Posts - Page 4 of 5 - benhanson.uk

Home Posts Page 4

January 9, 2026

Vertically Capable, Horizontally Dysfunctional: The Myths of Cyber Resilience

80% of what you will read about “cyber resilience” on LinkedIn today is nonsense. It will not make…

November 20, 2025

Rule of Two: New Subject, Same Old Mistakes

You may have seen Meta’s “Rule of Two” floating around, as a mental model for agentic security. Don’t…

September 17, 2025

Who thinks their own job is BS?

What should you do if you think your own job is BS?

March 17, 2025

What we think “good” looks like in SecOps is actually part of the problem

Shrinking the gap between events and impacts is the wrong strategy.

February 10, 2025

Growth that Builds, Growth that Breaks

You've probably heard it said that "healthy things grow". That's not true. Cancer also grows. What we can say for sure is that alive (or dynamic) things grow; whether that growth is beneficial or destructive is a different question.

February 3, 2025

How Focusing on Strategy Perpetuates the Problem

Strategy is easy. Execution is where the wheels come off.

December 2, 2024

Cybersecurity is a System

China found out the hard way that no one escapes the interdependencies of complex systems. We make the same mistakes in cybersecurity today.

March 15, 2023

What Moves the Cyber Resilience Needle the Most? It’s Probably Not What You Think

It's simple, but it's not easy: if you change the tech but not the culture, none of the gains you realize in the short term will be sustainable in the long term.

February 14, 2023

When To Say No To A Good Opportunity

Sometimes an opportunity looks and feels right, but it isn't. Here's how you can tell the difference.

February 2, 2023

Azure Has A Kerberos Problem, But It’s Not The One You Think

Blaming Azure for Kerberos exploits isn't a hot take—it's nonsense. Focus on the real root causes instead (which are different than you might think).

January 11, 2023

Integrating Threat Modeling with DevOps

Because DevOps has effectively joined the Operational and Dev domains, it introduces security dependencies which neither domain had to consider before.

January 10, 2023

Who’s Threat Modeling the Threat Modelers?

When an org's security personnel carry out threat modeling exercises, they tend to make unconscious assumptions about the efficacy of their own security controls. This is dangerous.

October 24, 2022

The Objective of Securing Privileged Access? To Protect the Business from the Admins

The most common privileged security gaps that attackers exploit come from sacrificing effective privileged admin security on the altar of operational convenience.

September 20, 2022

Healthy Work/Life Balance: 4 Critical Questions to Ask Yourself—And Your Employer

4 questions to help you assess where you are, and what to do about it.

July 22, 2022

How (not) to Waste Your Time Chasing Vulnerabilities

There is a very good chance that your vulnerability management efforts are not actually reducing your risk. The data tells us why.

June 29, 2022

Honest Self-Reflection for Security Leaders, Post-Breach: 3 Important Questions to Ask Yourself

There's never just one reason why a breach occurs, but leaders have a unique responsibility because they own budget, strategy, and prioritisation. Here are 3 questions to consider carefully.

January 12, 2022

3 Reasons Security Folks Roll Their Eyes When They Hear “Zero Trust”

The principles still matter, more than almost everything else in security...even if we're tired of hearing about it.