Posts - Page 2 of 5 - benhanson.uk

Home Posts Page 2

January 9, 2026

Vertically Capable, Horizontally Dysfunctional: The Myths of Cyber Resilience

80% of what you will read about “cyber resilience” on LinkedIn today is nonsense. It will not make…

November 20, 2025

Rule of Two: New Subject, Same Old Mistakes

You may have seen Meta’s “Rule of Two” floating around, as a mental model for agentic security. Don’t…

September 17, 2025

Who thinks their own job is BS?

What should you do if you think your own job is BS?

March 17, 2025

What we think “good” looks like in SecOps is actually part of the problem

Shrinking the gap between events and impacts is the wrong strategy.

February 10, 2025

Growth that Builds, Growth that Breaks

You've probably heard it said that "healthy things grow". That's not true. Cancer also grows. What we can say for sure is that alive (or dynamic) things grow; whether that growth is beneficial or destructive is a different question.

February 3, 2025

How Focusing on Strategy Perpetuates the Problem

Strategy is easy. Execution is where the wheels come off.

December 2, 2024

Cybersecurity is a System

China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.

September 4, 2024

You Can Be Profound, or You Can Be Effective—Pick One

The pressure to be profound is such a stumbling block in our industry. It emphasises the sophisticated over…

August 3, 2024

Here’s What You Should Do Today About All These Outages: Nothing

Smart leaders don't react, they respond. Now is not the time to wax poetic about the world we left behind, or follow the reactionists backwards towards a demonstrably worse risk position.

August 2, 2024

From the Recorded Future Podcast: A Conversation with CISO Jason Steer About Identity Security

From my conversation with Recorded Future, two short, essential videos about identity security: how we got here, why it matters, and why it's so hard to do well.

June 28, 2024

What England’s Underwhelming Team of Football All-Stars Can Teach Us About Cybersecurity

If you want to understand the platform vs best-of-breed debate, look no further than England's football team.

June 3, 2024

Microsoft CVEs, MITRE ATT&CK, and what Secure by Design Cannot Fix

Did you know that 70% of Microsoft CVEs between 2006-2018 were memory safety bugs? How hardware Secure by Design can help...and how it can't.

May 1, 2024

The Identity Lesson You Must Learn From Midnight Blizzard

Endpoint security is not the fulcrum around which you should be building. You'll miss a lot if you do.

May 1, 2024

Vulnerability Management: Reactionary Security FUD At Its Worst

There's no such thing as a critical vulnerability, generically. There's only a critical vulnerability that can be exploited in your environment, specifically.

April 10, 2024

The Missing Key To Understanding How the Midnight Blizzard Attack Worked

How does compromising an app in one tenant get you into another tenant? There is a key piece of info that will help you to understand.

March 4, 2024

“Materiality” Relies on Risk Quantification—Which Is Why Many Businesses Struggle to Understand It

The ambiguity of "materiality" is an invitation to risk management maturity.

March 3, 2024

Understanding the Evolution of “Tier 0” in Modern Access Control Models

Does "Tier 0" still matter? Yes and no. Yes, as a principle; No, as an access control model. Here's what to do instead.