Phil Venables's Avatar

Phil Venables

@philvenables

301
Followers 0
Following 52
Posts 22.11.2023
Joined
Posts Following

Latest posts by Phil Venables @philvenables

Post image

Things Are Getting Wild: Re-Tool Everything for Speed

In the end, despite the short term pessimism, I remain wildly optimistic for the future.

www.philvenables.com/post/things-...

21.02.2026 16:22 👍 0 🔁 0 💬 0 📌 0
The CISO's Craft: Watchmaker or Gardener? Some time ago I saw a comment about the distinction between acting like a “watchmaker” or a “gardener” when undertaking organization transformations. I misplaced the original reference so, unfortunate...

CISO: Watchmaker or Gardener?

www.philvenables.com/post/the-cis...

24.01.2026 16:45 👍 2 🔁 0 💬 0 📌 0
Post image

Top Posts of '25

www.philvenables.com/post/2025-ye...

10.01.2026 14:52 👍 1 🔁 0 💬 0 📌 0
Post image

Security Leadership Master Class 7 : Contrarian Takes

- The curse of binary thinking
- Ceremonial security
- Caricatures of security people
- You just might be a ̶r̶e̶d̶n̶e̶.....security professional

www.philvenables.com/post/securit...

27.12.2025 15:20 👍 2 🔁 0 💬 0 📌 0
Post image

Security Leadership Master Class 6 : When Disaster Strikes

- Capabilities beat just plans
- Engineering resilience
- Building crisis management muscle memory
- Learning from events
- Shrines of failure
- and more…..

www.philvenables.com/post/securit...

13.12.2025 16:25 👍 1 🔁 1 💬 0 📌 0
Post image

Taking your established security program to the next level.

Preventative maintenance, risk quantification, navigating the uncanny valley, continuous assurance, architectural choices to reduce whole classes of risk and more.

www.philvenables.com/post/securit...

15.11.2025 15:12 👍 1 🔁 0 💬 0 📌 0
Post image

Security Leadership Master Class - Part 1: Leveling up your leadership

philvenables.com/post/securit...

04.10.2025 14:56 👍 4 🔁 0 💬 0 📌 0
Everyone Has A Plan Until They Get Punched In The Face Apparently what Mike Tyson actually said in a 1987 interview was, "Everybody has plans until they get hit for the first time". In any case this is still a variant of the common theme of “No plan survi...

Everyone Has A Plan Until They Get Punched In The Face.

Resilience is about capabilities not just plans.

www.philvenables.com/post/everyon...

23.08.2025 15:17 👍 3 🔁 1 💬 0 📌 0
Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a "multi-trillion dollar problem." I’ve never seen any comprehensiv...

Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype

A new NASEM report reveals the truth about #cybercrime stats: our data is fragmented, inconsistent, & underreported. We can't fight what we can't accurately measure.

www.philvenables.com/post/decodin...

26.07.2025 14:57 👍 1 🔁 0 💬 0 📌 0
Post image

The Don't Fire Me Chart

A lot of premature CISO turnover is caused by the security program uncovering previously unknown risks and issues. So, paradoxically, the best CISOs make the situation *seem* worse before it then *actually* gets better.

www.philvenables.com/post/career-...

12.07.2025 14:42 👍 3 🔁 1 💬 0 📌 0
Post image

Cyber Insights Needed & Delivered

My analysis of the recent Cyentia Institute report. Things are getting worse in absolute terms but it’s not clear (my take) they are getting worse relative to what the situation might be.

www.philvenables.com/post/cyber-i...

28.06.2025 13:59 👍 1 🔁 1 💬 0 📌 0
Post image Post image

Segmentation Technologies / Zero Trust

Thinking about doctrine vs. structure is a useful mental model to validate a technology’s adequacy for a particular task. In short, to know whether we are jamming a square peg into a round hole.

www.philvenables.com/post/segment...

14.06.2025 15:44 👍 2 🔁 0 💬 0 📌 0
CISO / Cybersecurity Leader Job Description There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too detailed to capture the actual essence of the role. I developed t...

A different taken on the CISO / Cybersecurity Leader Job Description.

www.philvenables.com/post/ciso---...

31.05.2025 14:44 👍 3 🔁 1 💬 1 📌 0
Post image

Starting a Security Program from Scratch (or re-starting).

www.philvenables.com/post/startin...

17.05.2025 17:05 👍 3 🔁 0 💬 0 📌 0
Post image

Security Leaders’ Reading List

Not many security books. Security leader challenges are mostly, well, leadership along with a healthy dose of program mgmt, culture, attention to detail, risk mgmt and more.

www.philvenables.com/post/leaders...

22.03.2025 17:35 👍 7 🔁 1 💬 0 📌 1

Turning the Security Flywheel

This post explores the "flywheel" concept and its application to security, demonstrating how to create self-reinforcing cycles that improve effectiveness.

www.philvenables.com/post/turning...

08.03.2025 15:44 👍 5 🔁 3 💬 0 📌 1
Post Quantum Cryptography Migration: Time to Get Going Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the numbers of qubits but also their quality. We are well on our way t...

Cryptanalytically Relevant Quantum Computers (CRQCs) are coming. Perhaps sooner than we think, but we can conservatively (and usefully) assume in the 2032 - 2040 time frame. Beware the snake-oil of non-standard solutions.

www.philvenables.com/post/post-qu...

