Rethinking Security

Daniel Wood, one of the sharpest thinkers I know in the field of security, and a great friend, recently wrote an article in his blog about Security Brutalism. He does a far better job than I ever could at summarizing what Security Brutalism is, the reasoning behind it, and how to think about it in order to put it into practice.

"Security Brutalism presents a provocative approach to cybersecurity, emphasizing a return to fundamentals and a focus on resilience over compliance. This forward thinking and possibly controversial approach (to some), can help CISO’s and organizations focus on what matters most..."— Daniel Wood

He also wrote an article called Ruthless Prioritization, that frames a similar need with different words: Cutting security investments while protecting what matters most.

"Security investments should align with real, measurable risk. That means cutting through the noise and hype, and asking hard questions about where your program is today, what your organization can realistically support, and where you’ll get the most return of investment on your resourcing and effort."— Daniel Wood

Worth reading every word of both articles.