The Secure Blog
The Christian Espinosa blog.
Thought leadership on cybersecurity, leadership, and the human side of high-performing teams.
156 posts
Wet Tires At COTA: When The Conditions Change
Day two of Skip Barber Advanced Formula Car at COTA. Frost on the track, wet tires, and a lesson that applies on the circuit, in leadership, and in cybersecurity: stop forcing the original plan and read the conditions for what they are.
Read the full post: Wet Tires At COTA: When The Conditions Change
No Wasted Years, No Wasted Cycles
Jet lag, heavy metal, and the founder question that survives every time zone: what's worth it? Why most MedTech cybersecurity pain comes from waiting — and what Iron Maiden's Wasted Years has to do with building it right early.
Read the full post: No Wasted Years, No Wasted Cycles
Fade To Black And The Loneliness Of Leadership
Nothing's wrong with my marriage. Blue Goat Cyber is scaling fast. And still, leadership is lonely in ways the org chart doesn't show. Naming what most founders won't say out loud — and why honesty is part of the job.
Read the full post: Fade To Black And The Loneliness Of Leadership
Bells Beach, Point Break, And Choosing True Over Safe
Made it to Bells Beach, Victoria — where Point Break filmed Bodhi's final wave. A bucket-list stop, and a reminder of the line from the movie that quietly shaped how I make decisions: choose what's true over what's safe.
Read the full post: Bells Beach, Point Break, And Choosing True Over Safe
Speed Is Easy. Control Is Hard.
Three days of Formula 4 with Skip Barber at New Jersey Motorsports Park. Top speed near 185 kph — but the lesson wasn't the number. It was how long you can stay near it without losing control. The same principle runs racing, business, and life.
Read the full post: Speed Is Easy. Control Is Hard.
Eternal Optimism Is A Curse. Informed Optimism Is A Blessing.
The leader who says 'we've never had an issue, so we're fine' isn't optimistic — they're asleep. The difference between hope and awareness, and why one keeps you ready while the other keeps you comfortable until the bad news hits.
Read the full post: Eternal Optimism Is A Curse. Informed Optimism Is A Blessing.
Founder-CEO vs Hired CEO: The Difference Is Personal
I've been both — a founder who built and sold a company, and a founder watching a non-founder CEO take the wheel. Why founder-CEO and professional CEO are not the same job, and why Blue Goat Cyber is built the way it is.
Read the full post: Founder-CEO vs Hired CEO: The Difference Is Personal
Five Seconds On Elbrus And The FDA Submission
Four hours before this summit photo on Mt. Elbrus, I almost died from five seconds of lost focus. Same mistake MedTech teams make on FDA cybersecurity submissions — and the self-arrest that gets you out of it.
Read the full post: Five Seconds On Elbrus And The FDA Submission
The Ultrasound That Found My Clots: Why Medical Device Cybersecurity Is Personal
In 2022 a Doppler ultrasound found six blood clots in my left leg. That device saved my life. It's also why I treat medical device cybersecurity as a patient safety issue, not a compliance checkbox.
Read the full post: The Ultrasound That Found My Clots: Why Medical Device Cybersecurity Is Personal
Don't Stop Believing: The Comeback Isn't Dramatic
Six blood clots in 2022. A year later, a finish line at IRONMAN 70.3 Chattanooga and a song I used to think was cheesy. What nobody tells you about coming back from something that almost killed you.
Read the full post: Don't Stop Believing: The Comeback Isn't Dramatic
The Hard Part Is The Bar, Not The Fall
Hanging off an inverted biplane at the World Free Fall Convention taught me something about leadership: the falling is easy. The bar is what costs you.
Read the full post: The Hard Part Is The Bar, Not The Fall
Tulum, Prosecco, and the Sign I Almost Missed
I'd just sold my first company and every instinct said grind the next thing. Then I sat still in Tulum long enough to hear what was actually around me — and the next move got obvious.
Read the full post: Tulum, Prosecco, and the Sign I Almost Missed
Check Your Grip: What Top Gun Still Teaches Me About Leadership
Top Gun sent me to the Air Force Academy and shaped how I think about leading under pressure. Thirty years later, the lesson I keep coming back to is about grip — and when to loosen it.
Read the full post: Check Your Grip: What Top Gun Still Teaches Me About Leadership
Through Immersion Comes Clarity
Sixteen-hour days on AI and the business aren't balanced or sustainable — but they're the fastest way to see the gaps you've been stepping over for years.
Read the full post: Through Immersion Comes Clarity
What Ozzy and Zakk Taught Me About Not Getting Sanded Down
Ozzy Osbourne and Zakk Wylde got me through the dark stretches and shaped who I am. The lesson — in music and in leadership — is to stop sanding down the edges that make you you.
Read the full post: What Ozzy and Zakk Taught Me About Not Getting Sanded Down
What a 'Good' SBOM Actually Looks Like — And What Reviewers Reject
FDA reviewers see thousands of SBOMs. Most are wrong in the same handful of ways. Here's what a defensible Software Bill of Materials looks like for a medical device submission — and the patterns that trigger a deficiency.
