Not everyone is WEIRD

If you are told that you are WEIRD don’t take it as an offence. It likely means that you belong to about 12% of the global population that is Western, Educated, Industrialised, Rich, and Democratic *. Good as it may sound, it also puts you in the disadvantage when dealing with people from different cultural backgrounds. Problem reliance on studies that were done solely with WEIRD participants is that it skews the results and, worst of all, assumes certain cultural background in the decision makers:

Cyber and the art of conversation

Spurred by Justine Aitel’s talk at SOURCE Boston where she supposedly (not being there is a bit hard to confirm that) said that IT risk and/or security industry need to use the term “cyber” in order to reach the business audience more effectively. "Who hates the word cyber? You're all wrong! ;) It's an opportunity to talk to the outside world." - @justineaitel #srcbos — Joshua Corman (@joshcorman) April 8, 2014 Yes, security has a problem communicating. No, it is not what you think it is.

Musings on risk appetite and complex issues

It could be just me, but every time there’s a need to present a complex topic to the executives or business leadership (topic for another musing, methinks) I get the typical looks of “oh no, he’s going to get all lectury again”. And it’s true, I prefer to present complex topics as complex, even if the style of presentation makes them approachable. There’s no way to dumb down something that’s complex without: also sending the message that sure, they may be leaders of the organisation, people that we entrust to make the right decisions, etc.