partner with the GRF Business Resilience Council and its affiliates. Here’s why.

Proud to see @googlecloud as the first cloud service provider to partner with the @GRFederation and its affiliates to help further strengthen the manufacturing industry's cyber resilience.

Read more on what this means here:

cloud.google.com/blog/product...

1 year ago 1 0 0 0
Preview
Cloud CISO Perspectives: Our 2025 Cybersecurity Forecast report | Google Cloud Blog Google Cloud security experts don their forecasting hats to gauge what’s coming in 2025, in our newest CISO newsletter.

Cloud CISO Perspectives for early Dec '24 is up covering:

- Forecasting 2025: Notes from the Field
- Open source security patch validation
- C2 in browser isolation environments
- Every CTO should be a CTSO
- and more......

cloud.google.com/blog/product...

1 year ago 1 0 0 0
Preview
Oops! 5 serious gen AI security mistakes to avoid | Google Cloud Blog Pitfalls are inevitable as gen AI becomes more widespread. In highlighting the most common of these mistakes, we hope to help you avoid them.

Oops! 5 serious gen AI security mistakes to avoid

cloud.google.com/transform/oo...

1 year ago 1 0 0 0
Preview
The “Eureka!” Moment We asked 20 scientists and thought leaders to recall when they realized AI had the potential to change the world.

How has the development and adoption of AI changed over the last year? Dive into the current landscape in this issue of the Dialogues magazine, from @Google and @atlanticrethink for insightful perspectives on the transformative power of AI.

Read here: www.theatlantic.com/sponsored/go...

1 year ago 0 0 0 0