Phil Venables
LightNews LightNews
Phil Venables
@philvenables.bsky.social
300 followers 0 following 47 posts
Posts Replies Media Videos
Taking your established security program to the next level.

Preventative maintenance, risk quantification, navigating the uncanny valley, continuous assurance, architectural choices to reduce whole classes of risk and more.

www.philvenables.com/post/securit...
November 15, 2025 at 3:12 PM
Security Leadership Master Class - Part 1: Leveling up your leadership

philvenables.com/post/securit...
October 4, 2025 at 2:56 PM
Everyone Has A Plan Until They Get Punched In The Face.

Resilience is about capabilities not just plans.

www.philvenables.com/post/everyon...
Everyone Has A Plan Until They Get Punched In The Face
Apparently what Mike Tyson actually said in a 1987 interview was, "Everybody has plans until they get hit for the first time". In any case this is still a variant of the common theme of “No plan survi...
www.philvenables.com
August 23, 2025 at 3:17 PM
Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype

A new NASEM report reveals the truth about #cybercrime stats: our data is fragmented, inconsistent, & underreported. We can't fight what we can't accurately measure.

www.philvenables.com/post/decodin...
Decoding Cybercrime's True Scope: Beyond the Trillion-Dollar Hype
As security specialists, we regularly see claims about the escalating scale of cybercrime, often hearing staggering claims that it’s a "multi-trillion dollar problem." I’ve never seen any comprehensiv...
www.philvenables.com
July 26, 2025 at 2:57 PM
The Don't Fire Me Chart

A lot of premature CISO turnover is caused by the security program uncovering previously unknown risks and issues. So, paradoxically, the best CISOs make the situation *seem* worse before it then *actually* gets better.

www.philvenables.com/post/career-...
July 12, 2025 at 2:41 PM
Cyber Insights Needed & Delivered

My analysis of the recent Cyentia Institute report. Things are getting worse in absolute terms but it’s not clear (my take) they are getting worse relative to what the situation might be.

www.philvenables.com/post/cyber-i...
June 28, 2025 at 1:59 PM
Segmentation Technologies / Zero Trust

Thinking about doctrine vs. structure is a useful mental model to validate a technology’s adequacy for a particular task. In short, to know whether we are jamming a square peg into a round hole.

www.philvenables.com/post/segment...
June 14, 2025 at 3:44 PM
A different taken on the CISO / Cybersecurity Leader Job Description.

www.philvenables.com/post/ciso---...
CISO / Cybersecurity Leader Job Description
There is a plethora of sample job descriptions for security leaders that are often strictly correct but can also be uninspiring or too detailed to capture the actual essence of the role. I developed t...
www.philvenables.com
May 31, 2025 at 2:44 PM
Starting a Security Program from Scratch (or re-starting).

www.philvenables.com/post/startin...
May 17, 2025 at 5:05 PM
Security Leaders’ Reading List

Not many security books. Security leader challenges are mostly, well, leadership along with a healthy dose of program mgmt, culture, attention to detail, risk mgmt and more.

www.philvenables.com/post/leaders...
March 22, 2025 at 5:35 PM
Turning the Security Flywheel

This post explores the "flywheel" concept and its application to security, demonstrating how to create self-reinforcing cycles that improve effectiveness.

www.philvenables.com/post/turning...
March 8, 2025 at 3:44 PM
Cryptanalytically Relevant Quantum Computers (CRQCs) are coming. Perhaps sooner than we think, but we can conservatively (and usefully) assume in the 2032 - 2040 time frame. Beware the snake-oil of non-standard solutions.

www.philvenables.com/post/post-qu...
Post Quantum Cryptography Migration: Time to Get Going
Quantum computing is advancing rapidly. Innovations from Google, Microsoft, IBM and others are pushing the boundaries of not just the numbers of qubits but also their quality. We are well on our way t...
www.philvenables.com
February 22, 2025 at 4:28 PM
Keys to Career Success

www.philvenables.com/post/keys-to...
January 11, 2025 at 4:19 PM
Top Ideas and Posts from 2024

In closing the year let’s take a look at the top 10 posts of 2024 in order of most read.

www.philvenables.com/post/top-ide...
Top Ideas and Posts from 2024
I managed to keep up the pace of 1 post every 2 weeks throughout 2024. Just when I think I might be running out of ideas, and the backlog of topics is running low, then something always manages to com...
www.philvenables.com
December 28, 2024 at 3:03 PM
Want to know more about cyber-physical resilience & why leading indicators like software reproducibility & cold-restart time are more effective than just focusing on lagging indicators?

