Three decades of judgment, the CRAM™ methodology, and lessons from 2,000+ leaders we've mentored — written down for whoever needs them. No gate, no pitch.
Featured
Nobody briefs you on the part of security leadership that actually keeps you up — the quiet, constant weight of being the person it all lands on. Here is what thirty years in the seat taught me about carrying it.
Read →For thirty years I watched the business and the security team sit in separate rooms, speaking different languages about the same risk. CRAM™ grew out of a simple conviction: those two rooms were never really far apart.
Read →Most organizations spend a great deal on security and feel no safer for it. The reason is rarely the size of the budget. It is the difference between spending and investing — and almost no one is taught to see it.
Read →It has all the scary stuff in it. But after almost thirty years of being the one called when it hits the fan, I can tell you the beast is never beaten with another purchase. Here is what actually works.
Read →We were taught to fear cyber — to picture shadowy figures behind every screen, and above all not to ask questions. Here is a calmer, practical way to manage it, so you never end up paying for fear and confusion instead of protection.
Read →Most of an attacker's power isn't technical — it's the fear they manufacture before anything happens. I once watched a defender refuse to be frightened, study the people on the other side, and turn their own attack into a lesson. Here is where real protection actually begins.
Read →Tell us where you are and what's keeping you up. No quote engine, no pressure — a real conversation with people who've done this for thirty years.