Filter By:
Strategic Deployment of a Fractional CISO
Before hiring their first Chief Information Security Officer (CISO), CEOs and boards should consider a fractional CISO (F-CISO) to build foundational security programs that set the permanent CISO up for success. This strategy addresses a critical disconnect: executives often view security breaches and compliance failures as technical problems, but these business-threatening issues typically stem from cultural and process deficiencies requiring organizational transformation, not just technical expertise.
Read more
How Strategic Tech Investments Cut Our Insurance Costs by a Third
In early 2025, as EPSD spun out into independent operations, we made some bold strategic technology decisions. We made initial up-front IT investments of less than 10% over “good enough” choices, and that increase delivered us a 31% insurance savings. Spending just a bit more on IT significantly raised the complexity and the cost attackers must bear to breach us, and resulted in measurable operational gains and user happiness.
Read more
The Currency of an Engineering Team Is Respect
The currency of an engineering team is respect, and this has nothing to do with position in the organizational hierarchy: instead, it’s about whether the person speaking knows what they are talking about. Do they make our work easier? Are the things they are asking us to do logical and consistent?
Read more
Succession Planning: A Surprisingly Common Business Risk
Fast-growing companies, particularly those in technology and high-stakes industries, often prioritize immediate operational needs over long-term planning. One critical area that frequently gets overlooked is succession planning—a business continuity essential that can create serious vulnerabilities if not properly addressed.
Read more
The VW Group Data Breach is a Business Problem, not an IT Failure.
In December 2024, the Chaos Computer Club revealed that VW Group’s software unit Cariad exposed 9.5TB of sensitive data affecting 800,000 VW, Seat, Audi, and Skoda owners. The breach included personal information and location histories that, despite Cariad’s claims otherwise, were easily tied by researchers to individual customers.
Read more
Why Tech Debt Matters – And How to Pay It Off
When developers cut corners to ship products faster, they take on technical debt—a trade-off that can accelerate early growth but create long-term instability. Unlike financial debt, which can be strategic, tech debt compounds over time, leading to fragile systems, costly failures, and expensive remediation efforts.
Read more
How Much Tech Debt is Too Much?
Tech debt is inevitable in innovation. The question isn’t whether your organization has it—but rather how well it’s managed. Proactive leaders strategically take on tech debt when necessary and implement processes to track, assess, and address it before it becomes a bottleneck.
Read more
The Post-Mortem Dilemma: Why Companies Struggle to Learn from Incidents
Security incidents should be a catalyst for improvement, but too often, companies fail to extract meaningful lessons from them. Post-incident reviews are either rushed, incomplete, or focused on blame, leading to missed opportunities for resilience and long-term security improvements.
Read more