Then take a listen to the 2024 season finale of the cloud security podcast.

cloud.withgoogle.com/cloudsecurit...
December 24, 2024 at 2:46 PM
Cloud CISO Perspectives for end of Dec ’24 is up covering:

- Year end review from AI to Threats
- Forecast for 2025
- AI ISO certifications
- NIS2 compliance
- Threat intel. program development
- Detection as code
- and much more….

cloud.google.com/blog/product...
Cloud CISO Perspectives: From gen AI to threat intelligence: 2024 in review | Google Cloud Blog
To close out the year, our CISO Phil Venables shares the top Google Cloud security updates in 2024. There’s a lot of AI, of course, and a few surprises.
cloud.google.com
December 23, 2024 at 6:06 PM
Remember, as security professionals we are defending the free flow of ideas and capital that are essential for human progress. Defending lives and livelihoods. That's the mission. Happy Holidays.

sketchplanations.com/the-three-br...
December 22, 2024 at 3:17 PM
The Maintenance Paradox.

luca-dellanna.com/posts/mainte...
The Maintenance Paradox
Maintenance never makes sense in the short term, yet it is indispensable in the long term.
luca-dellanna.com
December 14, 2024 at 3:50 PM
Leadership: One Day at a Time, One Step at a Time.

www.philvenables.com/post/leaders...
December 14, 2024 at 3:36 PM
Proud to see @googlecloud as the first cloud service provider to partner with the @GRFederation and its affiliates to help further strengthen the manufacturing industry's cyber resilience.

Read more on what this means here:

cloud.google.com/blog/product...
Google Cloud first CSP to join BRC, MFG-ISAC, and affiliates to advance security | Google Cloud Blog
Google Cloud is proud to be the first cloud service provider to partner with the GRF Business Resilience Council and its affiliates. Here’s why.
cloud.google.com
December 12, 2024 at 5:30 PM
Cloud CISO Perspectives for early Dec '24 is up covering:

- Forecasting 2025: Notes from the Field
- Open source security patch validation
- C2 in browser isolation environments
- Every CTO should be a CTSO
- and more......

cloud.google.com/blog/product...
Cloud CISO Perspectives: Our 2025 Cybersecurity Forecast report | Google Cloud Blog
Google Cloud security experts don their forecasting hats to gauge what’s coming in 2025, in our newest CISO newsletter.
cloud.google.com
December 10, 2024 at 6:12 PM
Oops! 5 serious gen AI security mistakes to avoid

cloud.google.com/transform/oo...
Oops! 5 serious gen AI security mistakes to avoid | Google Cloud Blog
Pitfalls are inevitable as gen AI becomes more widespread. In highlighting the most common of these mistakes, we hope to help you avoid them.
cloud.google.com
December 6, 2024 at 12:25 AM
How has the development and adoption of AI changed over the last year? Dive into the current landscape in this issue of the Dialogues magazine, from @Google and @atlanticrethink for insightful perspectives on the transformative power of AI.

Read here: www.theatlantic.com/sponsored/go...
The “Eureka!” Moment
We asked 20 scientists and thought leaders to recall when they realized AI had the potential to change the world.
www.theatlantic.com
December 2, 2024 at 4:43 PM
Regulatory Harmonization - Let’s Get Real

Most cyber controls are relatively aligned. Calls for action on harmonization are really induced by obligations from other technology risk domains or broader. Focusing on reducing compliance toil is the right approach.

www.philvenables.com/post/regulat...
Regulatory Harmonization - Let’s Get Real
Every few months some association or other learned group of professionals makes a fresh call to action for cybersecurity regulatory harmonization. The logic being that cybersecurity professionals are spending more time showing adherence to compliance obligations or dealing with the toil due to differences in regulation than they are actually mitigating risk.I do have some sympathy with this sentiment but I would push back on this being as big a problem as people generally assert. However, as we
www.philvenables.com
November 30, 2024 at 2:39 PM
It's here. Benedict Evan's annual presentation. Predictably it's all about AI. Well worth a read.

www.ben-evans.com/presentations
Presentations — Benedict Evans
Every year, I produce a big presentation exploring macro and strategic trends in the tech industry. For 2024, ‘AI, and everything else’.
www.ben-evans.com
November 27, 2024 at 12:00 AM