Read the full post: What a 'Good' SBOM Actually Looks Like — And What Reviewers Reject
If Your Reviewer Can't See the System, You Don't Have an Architecture
Security Architecture Views are where most medical device submissions either earn trust or lose it. Here's what a clear, defensible architecture view looks like — and why most teams over-engineer the diagrams and under-engineer the boundaries.
Read the full post: If Your Reviewer Can't See the System, You Don't Have an Architecture
The Accident That Taught Me to Live in the In-Between
I spent decades chasing the next summit, the next exit, the next certification. Then a crash in an Illinois intersection taught me the micro-moment is the whole game.
Read the full post: The Accident That Taught Me to Live in the In-Between
Why Postmarket Cybersecurity Is Where MedTech Actually Fails
FDA clearance is the floor, not the finish line. A look at why most medical device cybersecurity programs collapse after launch — and what the working postmarket programs do differently.
Read the full post: Why Postmarket Cybersecurity Is Where MedTech Actually Fails
The Smartest Person in the Room Is Usually Wrong
The smartest person in the room is usually the one losing the war. After 25 years in cybersecurity, here is why ego — not technology — is the real breach.
Read the full post: The Smartest Person in the Room Is Usually Wrong
FDA Premarket Cybersecurity: What the 2026 Guidance Actually Requires
A plain-English breakdown of FDA's final 2026 premarket cybersecurity guidance — what the threat model, SBOM, labeling, and cybersecurity management plan actually have to look like for clearance.
Read the full post: FDA Premarket Cybersecurity: What the 2026 Guidance Actually Requires
Total Product Lifecycle: The Framing That Fixes Most MedTech Submissions
Most medical device cybersecurity programs fail because they treat security as a premarket activity. The Total Product Lifecycle framing is what the FDA expects — and what makes the work durable.
Read the full post: Total Product Lifecycle: The Framing That Fixes Most MedTech Submissions
Threat Modeling Is the Work. Everything Else Is the Receipt.
Most medical device cybersecurity submissions fail at the threat model — not because reviewers are picky, but because teams treat threat modeling as documentation. It's the engineering discipline that produces everything else.
Read the full post: Threat Modeling Is the Work. Everything Else Is the Receipt.
Acting With Intention: What It Means and How to Make It a Habit
Are we always acting with intention? Sometimes, we are aware of it; other times, it seems like it’s just a reaction. Intention can also be a double-edged
Read the full post: Acting With Intention: What It Means and How to Make It a Habit
Reflection Is Part of the Messy and Uncomfortable Growth Process
If you want to grow and evolve as a human, it can be uncomfortable. If it weren’t, we’d all be a bit more aware and enlightened. What I’ve learned is that
Read the full post: Reflection Is Part of the Messy and Uncomfortable Growth Process
No One Wants to Feel Alone in Times of Need
There are many variations of the concept of the loneliness of humanness. They say we are born and die alone. In between those two moments, we create
Read the full post: No One Wants to Feel Alone in Times of Need
Trying to Do the Right Thing and Getting It All Wrong
Most of us are always trying to do the right thing. Except, we often get it all wrong. I came to this realization while I was recuperating from a health
Read the full post: Trying to Do the Right Thing and Getting It All Wrong
Shedding Your Defense Modes
Everybody has the capacity to shift into defense mode. It’s a normal reaction to go into self-preservation behaviors. Sometimes, they occur when others
Read the full post: Shedding Your Defense Modes
Getting Thoughtful About Intentions
Intention is an action. It’s how we define what we expect from ourselves in a situation. It involves how we want to feel or what we want to achieve.
