π‹πšπ€π¬π‘ π‘πšπ π‘πšπ―πšπ§ Profile picture
Systems Thinker | Citizen of the world | Security Leader @LinkedIn | Tweets on security, leadership, science, tech & life | Opinions expressed here are my own.
21 Oct
1/6 A thread 🧡on the intersection of #Cybernetics #SystemsThinking #Leadership and #CyberSecurity:

For context, first read this blog by @harish_josev: harishsnotebook.wordpress.com/2021/10/03/tow…

It is AMAZINGLY well-articulated and a MUST read for security practitioners & leaders in general!
2/6 Quote: "... we should stop setting targets and instead, provide a direction to move towards."

Wait, don't manage by goals?

Is a goal-less company/org possible? Yes πŸ™‚
E.g. @basecamp led by @jasonfried
3/6 If you focus on the goals, you'll compromise your means. E.g.: Today's education #system makes kids focus on grades, not on learning .

Basically what is being advocated for is "Management by Means":
Read 7 tweets
7 Apr
1/8 Now that the poll has closed, I'd like to disclose that I'm with the minority (No) on this one. Rationale summarized in this thread πŸ‘‡

#pci #training #appsec #swsec

cc: @shehackspurple @bilcorry @robertauger @cigitalgem
2/8 Note: My position is mostly for large enterprises - especially the ones that operate in different sectors/countries (jurisdictions) & thus are subject to multiple compliance mandates & regulations. But, one can philosophically embrace this approach for other enterprises too.
3/8 First up, if you are subject to various compliance regulations and standards, it is best to make sure that your internal security standards account for them all so that you can present a unified set of security requirements to product/engineering. No need to mention "PCI".
Read 8 tweets