Posts

• My 2023 Reading List Oct 28
• Shortridge Makes Sense of the 2024 Verizon DBIR May 1
• Secure by Design RFI Response from Shortridge Sensemaking LLC Feb 21
• The Basics of Software Resilience and Security Chaos Engineering Jan 4

• Cybersecurity Isn't Special Dec 13
• Open-Source Software Security RFI Response from Shortridge Sensemaking LLC Nov 2
• When we say "security", what do we mean? Oct 26
• The SUX Rule for Safer Code Oct 10
• "Quantum" Doesn't Solve Anything for Cybersecurity Jul 25
• Leading Cybersecurity with a Control vs. Resilience Strategy Jul 17
• Kelly’s Kommentary on the 2023 Verzion DBIRRRRRRR Jun 6
• Sun Tzu wouldn't like the cybersecurity industry May 3
• Security-by-Design and by-Default: Sustaining Software Resilience Apr 17
• 69 Ways to F*** Up Your Deploy Apr 4
• Attackers have better things to do than corrupt your builds Mar 30
• Cyber Startup Buzzword Bingo: 2023 Edition Mar 13
• When Something Disappears From the Internet Feb 28

• My 2022 Reading List Dec 21
• What "Security" Means in the Information Society (Track VI) Oct 20
• The Evolving Meaning of Security as 'Securitas' in the Early Modern Era (Track V) Oct 20
• The Multifaceted Meaning of "Security" as 'Securitas' in the Roman Era (Track IV) Oct 20
• The Dawn of "Security" as a Noun: Securitas (Track III) Oct 20
• A Platonic Dialogue on Security (Track II) Oct 20
• When We Say "Security," What Do We Mean? (Track I) Oct 20
• Securing the Supply Chain of Nothing Sep 15
• Opportunity Cost of Action Bias in Cybersecurity Incident Response Jul 27
• HarpoCrates Pitchdeck: Remote Administration as a Service May 23
• Infosec Startup Buzzword Bingo: 2022 Edition Feb 2
• The Security Obstructionism (SecObs) Market Jan 12

• My 2021 Reading List Dec 20
• Rick & Morty's Thanksploitation Spectacular Decision Tree Aug 9
• Markets DGAF About Cybersecurity Jul 15
• Deciduous: A Security Decision Tree Generator Jul 12
• 2021 Cybersecurity Predictions, as told by a bot Jun 17
• A Simplified Spectrum of Compute Mar 22
• Creating Security Decision Trees With Graphviz Jan 25

• My 2020 Reading List Dec 22
• IBM + Red Hat: Bamboozles, Foozles, and the Hybrid Cloud Chimera Dec 14
• On YOLOsec and FOMOsec Sep 22
• Cyber Buzzword Bingo: All Editions Aug 5
• Resilience in Security 101 May 18
• Kelly's Hierarchy of Security Product Needs & Vendor Selection v1.0 May 5
• Shall We Play a Coordination Game? Apr 8
• Analyzing the 2020 RSA Innovation Sandbox Finalists Feb 6

• My 2019 Reading List Dec 17
• Ransomware: Towards an Economic Equilibrium Dec 15
• When Prospect Theory Meets Chaos Engineering Aug 12
• Analyzing the Black Hat USA 2019 Business Hall Aug 2
• Darth Jar Jar: a Model for Infosec Innovation May 5
• My Reflections on the 2019 RSA Conference Mar 13
• InfoSec Startup Buzzword Bingo: 2019 Edition Feb 27
• Analyzing the 2019 RSA Innovation Sandbox Finalists Feb 5

• The Cyber Tub: Communicating the Dynamics of Information Security Risk Management Dec 20
• My 2018 Reading List Dec 17
• 2019 Cyber Security Predictions Dec 5
• Analyzing the Black Hat USA 2018 Business Hall Aug 6
• The Red Pill of Resilience in InfoSec Aug 1
• Security as a Product May 18

• 2018 Cyber Security Predictions Dec 21
• My 2017 Reading List Dec 7
• First Principles of Building Security Products Jun 12
• Choice Architecture for InfoSec Blue Teams Feb 8
• Russia used the U.S. Influence Ops Playbook Jan 18

• Revisiting 2016 Security Predictions Dec 30
• My 2016 Reading List Dec 26
• 3 questions on cybersecurity that should be asked in the debates Sep 30
• Behavioral Models of InfoSec: Prospect Theory Aug 1
• WTFunding: Bioinformatics & Genetic Data May 17
• Apple vs. FBI: Privacy & Inequality Mar 17
• WTFunding: Space Data (Satellite Imagery) Jan 4

• WTFunding: Industrial / Manufacturing Analytics Oct 13