Read the full post: Getting Thoughtful About Intentions
Openness to Input and Feedback Drives Self-Correction
If we never experience the feedback of others, we can only rely on our own. It’s often faulty, so self-correction is seldom. We continue to repeat the
Read the full post: Openness to Input and Feedback Drives Self-Correction
Micro-Moments Center on the Present
Micro-moments often pass us by. We usually don’t realize their beauty or importance because of an obsession with the macro. The mindset of the macro
Read the full post: Micro-Moments Center on the Present
Shifting Your Identity to a Serving State
Identity is fluid if you’re open to evolving and changing. Everything we experience impacts our identity. Mine was once very rigid and self-serving, even
Read the full post: Shifting Your Identity to a Serving State
Informed Intentions Make You Less Vulnerable to Circumstances
Intentions are a normal part of the human experience. We may have the best intentions in mind in a situation, but they can quickly spiral out of control
Read the full post: Informed Intentions Make You Less Vulnerable to Circumstances
Trauma Creates a Wall to Micro-Moments
Everyone carries around the residue of trauma. Some of us have had more than our fair share, but it’s impossible to go through the human experience
Read the full post: Trauma Creates a Wall to Micro-Moments
Chase Your Dreams by Living in the In-Between
Dreams and aspirations are part of the human spirit. Many of us set goals and intentions toward making these a reality. However, much of the time, it
Read the full post: Chase Your Dreams by Living in the In-Between
Putting a Goal of Awareness into Action
Those who wish to be more present, empathetic, and emotionally healthy must have awareness. It’s two-fold. You need to have self-awareness and be able to
Read the full post: Putting a Goal of Awareness into Action
Unexpected Connections Can Have a Big Impact
Most of our interactions with people throughout the day are merely casual exchanges. We expect little to learn or grow from these moments. However,
Read the full post: Unexpected Connections Can Have a Big Impact
Indecision and Regret: The Inner Monologue
Almost everyone has an inner dialogue. This conversation that goes on inside our heads replays a lot of indecision and regret. When we don’t do things
Read the full post: Indecision and Regret: The Inner Monologue
Focusing on the Macro at the Expense of the Moment
Macro and micro are descriptors we use to demonstrate the difference between something large or great and something small. In this instance, the macro
Read the full post: Focusing on the Macro at the Expense of the Moment
Fixation on Yourself Is a Bubble State
It’s easy to fixate on your own needs, problems, and desires. While sometimes this is necessary, much of the time, it causes more harm than good. Fixation
Read the full post: Fixation on Yourself Is a Bubble State
How to Be Good at Being Present
Being present can mean a lot of things. In this context, it describes connections between yourself and others. Living in this state will allow you to
Read the full post: How to Be Good at Being Present
What Is Threat Intelligence, and Why Is It Important in Supporting Your Cyber Team?
In this post, we review what threat intelligence is, its current impact, and what it all means to your cyber team.
Read the full post: What Is Threat Intelligence, and Why Is It Important in Supporting Your Cyber Team?
How to Upskill Cybersecurity Job Candidates to Transform Them Into High-Performers and Excellent Communicators
The cybersecurity workforce landscape is at a serious threat level. What you can do to ensure your data and networks remain under protection is to focus back on skills-based hiring.
Read the full post: How to Upskill Cybersecurity Job Candidates to Transform Them Into High-Performers and Excellent Communicators
How to Build a Cybersecurity Team from Scratch Using the Secure Methodology™
Building a cybersecurity team comes with many challenges. So, what can you do as a cybersecurity leader?
Read the full post: How to Build a Cybersecurity Team from Scratch Using the Secure Methodology™
Silos Weaken Your Cybersecurity Posture, Collaboration Makes It Stronger
How did cybersecurity become so siloed? And what can you do to break silos down?
Read the full post: Silos Weaken Your Cybersecurity Posture, Collaboration Makes It Stronger
The Red Flags to Pay Attention to in Your Cybersecurity Staff and How to Handle Them
In this post, we discuss the red flags with your cybersecurity team and how best to handle them.
Read the full post: The Red Flags to Pay Attention to in Your Cybersecurity Staff and How to Handle Them
Diagnosing the Root Causes of the Cyber Workforce Shortage
In this post, we look at the data, diagnose the root causes, and define how to close the cybersecurity skills gap.
Read the full post: Diagnosing the Root Causes of the Cyber Workforce Shortage
Cybersecurity Skills-Based Hiring: Why Tech Leaders Need to Shift Their Idea of 'Qualified'
As the cybersecurity industry evolves, so should the idea of “qualified.” To do this, organizations need to shift to cybersecurity skills-based hiring.
Read the full post: Cybersecurity Skills-Based Hiring: Why Tech Leaders Need to Shift Their Idea of 'Qualified'
Why Organizations Should Rethink What Cyber Leadership Means
In this post, we discuss the maturity and changes present in cybersecurity leadership, areas in need of attention, and how those leading these efforts can create a healthy and thriving culture.
Read the full post: Why Organizations Should Rethink What Cyber Leadership Means
Cybersecurity Isn’t Black and White: Why Cyber Leaders and Their Teams Must Embrace the Gray
A threat that looms within many cyber teams is that many technical people see the landscape as black and white.
Read the full post: Cybersecurity Isn’t Black and White: Why Cyber Leaders and Their Teams Must Embrace the Gray
Is the Cybersecurity Skills Gap Fact or Fiction? It Depends on the Skills
In this post, we dive into some data related to the cybersecurity skills gaps. Then, we’ll look at solutions to bridge it.
Read the full post: Is the Cybersecurity Skills Gap Fact or Fiction? It Depends on the Skills
Does Your Cyber Team Truly Understand Your Threat Landscape?
In this post, we explore the current state of threat landscapes, the challenges that cyber teams face, and how the Secure Methodology can help evolve technical folks.
Read the full post: Does Your Cyber Team Truly Understand Your Threat Landscape?
Is Your Cybersecurity Budget Limited? How to Do More with Less
In this post we explore the state of cybersecurity budgets and how changes in the way you manage your team can help you do more with less.
Read the full post: Is Your Cybersecurity Budget Limited? How to Do More with Less
Why Cybersecurity Deserves a Seat at the Leadership Table
To combat cybersecurity threats and mitigate risk, an organization has to make cybersecurity a priority and a pillar.
Read the full post: Why Cybersecurity Deserves a Seat at the Leadership Table
The Future of Cybersecurity: Innovations in Technology Still Not as Critical as People
Cyber professionals (people) have a greater weight than processes and technology on winning the cyberwar.
Read the full post: The Future of Cybersecurity: Innovations in Technology Still Not as Critical as People
Reskilling and Upskilling Talent Can Help Shrink the Cybersecurity Skills Gap
This cycle of shortages and gaps will continue, leaving organizations with greater risk in cyber operations. Reskilling and upskilling talent can help.
Read the full post: Reskilling and Upskilling Talent Can Help Shrink the Cybersecurity Skills Gap
Does Your Cyber Team Have a “Bad” Reputation? Why Their Lack of Soft Skills Causes Friction
Many consider technical folks to be arrogant, hostile, and condescending. If that’s the culture in your organization, it’s a problem!
Read the full post: Does Your Cyber Team Have a “Bad” Reputation? Why Their Lack of Soft Skills Causes Friction
Burnout in Cybersecurity: Can You Prevent It?
Cybersecurity burnout is a troubling trend that impacts millions of people. According to the APA, 79% of workers reported work-related stress.
Read the full post: Burnout in Cybersecurity: Can You Prevent It?
Cybersecurity Strategy Pitfalls: How to Get Back on the Right Path
An underlying theme in the pitfalls we’ll discuss is how cybersecurity professionals miss or don’t give much credit to the human element.
Read the full post: Cybersecurity Strategy Pitfalls: How to Get Back on the Right Path
Ransomware Attacks: New Ways to Exploit Old Vulnerabilities
Cybercriminals are leveraging old weaknesses with the latest in AI and machine learning to maximize ransomware impact.
Read the full post: Ransomware Attacks: New Ways to Exploit Old Vulnerabilities
The Latest on Supply Chain Security: How Cyber Professionals Can Move the Needle
Supply chain attacks often involve third-party software because of privileged access and frequent communication with the vendor’s network.
Read the full post: The Latest on Supply Chain Security: How Cyber Professionals Can Move the Needle
Do Different Industries Need Cyber Professionals to Have Unique Skills?
In this post, I break down the unique skills cyber professionals need for specific industries and provide insight on how to support this development.
Read the full post: Do Different Industries Need Cyber Professionals to Have Unique Skills?
Cybercriminals Are Always Evolving Their Techniques; Your Cyber Team Should Too
In this post, we review trends related to cybercriminals, their approaches, and discuss ways to arm your technical team with the right skills to win the cyber war.
Read the full post: Cybercriminals Are Always Evolving Their Techniques; Your Cyber Team Should Too
Cybersecurity Workforce Retention: Keep Top Talent with the Secure Methodology
In this post, we’ll uncover why cybersecurity turnover occurs and how to create a culture and environment that will make them stay.
Read the full post: Cybersecurity Workforce Retention: Keep Top Talent with the Secure Methodology
The Cybersecurity Workforce Landscape in 2026
The cyber talent gap, what's actually causing it, and how leaders should hire, train, and retain in 2026 - drawing on ISC2 2025 data and the Secure Methodology.
Read the full post: The Cybersecurity Workforce Landscape in 2026
What Is XOps, and How Is It Changing the Cybersecurity Talent Discussion?
XOps describes the uniting of DevOps, DevSecOps, AIOps, and MLOps.
Read the full post: What Is XOps, and How Is It Changing the Cybersecurity Talent Discussion?
Cyber Risk and Digital Transformation: The Gap Is Growing
Cyber risk and digital transformation can work in harmony toward business objectives, but it requires a strong culture and strategy.
Read the full post: Cyber Risk and Digital Transformation: The Gap Is Growing
The Cyber Threat No One Talks About — the Absence of a Cybersecurity Culture
While the concept of a cybersecurity culture isn’t new, it’s still an internal challenge for most technical cybersecurity teams.
Read the full post: The Cyber Threat No One Talks About — the Absence of a Cybersecurity Culture
Cybersecurity and Meaningful Work: Why New Generations Entering the Field Want Purpose
Gen Z is a unique generation, which makes the ability to recruit and retain them for cybersecurity much different.
Read the full post: Cybersecurity and Meaningful Work: Why New Generations Entering the Field Want Purpose
The Secure Methodology™ Step Six: Empathy
People have readjusted their beliefs about work and life in the past few years, so empathy’s importance is greater than ever and has a pivotal role to play in cybersecurity.
Read the full post: The Secure Methodology™ Step Six: Empathy
Why Organizations Should Pivot to DevSecOps
The underlying foundation of DevSecOps is security by design. Security is a consideration at the conception of the project, not an afterthought.
Read the full post: Why Organizations Should Pivot to DevSecOps
How to Create a Culture of Innovation in Cybersecurity
Creating a cybersecurity culture isn’t a novel idea, and it's not just about tools, protocols, and technical aptitude. Culture starts with leadership.
