Write well. Write Quick. Write Now
This goal of this page is to provide links to my writings, of which there have been many. My first professional publication appeared in 1987, a 600-page text on how to use a piece of database software called Reflex. A more recent example would be "Advancing Accurate and Objective Cybercrime Metrics," an article published in the Journal of National Security Law & Policy, in February of 2020, available to read and download here.
Here is a sample of my writing from Getting to know CISOs: Challenging assumptions about closing the cybersecurity skills gap, a masters degree dissertation I wrote in 2016 (you can access the full document here).
While it can be argued that the problem of crime can never be solved, it can also be asserted that the better we understand crime, the better we are able to manage it and its effects, whether through prevention, deterrence, avoidance, or insurance. Without enough capable guardians of cyberspace, efforts to manage cybercrime are likely to fail. And the consequences of failure could be dire, with the likeliest scenario being one of the following: either the world limps along with successive generations of flawed technologies that are routinely abused by opportunistic cybercriminals; or the world’s economy becomes mired in endless recession because its citizens have collectively turned their back on the productivity promised by digital technologies, the benefits of which were finally eroded to the tipping point by rampant criminal abuse.
That the task of preventing predatory crime from undermining the internet-based opportunity structure is itself being undermined by a shortage of appropriately skilled people seems indisputable. Even as signs of hope appear, like elevated levels of attention paid to the problem, there are worrying indications that efforts to address it may be flawed. As the present research suggests, there appears to be a lack of due diligence on the part of those who are diverting substantial resources into luring people into the cybersecurity profession. That is, investments in cybersecurity workforce are being made with sufficient knowledge of what it takes to succeed in this new and still evolving line of work, or what kind of people will find the work rewarding enough to continue doing it long enough to be make the investment worthwhile (either to themselves personally, or to the institutions making an investment in them). The need for more research is urgent. Acquiring the knowledge needed to efficiently and effectively close the cybersecurity skills gap will not be easy, but the stakes are high and the effort must be made. Hopefully, this work has made a useful contribution to that effort.