Filter By:
Velocity's Edge Podcast S1E9 - Nick Selby on Factionalism
When leadership is struggling with organizational dysfunction that stems from resource constraints, they tend to see teams in conflict: product versus engineering, sales versus operations, etc. They might assume the solution involves coaching, restructuring reporting lines, adjusting compensation models, or hiring more diplomacy-minded managers. But as EPSD’s Nicko Goncharoff and Nick Selby have learned through years of organizational interventions, the biggest threat to mid-stage technology companies isn’t functional disagreement. It’s the personal resentment that calcifies when strategic pivots in the business force zero-sum resource allocation.
Read more
Velocity's Edge Podcast S1E8 - Dr. Pablo Breuer on CISO Leadership
Many organizations hire Chief Information Security Officers (CISOs) expecting them to be security experts who can implement controls and prevent breaches. But as Dr. Pablo Breuer learned through 22 years in Navy cyber operations and leadership roles spanning National Security Agency red teams to Fortune 50 financial firms, the fundamental challenge isn’t technical — it’s that most companies don’t understand what they actually need from a CISO in the first place.
Read more
Nick Selby for Fast Company: Tech debt isn’t an ‘IT issue.’ It’s a business strategy
This article by EPSD’s Managing Partner, Nick Selby, appeared in Fast Company’s “Ask the Experts” section on 21 August 2025. Read the excerpt below, and please click through for the full text.
Read more
Velocity’s Edge Podcast S1E2 - Huw Rogers on Tech Debt
If you’re leading a profitable, cash-flow-positive business, you’ve probably watched technical debt pile up: those accumulated consequences of choosing quick fixes over well-designed, long-term solutions. If you’re not carefully managing it, it can become overwhelming.
Read more
Succession Planning: A Surprisingly Common Business Risk
Fast-growing companies, particularly those in technology and high-stakes industries, often prioritize immediate operational needs over long-term planning. One critical area that frequently gets overlooked is succession planning—a business continuity essential that can create serious vulnerabilities if not properly addressed.
Read more
A CEO's Transparent Incident Response Communication
On May 11, Coinbase suffered a social engineering attack targeting their outsourced customer support department. Their SEC Material Cybersecurity Incident disclosure on May 15 revealed attackers obtained enough personal information to launch sucessful fake customer service attacks against Coinbase customers.
Read more
The True Cost of Cybersecurity Incidents
Regardless of how it happens, when your customers can’t access your service, you can’t take payments, or you can’t pay suppliers, your business stops. Full stop.
Read more
The VW Group Data Breach is a Business Problem, not an IT Failure.
In December 2024, the Chaos Computer Club revealed that VW Group’s software unit Cariad exposed 9.5TB of sensitive data affecting 800,000 VW, Seat, Audi, and Skoda owners. The breach included personal information and location histories that, despite Cariad’s claims otherwise, were easily tied by researchers to individual customers.
Read more
Is Your Incident Readiness Plan Ready?
If your business relies on technology, security incidents are inevitable. That’s why a comprehensive, up-to-date incident readiness plan is essential. But incident response readiness isn’t something you can buy—it’s something you need to build, refine, and integrate into your organization’s culture.
Read more
Five Security Incident Readiness Steps to Take Now.
Security incidents are inevitable if your organization relies on technology, people, and data. The key to minimizing their impact is having an up-to-date, well-practiced incident response plan. Here are five essential steps to ensure your organization is prepared when—not if—a security incident occurs.
Read more
Measuring What Matters: Track Incident Response Performance and Prove ROI
Many organizations invest heavily in incident response (IR) capabilities, yet struggle to measure their effectiveness and return on investment (ROI). Without clear performance metrics, leadership lacks visibility into whether incident handling processes are improving over time or if teams are just repeating the same mistakes.
Read more
From Firefighting to Framework: Turning Incident Handling into a Strategic Advantage
If your business relies on technology, security incidents are inevitable. And all businesses rely on technology. That’s why a comprehensive, up-to-date incident readiness plan is essential. But incident response readiness isn’t something you can buy—it’s something you need to build, refine, and integrate into your organization’s culture.
Read more
Tech Debt in Scale-Ups
When tech companies hit hypergrowth, they face the challenge of evolving their software systems from minimally viable products (MVPs) to enterprise-grade platforms. These transformations extend beyond software development to affect entire organizations.
Read more
Not Semantics: Why It Matters That the CrowdStrike Outage Was a Security Incident
When a faulty update to CrowdStrike’s Falcon endpoint detection and response product rendered Windows systems worldwide inoperable, it created a headline-grabbing IT outage. Airlines, hospitals, emergency services, and businesses were all affected—unable to access critical systems without complex, manual recovery efforts.
Read more
Why Tech Debt Matters – And How to Pay It Off
When developers cut corners to ship products faster, they take on technical debt—a trade-off that can accelerate early growth but create long-term instability. Unlike financial debt, which can be strategic, tech debt compounds over time, leading to fragile systems, costly failures, and expensive remediation efforts.
Read more
How Much Tech Debt is Too Much?
Tech debt is inevitable in innovation. The question isn’t whether your organization has it—but rather how well it’s managed. Proactive leaders strategically take on tech debt when necessary and implement processes to track, assess, and address it before it becomes a bottleneck.
Read more
The Post-Mortem Dilemma: Why Companies Struggle to Learn from Incidents
Security incidents should be a catalyst for improvement, but too often, companies fail to extract meaningful lessons from them. Post-incident reviews are either rushed, incomplete, or focused on blame, leading to missed opportunities for resilience and long-term security improvements.
Read more