CISO

The security practice registry

Are we merely historians of our own infrastructure?

Jun 6 • Michael Corn

Shared control and cross-functional discomfort

Services not functions

May 19 • Michael Corn

Traceable wisdom

Governance and metrics

May 4 • Michael Corn

To CMMC or not to CMMC

Sometimes, saying "no" is the best leadership

Feb 8 • Michael Corn

The tinnitus of cybersecurity: cyber incident reporting

Be the positive deviant

Jan 22 • Michael Corn

Policy by design

Designate, situate, and empower

Dec 31, 2025 • Michael Corn

Policy by scar tissue

Notes towards a sustainable information security policy

Dec 23, 2025 • Michael Corn

The paradox of anticipatory defeat

Go big or go home: incrementalism vs. spectacle

Dec 3, 2025 • Michael Corn

Making the case for cybersecurity

Cybersecurity as a measure of organizational diligence and quality

Sep 26, 2025 • Michael Corn

So you want to hire a CISO?

Strategist vs. Manager, the essential tension

Aug 8, 2025 • Michael Corn

Open question no. 7: cybersecurity w/in the organization

It's more than 'where to place the CISO'

May 5, 2025 • Michael Corn

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts