A batch of the best highlights from what Todd's read, .
Find a new, third way that is neither cowardly submission nor violent reprisal.”
The Powers That Be
Walter Wink
What the CISO needs is a “Return on Control” calculation. That is the monetized value of the reduction in expected losses divided by the cost of the control.
How to Measure Anything in Cybersecurity Risk
Douglas W. Hubbard, Richard Seiersen, Daniel E. Geer, and Stuart McClure
Jesus is Lord, which means Caesar (or the modern nation-state) is not.