- You Only Get 3 Metrics - Which Ones Would You Pick?
- The Illusion of Choice : A Review
- People and Security Incentives
- Handling Complexity
- Fighting Security Entropy
- Attack Surface Management
- Software Security is More than Vulnerabilities [Force 2 : Code wants to be wrong]
- Force 1: Information wants to be Free
- The 6 Fundamental Forces of Information Security Risk
- Ceremonial Security and Cargo Cults
- Simple Ways to Communicate Successes
- Dangerous Embedded Assumptions
- The Uncanny Valley of Security - Updated
- A New Way to Think : Review
- How to Tell if You Really are an InfoSec Professional