Read the full post: How to Create a Culture of Innovation in Cybersecurity
Cybersecurity Trends Every Professional Needs to Know in 2026
The threats, tools, and shifts shaping cybersecurity in 2026: AI-driven attacks and defense, identity as the new perimeter, regulatory pressure, and the human factor.
Read the full post: Cybersecurity Trends Every Professional Needs to Know in 2026
The Secure Methodology™ Step Five: Monotasking
Monotasking describes focusing on one thing at a time to achieve more. Learn how to shift from multitasking to monotasking.
Read the full post: The Secure Methodology™ Step Five: Monotasking
3 Reasons Why Current Cybersecurity Measures Aren’t Working and How to Fix Them
The real reason cybersecurity measures are failing is because of a people problem. It’s the core foundation of my book, The Smartest Person in the Room.
Read the full post: 3 Reasons Why Current Cybersecurity Measures Aren’t Working and How to Fix Them
Cybersecurity Retention: How to Combat Turnover and Keep Employees Engaged
Keeping your team consistent and proactive is hard if it’s a revolving door. So, what’s the key to cybersecurity retention?
Read the full post: Cybersecurity Retention: How to Combat Turnover and Keep Employees Engaged
Improving Cybersecurity Communication Skills: Why It’s More Than Just Being Articulate
There's no argument from the field that cybersecurity communication skills are critical. The problem is that most companies aren’t doing anything to develop it in their people.
Read the full post: Improving Cybersecurity Communication Skills: Why It’s More Than Just Being Articulate
The Secure Methodology™ Step Four: Communication
Communication is the core of any organization, department, or process. Communication needs vast improvement in cybersecurity.
Read the full post: The Secure Methodology™ Step Four: Communication
What the Latest Cybersecurity Breaches Can Teach Us
There’s no shortage of cybersecurity breaches, with fear-inducing headlines. There is much to learn in these situations.
Read the full post: What the Latest Cybersecurity Breaches Can Teach Us
The Secure Methodology™ Step Three: Acknowledgment
Acknowledgment in work life is often something that’s missing. It’s certainly MIA in the cybersecurity industry, and that’s why it’s step three of the Secure Methodology.
Read the full post: The Secure Methodology™ Step Three: Acknowledgment
What Is Zero Trust Architecture, and Why Should Your Organization Shift to It?
Zero trust architecture describes a strategic approach to cybersecurity that enables an organization to be secure by eliminating implicit trust and replacing it with continuous validation. Its beginnings sprung from the “never trust, always verify” principle.
Read the full post: What Is Zero Trust Architecture, and Why Should Your Organization Shift to It?
Will AI and Machine Learning Help or Hurt Cybersecurity?
AI and machine learning are helping and hurting cybersecurity. Technical teams can marry these tools with their own skills to produce the best security posture.
Read the full post: Will AI and Machine Learning Help or Hurt Cybersecurity?
How to Recruit and Hire Cybersecurity Professionals to Help You Win the Cybersecurity War
Nearly every industry deals with labor shortage challenges due to the pandemic, the Great Resignation, and other factors. However, cybersecurity was already experiencing recruitment and retention problems.
Read the full post: How to Recruit and Hire Cybersecurity Professionals to Help You Win the Cybersecurity War
Cybersecurity Is a Support Industry; What Happens When Organizations Forget That
Cybersecurity is a support industry. It wouldn’t exist without being part of other sectors—manufacturing, healthcare, financial services, etc.
Read the full post: Cybersecurity Is a Support Industry; What Happens When Organizations Forget That
5 People Skills Every Successful Cybersecurity Professional Possesses
If cybersecurity were just a collection of robots, maybe the need for people skills wouldn’t exist. There’s always going to be a need for human intervention in the cybersecurity war.
Read the full post: 5 People Skills Every Successful Cybersecurity Professional Possesses
What Is Total Intelligence, and How To Build a Cyber Team to Lead with It
When making any decision, intelligence certainly plays a key role. However, often it’s only the logical, rational side of intelligence that people rely on, especially in worlds like cybersecurity.
Read the full post: What Is Total Intelligence, and How To Build a Cyber Team to Lead with It
The Secure Methodology™ Step Two: Mindset
The idea of two different mindsets — growth and fixed. In the growth mindset, you believe you are in charge of your life. You realize you are the cause, not the effect
Read the full post: The Secure Methodology™ Step Two: Mindset
Why Communication Aptitude Is the Number One Soft Skill Cybersecurity Professionals Must Possess
Poor communication and interpersonal skills are the roots of cybersecurity incidents. That’s a theme in The Smartest Person in the Room.
Read the full post: Why Communication Aptitude Is the Number One Soft Skill Cybersecurity Professionals Must Possess
How To Avoid Hiring Paper Tigers
Paper tigers may be scarier than the real thing because they are killing the cybersecurity industry so you need to avoid hiring them.
Read the full post: How To Avoid Hiring Paper Tigers
The Secure Methodology™ Step One: Awareness
We are complex, and our behaviors demonstrate this repeatedly. We’re not always susceptible to how we behave and its impact.
