Jonathan
Dupré
About
Research
Contact
About
Research
Contact
Blog
Most recent posts
Jun 30 2022
Ask for confidence levels
Jun 23 2022
Spend more time on the out breath
Jun 8 2022
How to manage vendor risk
Jun 7 2022
Avoid shared service accounts
Jun 2 2022
Prevention is not enough
May 19 2022
Principals make the rules
May 18 2022
Backing up passwords
May 17 2022
Grow with repetition
May 16 2022
Bad rules create more problems
May 12 2022
Threat is not vulnerability is not risk
May 11 2022
You have free money in the cloud
May 10 2022
How much to protect a sandwich
May 9 2022
Use business goals to scope your program
May 5 2022
How much should you spend?
May 4 2022
You don't store the key in the vault
May 3 2022
3 metrics cyber insurers appreciate
May 2 2022
Remove some noise
Apr 29 2022
This is what you have to do
Apr 28 2022
How to stay on top of so many security projects
Apr 27 2022
How to get to SOC 2 faster
Apr 26 2022
What you found is not risk
Apr 25 2022
Prioritize these vulnerabilities
Apr 22 2022
Show me you care
Apr 21 2022
4 features to help you close enterprise clients
Apr 20 2022
Rapid third-party risk check
Apr 19 2022
What HIPAA says you should do
Apr 18 2022
Cost of ownership
Apr 15 2022
Hidden assumptions
Apr 14 2022
How to fix t-shirt sizing
Apr 13 2022
Play more often
Apr 12 2022
A lot of small things
Apr 11 2022
Protect your insurance
Apr 9 2022
SCIM
Apr 7 2022
The efforts you've made
Apr 6 2022
7 tips to help you document
Apr 5 2022
No time for that
Apr 4 2022
Security postures
Apr 1 2022
Security awareness roadmap
Mar 31 2022
Everything is lava
Mar 30 2022
The hidden budget in your cloud bill
Mar 29 2022
A reasonable rate
Mar 28 2022
Develop capabilities
Mar 25 2022
Permission as a function of responsibility
Mar 24 2022
Identification
Mar 23 2022
Blank side
Mar 22 2022
Repetitions
Mar 21 2022
Detection with decoys
Mar 18 2022
Fail forward
Mar 17 2022
We want better apps
Mar 16 2022
Not yours, not your problem
Mar 15 2022
Things customers ask for
Mar 14 2022
Unblocking change requests
Mar 11 2022
The price of inaction
Mar 10 2022
Don't let security slow you down
Mar 9 2022
Test your assumptions
Mar 8 2022
A basic cyber risk matrix
Mar 7 2022
You have enough stuff
Mar 4 2022
A primer on HIPAA for startups
Mar 3 2022
Lost time and productivity tax
Mar 2 2022
Information assurance
Mar 1 2022
Hiring for cultural fit
Feb 28 2022
How to red team on a shoestring
Feb 25 2022
Composing faulty assumptions
Feb 24 2022
Recommendations from the Cyber Centre
Feb 23 2022
Common DeFi vulnerabilities from 2021
Feb 22 2022
Get the build automated
Feb 21 2022
The real cost of custom systems
Feb 18 2022
TIL about PCMLTFA
Feb 17 2022
Take one step
Feb 16 2022
See == download
Feb 15 2022
That one integration
Feb 14 2022
Smart contract risk is not your only risk
Feb 11 2022
How this website works
Feb 10 2022
Bringing information systems under management
Feb 9 2022
Frameworks help you avoid getting fancy
Feb 8 2022
Measure things
Feb 7 2022
Separation of duties
Feb 4 2022
Minimizing exploitability
Feb 3 2022
Using both risk control levers
Feb 2 2022
Protect the fun
Feb 1 2022
On counting
Jan 31 2022
Adopting practices instead of rules
Jan 28 2022
You're not ready for a bug bounty program
Jan 27 2022
Notes on using Kanban
Jan 26 2022
Controls when you don't have control
Jan 25 2022
How to adjust the scope of your security program
Jan 24 2022
Getting started with an asset inventory
Jan 18 2022
Advice for entry-level cybersecurity resumes
Jan 17 2022
Simple tricks for document control
Jan 13 2022
8 basic security topics to consider early on
Jan 12 2022
Technical controls projects
Dec 17 2021
Default to safe, private and secure
Dec 15 2021
Should you keep an inventory?
Dec 13 2021
ISO27K in short
Dec 10 2021
How to classify incident severity
Dec 9 2021
7 organizational controls