A batch of the best highlights from what Todd's read, .
Treat curiosity and wonder as a guide to the future.
Wtf?
Tim O'Reilly
How cybersecurity assesses risk, and how it determines how much it reduces risk, are the basis for determining where cybersecurity needs to prioritize the use of resources. And if this method is broken—or even just leaves room for significant improvement—then that is the highest-priority problem for cybersecurity to tackle!
How to Measure Anything in Cybersecurity Risk
Douglas W. Hubbard, Richard Seiersen, Daniel E. Geer, and Stuart McClure
The best way to defuse the “everyone must be bound by the same policy” line of argument is to remind your boss, yourself, and any other concerned party that you’re all on the same team. You’re all in the game to find the best way to work: the most productive and happiness-inducing setup wins.