Sean D. Mack
CIO/CISO and author (Enterprise Security: A Data‑Centric Approach) who discusses real‑world cybersecurity leadership conversations and enterprise risk focus areas.
Align Governance, Risk, and Compliance for Cohesive Strategy
Governance sets direction. Risk measures exposure. Compliance checks alignment. And yet, frequently, these three are completely misaligned. How do governance, risk, and compliance work together for your organization?
Fractional CISO: Full Accountability, 24/7 Availability
Fractional CISO does not mean fractional accountability. Every client I work with has my cell phone. Security incidents do not respect office hours, and advisory only works if there is shared ownership.
GRC Tools Need Business‑focused Risk, Not Spreadsheet Tickets
There are a lot of new entrants coming into the GRC market right now, which tells you something interesting is happening. But most of what I see still feels like workflow layered on top of spreadsheets. Executives do not need more...
Seeing Bugs in IDE Boosts Fixes From 0% to 70%
“At Facebook, they found that when security vulnerabilities were reported as issues, nearly 0% got fixed. But when these same problems appeared directly in the developer’s IDE, where the red squiggles were difficult to ignore, fix rates jumped to around...
Boards Pivot to Recovery as Breach Assumption Grows
As more companies “assume breach,” I am seeing a shift from prevention to recovery. Boards are starting to ask different questions.
Recovery Plans Must Assume Active Directory Can Fail
If Active Directory is down, can you even log in to start restoring backups? A lot of recovery plans assume core services are intact but that's not always a safe bet.
AI Threats Demand Distinct Policy Beyond Existing Security Frameworks
Thinking a lot about AI security vs traditional security. Do we actually need a separate AI policy, or should this live inside the security and governance structures we already have? To answer this we need to consider how AI and...