Read the full post: The Secure Methodology™ Step One: Awareness
Remote Work Is Here to Stay: The Impact on Cybersecurity
In the rush to remote enable staff, we know cybersecurity was an afterthought. Many organizations hobbled together different technologies.
Read the full post: Remote Work Is Here to Stay: The Impact on Cybersecurity
Why Geeks Need EQ and Leadership Skills
Simply being smart won’t cut it - geeks also need leadership skills that can be derived from emotional intelligence.
Read the full post: Why Geeks Need EQ and Leadership Skills
Top 10 Organized Cybercrime Syndicates
In this blog post, we discuss ten of the most notorious organized cybercrime syndicates and how they operate.
Read the full post: Top 10 Organized Cybercrime Syndicates
The Secure Methodology™ and Cybersecurity Leadership
The Secure Methodology is a step-by-step guide to help us improve our skills so we can easily practice honest and effective communication.
Read the full post: The Secure Methodology™ and Cybersecurity Leadership
The Confidence-Competence Loop
There is a correlation between confidence and competence; not an A-to-B correlation. These two conditions reciprocally lead to each other.
Read the full post: The Confidence-Competence Loop
3 Steps to Hide Data in an Image Using Steganography
In this post we'll explain a simple method to hide data (any type of data - text, image, malware, etc.) in a JPEG.
Read the full post: 3 Steps to Hide Data in an Image Using Steganography
2 Simple Ways to Extract GPS Coordinates from Images
In this post, we'll cover two simple ways to extract Exif (Exchangeable image file) data, which includes GPS coordinates, from images.
Read the full post: 2 Simple Ways to Extract GPS Coordinates from Images
Top 10 Penetration Testing Decision Factors
This article contains ten items you should consider when selecting an organization to perform a penetration test against your environment.
Read the full post: Top 10 Penetration Testing Decision Factors
The Cybersecurity Gender Gap
When it comes to the numbers of women in cybersecurity, we’ve got good news and bad news. The bottom line is we need more women in cybersecurity.
Read the full post: The Cybersecurity Gender Gap
Cheating Cybersecurity Exams: Paper Tigers
Cybersecurity exam cheats (aka paper tigers), cost everyone - the company issuing the test, those offering credentialing, and the cybersecurity industry at large.
Read the full post: Cheating Cybersecurity Exams: Paper Tigers
6 Famous Hackers that Got Caught
The best hackers we never hear about. Here are the stories of six of the most famous hackers and how they were caught.
Read the full post: 6 Famous Hackers that Got Caught
Penetration Testing History
The concept of penetration testing has been around since human beings first began trying to understand their enemies' thought processes.
Read the full post: Penetration Testing History
Leetspeak: The History of Hacking Subculture's Native Tongue
You've probably seen leetspeak, also known as 1337 or “l33t,” somewhere on the Internet or in a movie about computer hacking.
Read the full post: Leetspeak: The History of Hacking Subculture's Native Tongue
Tips for Certified Cybersecurity Professionals to Find Jobs
I share three methods to empower you to find your ideal cybersecurity job, leveraging your CISSP (or any other) cybersecurity certification.
Read the full post: Tips for Certified Cybersecurity Professionals to Find Jobs
The Urban Legend of the Cybersecurity Skills Gap
Is there really a cybersecurity skills gap or is this narrative just another fear-based urban legend? Learn more.
Read the full post: The Urban Legend of the Cybersecurity Skills Gap
LinkedIn Tips for a Better Cybersecurity Job
Land a new, exciting, and better cybersecurity role by enhancing your LinkedIn profile with these supercool tips.
Read the full post: LinkedIn Tips for a Better Cybersecurity Job
Hacking Medical Devices for Profit and Terror
Covers background on why medical device security is something to pay attention to, the four attack objectives, and solutions.
Read the full post: Hacking Medical Devices for Profit and Terror
Cybersecurity Risk Needs to be Simplified
Complexity is the enemy of execution. Unnecessary complication is tied to ego & lack of clarity. In cybersecurity everything is overly complicated.
Read the full post: Cybersecurity Risk Needs to be Simplified
Questions to Ask a vCISO
Many companies rush into finding fractional vCISO services and end up with a relationship they did not expect. Ask the right questions first.
Read the full post: Questions to Ask a vCISO
Top 10 Largest Healthcare Data Breaches by Number of Records Stolen
Healthcare data breaches have increased in both scale and regularity during the last decade, with the worst affecting up to 80 million people.
Read the full post: Top 10 Largest Healthcare Data Breaches by Number of Records Stolen
Understanding the 6 Human Needs To Become a Better Technical Leader
Most leaders fail by trusting that intelligence alone can resolve issues. We forget we are working with people who, just like us, have needs
Read the full post: Understanding the 6 Human Needs To Become a Better Technical Leader
Explanation of Cybersecurity Hashing and Collisions
This post is a transcript of Christian Espinosa's explanation of cybersecurity hashing and collisions, including an MD5 collision demo.
Read the full post: Explanation of Cybersecurity Hashing and Collisions
Explanation of the Cybersecurity CIA Triad
This post is a transcript of Christian Espinosa's explanation of the cybersecurity CIA triad including the opposite, DAD.