22.02.2025 16:28 👍 2 🔁 1 💬 0 📌 1
Post image

Keys to Career Success

www.philvenables.com/post/keys-to...

11.01.2025 16:19 👍 1 🔁 1 💬 0 📌 1
Top Ideas and Posts from 2024 I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog of topics is running low, then something always manages to com...

Top Ideas and Posts from 2024

In closing the year let’s take a look at the top 10 posts of 2024 in order of most read.

www.philvenables.com/post/top-ide...

28.12.2024 15:03 👍 0 🔁 0 💬 0 📌 0
Post image

Want to know more about cyber-physical resilience & why leading indicators like software reproducibility & cold-restart time are more effective than just focusing on lagging indicators?

Then take a listen to the 2024 season finale of the cloud security podcast.

cloud.withgoogle.com/cloudsecurit...

24.12.2024 14:46 👍 3 🔁 1 💬 0 📌 1
Preview
Cloud CISO Perspectives: From gen AI to threat intelligence: 2024 in review | Google Cloud Blog To close out the year, our CISO Phil Venables shares the top Google Cloud security updates in 2024. There’s a lot of AI, of course, and a few surprises.

Cloud CISO Perspectives for end of Dec ’24 is up covering:

- Year end review from AI to Threats
- Forecast for 2025
- AI ISO certifications
- NIS2 compliance
- Threat intel. program development
- Detection as code
- and much more….

cloud.google.com/blog/product...

23.12.2024 18:06 👍 1 🔁 1 💬 0 📌 1
Post image

Remember, as security professionals we are defending the free flow of ideas and capital that are essential for human progress. Defending lives and livelihoods. That's the mission. Happy Holidays.

sketchplanations.com/the-three-br...

22.12.2024 15:17 👍 1 🔁 0 💬 0 📌 0
Preview
The Maintenance Paradox Maintenance never makes sense in the short term, yet it is indispensable in the long term.

The Maintenance Paradox.

luca-dellanna.com/posts/mainte...

14.12.2024 15:50 👍 1 🔁 0 💬 0 📌 0
Post image

Leadership: One Day at a Time, One Step at a Time.

www.philvenables.com/post/leaders...

14.12.2024 15:36 👍 0 🔁 0 💬 0 📌 0
Preview
Google Cloud first CSP to join BRC, MFG-ISAC, and affiliates to advance security | Google Cloud Blog Google Cloud is proud to be the first cloud service provider to partner with the GRF Business Resilience Council and its affiliates. Here’s why.

Proud to see @googlecloud as the first cloud service provider to partner with the @GRFederation and its affiliates to help further strengthen the manufacturing industry's cyber resilience.

Read more on what this means here:

cloud.google.com/blog/product...

12.12.2024 17:30 👍 1 🔁 0 💬 0 📌 0
Preview
Cloud CISO Perspectives: Our 2025 Cybersecurity Forecast report | Google Cloud Blog Google Cloud security experts don their forecasting hats to gauge what’s coming in 2025, in our newest CISO newsletter.

Cloud CISO Perspectives for early Dec '24 is up covering:

- Forecasting 2025: Notes from the Field
- Open source security patch validation
- C2 in browser isolation environments
- Every CTO should be a CTSO
- and more......

cloud.google.com/blog/product...

10.12.2024 18:12 👍 1 🔁 0 💬 0 📌 0
Preview
Oops! 5 serious gen AI security mistakes to avoid | Google Cloud Blog Pitfalls are inevitable as gen AI becomes more widespread. In highlighting the most common of these mistakes, we hope to help you avoid them.

Oops! 5 serious gen AI security mistakes to avoid

cloud.google.com/transform/oo...

06.12.2024 00:25 👍 1 🔁 0 💬 0 📌 0
Preview
The “Eureka!” Moment We asked 20 scientists and thought leaders to recall when they realized AI had the potential to change the world.

How has the development and adoption of AI changed over the last year? Dive into the current landscape in this issue of the Dialogues magazine, from @Google and @atlanticrethink for insightful perspectives on the transformative power of AI.

Read here: www.theatlantic.com/sponsored/go...

02.12.2024 16:43 👍 0 🔁 0 💬 0 📌 0
Preview
Regulatory Harmonization - Let’s Get Real Every few months some association or other learned group of professionals makes a fresh call to action for cybersecurity regulatory harmonization. The logic being that cybersecurity professionals are spending more time showing adherence to compliance obligations or dealing with the toil due to differences in regulation than they are actually mitigating risk.I do have some sympathy with this sentiment but I would push back on this being as big a problem as people generally assert. However, as we

Regulatory Harmonization - Let’s Get Real

Most cyber controls are relatively aligned. Calls for action on harmonization are really induced by obligations from other technology risk domains or broader. Focusing on reducing compliance toil is the right approach.

www.philvenables.com/post/regulat...

30.11.2024 14:39 👍 1 🔁 0 💬 0 📌 0
Preview
Presentations — Benedict Evans Every year, I produce a big presentation exploring macro and strategic trends in the tech industry. For 2024, ‘AI, and everything else’.

It's here. Benedict Evan's annual presentation. Predictably it's all about AI. Well worth a read.

www.ben-evans.com/presentations

27.11.2024 00:00 👍 1 🔁 0 💬 0 📌 0