I speak at events, conventions, and seminars; see below for a list of common topics. Each can be adapted to fill a slot between thirty and sixty minutes long. Custom topics and setups are available upon request.

See something you like? Book engagements here.

For Consumers

The Only Way to Stop Identity Theft

There are a lot of scare tactics and snake oil in the identity-protection world. We separate what works from what doesn’t. Sneak peek: effective protection is surprisingly easy.

Also available as a ninety-minute workshop; participants will apply the protections for themselves and get easy-to-follow procedures for maintaining them.

How to Stop Internet Crime and Save Time

Passwords are annoying, and it feels impossible to follow all the advice. Password Managers are here to save your day. Used correctly, they are one of the best ways to stop internet crime. We explain how.

Equally appropriate for leaders of businesses 5–50.

Also available as a workshop; participants set up a recommended password manager on their devices and learn to use it correctly.

For Leaders of Businesses 5–50

Protect Yourself from Internet Crime by Outsourcing IT and Finance

Delegating IT and Finance to dedicated vendors can help you grow your business and improve your resistance to internet crime.

What American Title Companies Learned the Hard Way

Paying for real estate in the USA is an attractive target for internet criminals. A single title company may process millions of dollars in transactions every day, each with new people unfamiliar with the process and no recourse if a criminal steps in to divert a payment. The Title industry solved this challenge. We look at the top approaches they developed and how they can work for other businesses.

Demystifying the Cloud

Skeptics describe the cloud as “someone else’s computer,” implying it is no better than doing it yourself. Yet many companies are saving millions in IT and efficiency costs by moving to cloud-native designs. Other cloud migration projects have failed, overbudget and with nothing to show. Why? In this talk, we describe the true benefits of the cloud and the hallmarks of a strategy that will succeed.

Also available as a workshop; participants generate an action plan toward a cloud-first strategy.

How to Think About Cybersecurity Insurance

People have mixed feelings about insurance: policies are consistently expensive and have lengthy eligibility requirements. Yet in an age of rising internet crime, it would be foolhardy to skip one. This talk explains which businesses benefit most from insurance, how the right plan fits into an overall crime-prevention plan, and even how, counterintuitively, a policy can increase your risk of attack.

The Best Way to Protect Sensitive Client Information

Safeguarding client secrets is critical to maintaining your trusted reputation. But clients can be inconsistent, misinformed, or even sloppy about protecting secrets they send. How can you efficiently serve them while ensuring they are protected? This talk describes how.

For Leaders of Businesses 100–500

How to Delight Customers with Good Security

Many businesses incur significant cost and extend sales cycles from customer security oversight such as questionnaires, audits, and contract negotiations. Leaders see these as distractions or battles. In this talk, we discuss strategies to streamline and accelerate these activities. Done right, your security responses can even be a differentiating value proposition than can help you win bids.

Also available as a workshop; participant generate a personalized plan for their business.

How to Hire and Manage a Cybersecurity Team

Many senior leaders find security mystifying; they do not understand the work those teams do and what a successful team looks like. As a result, many security teams are misaligned to the rest of their organization and spend resources for no benefit. This talk describes how to help your security teams be most effective.

Also available as a ninety-minute workshop; each participant will generate an action plan to deliver on their needs for a security team.

Why Most Lean Six Sigma Initiatives Fail

Since the 1980s, the business world has been awash in Lean Six Sigma efforts. Often billed as the path for transformations to unlock double- or triple-digit growth, they usually fail to deliver and are cut at the next reorg. Yet every decade since has seen highly successful organizations that swear by its principles. This talk explains the underlying value proposition of Lean Six Sigma, why most companies fail at it, and how to unlock the value it promises.

For Technical Teams

These talks are aimed at security, IT, and software development audiences; mostly at conventions or for association events.

The most secure platform is the one people use

The world is full of examples where people bypass elaborate edifices designed by smart, well-meaning experts. Security teams love technically perfect solutions, but often spend too little time on how people will actually experience it. We discuss how to select security features that enhance the value of a product instead of reducing it.

Cop vs Lawyer: the evolving mindset of security leaders

At many organizations, the security team because synonymous with the word “no”. Progress was made in spite of security, not because of it. Today, some security teams have overcome that legacy and are building value through partnerships with technical, product, and even marketing teams. We talk about how your security department can do the same.

The enemy of good: the hidden curse of control frameworks

To a GRC analyst, a control framework seems like an obvious benefit. Those analysts organize and track compliance to a million different requirements, and combining them into a master structure seems like an obvious solution to all their problems. Unfortunately, putting such an edifice at the foundation of your overall strategy harms goals outside that GRC bubble. We discuss how this can happen, how you can avoid them, and how to keep your GRC analyst happy through the entire process.

How to gauge a cloud platform’s security posture in 20 minutes

There is a huge difference in reliability and security within cloud products. We walk through some of the indicators that a product was probably built well.

The Trouble with TPRM

You will never have much control over a vendor’s work, including in security. Yet many audit frameworks expect you to apply substantial oversight through them through Third Party Risk Management programs. We talk through what TPRM is good at, what they are not, and key indicators of a healthy program.

Three objectives you must get right in securing your cloud

Traditional approaches to datacenter security do not translate well to cloud-native design. We talk through the most likely threats and risks in a cloud environment, and how teams can best avoid them.

“Cloud” Lift and Shift: all the downsides, none of the benefits

For 30 years, “Lift and Shift” has been a popular approach in IT to consolidating systems onto existing infrastructure, allowing significant cost-savings without the disruption of moving operations teams onto a completely new system. This approach rarely works for cloud, though: raw infrastructure costs usually increase, and older designs cannot take advantage of the biggest savings opportunities. We discuss the projects that can most benefit from the cloud, and those that should stay in the datacenter.