Read the full post: Explanation of the Cybersecurity CIA Triad
Black Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of Black Box Penetration Testing and how White, Gray, and Black relate.
Read the full post: Black Box Penetration Testing Explained
Gray Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of Gray Box Penetration Testing and how White, Gray, and Black relate.
Read the full post: Gray Box Penetration Testing Explained
White Box Penetration Testing Explained
This post is a transcript of Christian Espinosa's explanation of White Box Penetration Testing and how White, Gray, and Black relate.
Read the full post: White Box Penetration Testing Explained
How Your Ego Impacts Your Life
There are ways to control your ego (not your amigo). If you manage your ego you will live a much happier, healthier life.
Read the full post: How Your Ego Impacts Your Life
How Emotional States Can Slow Down and Speed Up Time
When we learn how emotions affect how we perceive time, we can easily control how we feel and perceive time.
Read the full post: How Emotional States Can Slow Down and Speed Up Time
The Importance of Acknowledgment and Appreciation
Whether it is for ourselves or the people around us, acknowledgment can do wonders. Learn to acknowledge yourself and your team by reading more.
Read the full post: The Importance of Acknowledgment and Appreciation
Neural Pathway Highways and Ruts: Change Your Habits
When I discovered it’s possible for our brains to create new pathways, I recognized this can improve a person’s behavior, health, and mindset.
Read the full post: Neural Pathway Highways and Ruts: Change Your Habits
Finding Your Purpose In Life: Understanding The 7 Levels Deep Exercise
The concept of purpose is a very common theme in modern society. One of the many ways to find purpose is the 7 Levels Deep Exercise.
Read the full post: Finding Your Purpose In Life: Understanding The 7 Levels Deep Exercise
Awareness: Models of the World
Being an effective leader requires many things. Aside from understanding our own skills and capabilities, we need to exert time and effort to understand
Read the full post: Awareness: Models of the World
The Power of Questions
There are many ways to approach a problem. We often get caught up thinking about answers when we should be looking for the right question.
Read the full post: The Power of Questions
What is Congruence?
Is it possible for us to be in touch with what we really feel? In this post, I explain the importance of congruence how we can use it to be fulfilled.
Read the full post: What is Congruence?
Empathy vs. Sympathy
Empathy is to feel and connect with people, while sympathy drives disconnection. Empathizing is being together with the person in the dark so they are not alone while sympathizing is saying “Too bad!” from afar.
Read the full post: Empathy vs. Sympathy
The Latest Cybersecurity Incidents and What You Can Learn from Them
Cybersecurity incidents are on the rise, which isn’t a surprise to most in the industry. Hackers become more sophisticated every day, exploiting vulnerabilities and cyber defense mechanisms.
Read the full post: The Latest Cybersecurity Incidents and What You Can Learn from Them
How to Develop Soft Skills in Your Cybersecurity Team
Cybersecurity roles are highly technical, so why should you care about soft skills? For any technical or non-technical position human interaction is vital.
Read the full post: How to Develop Soft Skills in Your Cybersecurity Team
Are You Effectively Motivating Cybersecurity Professionals?
Motivation is a very personal and subjective thing. What motivates one person may not the next. How leaders inspire teams isn’t a one-size-fits-all approach.
Read the full post: Are You Effectively Motivating Cybersecurity Professionals?
Adapting in Cybersecurity: Why Agility Matters
Adapting in cybersecurity and being agile have long been hallmarks of the field. After all, there’s always a new threat or risk, so the industry is certainly not static.
Read the full post: Adapting in Cybersecurity: Why Agility Matters
The Value of Empathetic Leadership in Technical Roles
Empathetic leadership is about compassion for employees and customers. And it fits nicely in cybersecurity, an area that requires trust, communication, and collaboration.
Read the full post: The Value of Empathetic Leadership in Technical Roles
Monotasking vs. Multitasking
Monotasking or single-tasking is the process of dedicating oneself to one task at a time. Monotasking is more effective than multitasking.
Read the full post: Monotasking vs. MultitaskingFixed vs. Growth Mindset
Our mindset is crucial because it affects our ability to learn new skills and cope with everyday challenges. A growth mindset is preferable.
Read the full post: Fixed vs. Growth Mindset
A CISO Isn’t a Technical Role
A CISO isn’t a technical role. In this post, I’ll make a case for why it isn’t a technical role and define the most critical CISO skills.
Read the full post: A CISO Isn’t a Technical Role
How to Hire Cybersecurity Professionals to Ensure Success for the Organization and the Employee
In this article, we teach you how to hire cybersecurity professionals so they and your organization can be successful.
Read the full post: How to Hire Cybersecurity Professionals to Ensure Success for the Organization and the Employee
NLP Presuppositions for Leaders
There are 14 NLP presuppositions that we apply to become better leaders of ourselves and others. Awareness of NLP presuppositions is vital.
