A batch of the best highlights from what Todd's read, .
How cybersecurity assesses risk, and how it determines how much it reduces risk, are the basis for determining where cybersecurity needs to prioritize the use of resources. And if this method is broken—or even just leaves room for significant improvement—then that is the highest-priority problem for cybersecurity to tackle!
How to Measure Anything in Cybersecurity Risk
Douglas W. Hubbard, Richard Seiersen, Daniel E. Geer, and Stuart McClure
When you give yourself credit every time you do something right, though, you can more easily see such slips as momentary mistakes, not earthshaking events, and head off a sense of hopelessness.
The Beck Diet Solution
Judith S. Beck PhD
Do you try to avoid biasing the information you get? …do you describe disagreement without revealing which side you were on, so as to avoid influencing your friend's answer? When you launch a new project at work, do you decide ahead of time what will count as a success and what will count as a failure…?