Some time ago I got talking to a colleague about “ownership” of risks. Now I don’t like the idea of a risk as a tangible thing that can be counted … Continue reading Owning cyber risk

Some time ago I got talking to a colleague about “ownership” of risks. Now I don’t like the idea of a risk as a tangible thing that can be counted … Continue reading Owning cyber risk
I was once working with a very large organisation helping deliver a new online service. As we were going through the first project phase we were linked up with an … Continue reading Security is for our customers
I discovered the other day about the etymology of the word “decide”. The “de-” comes from the Latin for “off”, and the “-cide” is from the same word that’s found … Continue reading When it’s difficult to decide
I’ve written previously about the importance of talking about reward alongside talk of risk. Risk (in practical conversation) is a discussion of negatives. But we can only consider negatives if … Continue reading Have you considered your reward profile?
It’s an unavoidable reality that bad things happen. I work a lot with software engineering and systems operations teams, and there have been too many times when someone had detected … Continue reading “How can we stop this happening again?”
Last week I spoke to my friend Kevin Gohil, and he introduced me to the phrase “adaptive operating model”. Many people talk about a “target operating model”, which is what … Continue reading Transformation as a game of chess
I’m a big fan of openness and transparency; hiding things creates extra work, and showing others what’s going on in our world can allow them to help us, or at … Continue reading Tweaking the variables of transparency
A while back I wrote about how to conduct a discovery exercise in an incremental manner. This is where we have some idea of what we want to do but … Continue reading Expressing the results of a discovery exercise
Many, many years ago I held the pager for my company. This was long before cloud computing, long before devops, and long before infrastructure as code. Mostly the pager fired … Continue reading Learning by doing… in rehearsal
Most people think of risk management as stopping bad things from happening. But ideally it’s really uncertainty management. That does cover reducing the chances of bad things happening, but it … Continue reading Risk management – helping good things happen