Read the full post: NLP Presuppositions for Leaders
Cognitive vs Affective Empathy Leadership
Cognitive and Affective Empathy are both a part of being an effective leader. High cognitive empathy / low affective is the best combination.
Read the full post: Cognitive vs Affective Empathy LeadershipWhy Do Technical People Struggle with People Skills? And How Can Companies Fix It?
Soft skills are a challenge for many technical individuals. Technical people often get put in a category of lacking them. Why?
Read the full post: Why Do Technical People Struggle with People Skills? And How Can Companies Fix It?
Risk Comprehension Is a Basic Cybersecurity Skill, Yet Most Practitioners Lack It
Risk assessment is essential to proactive and reactive cybersecurity plans, yet most cybersecurity professionals do not understand risk.
Read the full post: Risk Comprehension Is a Basic Cybersecurity Skill, Yet Most Practitioners Lack It
Your Cybersecurity Framework Is Overcomplicated - Here's Why
Let’s be frank and honest — your cybersecurity framework is overcomplicated. Simplicity is better than complexity.
Read the full post: Your Cybersecurity Framework Is Overcomplicated - Here's Why
The Truth About Cybersecurity Certifications
The cybersecurity industry is creating many paper tigers — someone who claims to have knowledge but just passed a multiple-choice test.
Read the full post: The Truth About Cybersecurity Certifications
Your Cybersecurity Methods Are Failing - Here’s Why
As much as every organization wants to believe they are cyber secure, the reality paints a different story.
Read the full post: Your Cybersecurity Methods Are Failing - Here’s Why
The Cybersecurity Status Quo Needs to Change
With cybersecurity, there is a status quo, this movement that we just keep following, but it's not helping. It's time to challenge the cybersecurity status quo.
Read the full post: The Cybersecurity Status Quo Needs to Change
Cybersecurity "Professionals" - Reboot Needed
This article focuses on cybersecurity certifications and stringent license requirements, as opposed to certification exams that can be easily “gamed”.
Read the full post: Cybersecurity "Professionals" - Reboot Needed
Are You Caught in the Success Trap?
A lot of us fall into the success trap. We've achieved success, according to how society defines success, but we're unfulfilled and we feel trapped.
Read the full post: Are You Caught in the Success Trap?
The Hero's 2 Journeys - Achievement & Transformation
The hero's 2 journeys are achievement, which is external, and transformation, which is internal. For any good story, we need these two elements.
Read the full post: The Hero's 2 Journeys - Achievement & Transformation
How The Confidence Competence Loop Can Benefit You
Confidence is a belief we can do something. Competence is the ability we can do something. The confidence/competence loop means if we believe we can do something, we'll take action.
Read the full post: How The Confidence Competence Loop Can Benefit You
FOMO vs JOMO
FOMO is the fear of missing out. JOMO is the joy of missing out. You will be less anxious, more fulfilled, and get more done if you practice JOMO.
Read the full post: FOMO vs JOMO
How to Get More Time in Your Day Without Waking Up Earlier
In this post we'll cover three tips to make you more productive and give you back more time in your day without having to cut into your sleep.
Read the full post: How to Get More Time in Your Day Without Waking Up Earlier
The Value of Monotasking - What Jesse Itzler and Rainbow Taught Me
Multitasking is a thing of the past. Monotasking can help you reclaim your agenda by making you productive, instead of busy.
Read the full post: The Value of Monotasking - What Jesse Itzler and Rainbow Taught Me
Your Ego is Not Your Amigo
Your ego is not your amigo. Your ego will cost you many things in life, including success and fulfillment. Get the ego off your back.
Read the full post: Your Ego is Not Your Amigo
Life is Meaningless
Life is really meaningless. I know this sounds controversial, and some of you may be questioning what I'm saying. Some of you may have already turned this
Read the full post: Life is Meaningless
Ransomware – Should You Pay?
What do you do if you get ransomware in healthcare or critical infrastructure? Should you pay the ransom? How do you prevent ransomware?
Read the full post: Ransomware – Should You Pay?
Aviation Cybersecurity – Hacking Aircraft
The risk of successful hacks of aircraft is increasing. Aircraft are complex systems with long supply chains and legacy systems and protocols.
Read the full post: Aviation Cybersecurity – Hacking Aircraft
Cybersecurity Paper Tigers are Killing Us
Cybersecurity is full of paper tigers - people who cheat certification exams and on't care about cybersecurity. Let's unite to get rid of paper tigers.
Read the full post: Cybersecurity Paper Tigers are Killing Us
Why Small Businesses Are Still the #1 Cybercrime Target in 2026
Small and mid-sized businesses absorb the majority of cyberattacks. Here's why attackers target them, what's changed since 2020, and the practical defenses that actually work.
Read the full post: Why Small Businesses Are Still the #1 Cybercrime Target in 2026
Medical Device Hacking and the Vulnerability of Connected Medical Devices
Christian Espinosa is interviewed by Kim Komando on hacking medical devices. From pacemakers to hospital equipment, nearly anything can be hacked. This risk is real.
Read the full post: Medical Device Hacking and the Vulnerability of Connected Medical Devices