7 min read
Crown Jewels Are a Strategy Problem, Not a Security Problem
Most organisations identify their critical assets badly, once, or not at all. Crown jewel analysis is a strategy exercise masquerading as a security exercise — and getting it wrong means every downstream decision is built on sand.
There is an exercise that most security programmes conduct at some point, usually early in a maturity uplift or in the aftermath of a breach that concentrated minds. Someone, typically the CISO or a consulting partner, gathers the relevant stakeholders into a room and asks a...
securitystrategycrown jewelsVRINcompetitive advantageprioritisation
5 min read
The Constraint Moved and Nobody Noticed
The cybersecurity industry solved for detection. The constraint is now comprehension — and most organisations haven't redirected their investment accordingly.
Eliyahu Goldratt had a gift for stating things that sound obvious in retrospect but are, in practice, almost universally ignored. His Theory of Constraints (Goldratt, 1984) rests on a single deceptively simple observation: in any system, there is always one constraint that...
securitytheory of constraintsvulnerability managementcomprehensioninvestment
9 min read
Meaning In the Signal: What Five Talks at [un]Prompted Taught Me About the Future of Cybersecurity
Five uncoordinated presentations at a new AI security conference converged on the same question — and revealed the defining challenge of modern cybersecurity.
[un]Prompted is a brand new AI security practitioners conference, and its inaugural edition, held in San Francisco on the 3rd and 4th of March 2026, announced itself as something rather different from the events that typically populate the cybersecurity calendar. No vendor...
securityAIunpromptedvulnerability managementthreat intelligence