Matthew K. Sharp > Quotes

“FIGURE 5.2 9 Box of Controls Source: Harkins, M.W., Managing Risk and Information Security: Protect to Enable. Used with permission.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“Courage is willingness to take the risk once you know the odds. Optimistic overconfidence means you are taking the risk because you don't know the odds. It's a big difference. — Daniel Kahneman”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“Opportunity cost is the loss of gain from other options by selecting the one at hand. Note that a security initiative that goes unfunded faces a preferred opportunity cost more often than not. By choosing a platform technology, I may lock myself in from accessing best-of-breed tooling.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“Yogi Berra once said, “In theory, there is no difference between theory and practice. In practice, there is.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“I have heard CISOs frequently exclaim, they have enormous accountability and responsibility, but they lack the authority to get things done. It comes down to architecting the choices your business makes by blending perspectives enough to get the best outcome.”2”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“I strongly feel that you must also be an excellent salesperson to be an effective cybersecurity leader.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“You will want to dive into the four C's of Cloud-Native Security and ensure you have a clear understanding of how you will secure technology investments to address the cloud, cluster, container, and code.15”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“Now, Porter explains in his book: “To identify a new value chain, a firm must examine everything it does, as well as its competitors' value chains, in search of creative options to do things differently. A firm should ask questions including ‘How can the activity be performed differently or even eliminated?”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“As a skilled choice architect, you are conscious of utilizing the WRAP and NUDGES frameworks in preparing your presentation and framing of the issues. Having completed a study of the value agenda, you recognize that you need to overlay the risk and mitigation costs into a single picture.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“Effective people are not problem-minded; they're opportunity-minded. They feed opportunities and starve problems. — Stephen R. Covey”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“FIGURE 3.2 The Six Sources of Influence Source: Grenny, J., Maxfield, D., and Shimberg, A., How to 10X Your Influence. Used with permission.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“In my experience, if you get the messaging and financial analysis correct in a business case, mistakes in other elements of your business case are more readily forgiven and forgotten.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“However, the point here is that incentives are a necessary but insufficient source of influence required to modify behaviors.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives

“All the metrics above are lag measures. To illustrate, consider W. Edwards Deming's comments that managing a company by looking at financial data, which are lag measures, is like “driving a car by looking in the rearview mirror.”
― Matthew K. Sharp, The CISO Evolution: Business Knowledge for Cybersecurity Executives