Featured Writing and Media
What is the historic role of political leadership in managing aggression in the United States, and how can language help divide or strengthen our Union? The country needs a way out of this surreal, civil strife — and the path to victory lies in part through the human heart.
A Public, Private War
A blueprint for how the U.S. government and private sector companies can collaborate to prepare for war and significant cyberattacks on U.S. interests. The findings of A Public, Private War were adopted into the 2020 National Defense Authorization Act (NDAA) of the U.S. Congress and the Congressionally-mandated U.S. Cybersecurity Solarium Commission.
Inside the Biden Administration's Uphill Battle Against Far-Right Extremism
Arguing in TIME Magazine for a bipartisan 9/11-style Commission into the events of January 6, 2021, to understand the roots of extremism in the United States.
Asian Cybersecurity Futures
Analysis, stories, and scenarios about the future of the internet in Asia and beyond.
Pathways to security leadership
An in-depth profile interview in FORTUNE magazine about key lessons for rising leaders in security, technology, and public policy.
The Lessons Ash Carter Taught Me
One of Ash Carter's former speechwriters and special assistants reflects on the lessons the Secretary of Defense leaves behind.
US Cyber-Defense Agency Urges Companies to Automate Threat Testing
A group of leading security professionals and U.S. government leaders in Bloomberg outline the need for automated testing that emulates adversary behaviors.
Obama: On the End of a Literary Presidency
An Obama administration speechwriter takes stock, and looks forward
Testimony to the Canadian House of Commons: “Defend Forward and Assume Breach”
Open testimony to the Canadian House of Commons in February, 2019. What are the two most important steps that a country can take to defend itself against digital risk? The first is to prepare to deter hostile attacks in cyberspace using all instruments of national power. The second is to "assume breach" and prepare for an adversary to break into networks and gain access to organizations' most valuable data.
Where’s the 9/11 Commission for Russia’s Election Hack?
It’s about far more than tech companies and targeted ads. A whole of government response is needed to make sure this never happens again.
Validated Zero Trust
Zero trust stops intruders in their tracks — but only if it works. An untested cybersecurity program presents a risk to your business. So how can you ensure that your zero trust investments perform as they should?
Lawfare: The U.S. Government Needs to Overhaul Cybersecurity. Here’s How.
In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity. Deploying a validated zero trust architecture for the U.S. government's most critical high-value assets is an aggressive but achievable goal.
MITRE ATT&CK for Dummies
How can you ensure that your cybersecurity capabilities defend your organization as best they can? After decades and billions of dollars spent on the people, processes, and technology of cybersecurity, this question still haunts security leaders. Intruders break past, security controls falter, and defenses fail against even basic cyberattack techniques. What should be done? Instead of trying to close every vulnerability, meet every standard, or buy the “best” technology, security teams can change the game by focusing their defenses on known threats.
U.S. Cybersecurity Solarium Commission
Served as an expert advisor on the U.S. Congressionally mandated Cyberspace Solarium Commission, offering strategic concepts on public-private partnerships.
If You Don’t Hire Robots to Attack Your Networks, You’re Not Doing Security Right
Complying with DoD’s new cybersecurity regulations requires hard data, the kind that pretty much requires automation to compile.
COVID-19 Is Forcing Hard Cybersecurity Choices
Pandemic relief spending will likely prevent the implementation of most of the Cybersecurity Solarium Commission’s recommendations. Here’s how to prioritize them.
Eulogy for William C. Rands III
My godfather Bill Rands died in June of 2021, and the family asked me to give his eulogy. Bill made it his life’s mission to expand a sense of belonging and wellness wherever he could. And he did it marvelously — as a father, husband, philanthropist, and citizen. His life offers all of us good lessons on how to be.
Here is his eulogy as delivered at Grosse Pointe Memorial Church, on the shores of Lake Saint Claire, in Grosse Pointe, Michigan, on June 28, 2021.
Secure Beyond Breach
A practical guide for organizations and companies seeking to build a strong cybersecurity strategy and prevent the spread of breaches.
The Department of Defense Cyber Strategy
Jonathan Reiber wrote the first two national cyberdefense strategies of the United States. The Department of Defense’s second cyber strategy, linked here, was the first to publicly discuss the military’s role in defending the country against cyberattacks from abroad.