"I'm going to write" — four words I've wanted to say for two decades. I wasn't ready to say them due to the fear and uncertainty of creating in public under my own name. No more. It's time.
In the famed words of Scott Alexander:
"With malice towards none, with charity towards all...let us begin anew the joyful reduction of uncertainty wherever it may lead us."
Welcome to Strategy of Security. I'm glad you're here.
What is Strategy of Security?
Strategy of Security is a publication that analyzes the business and strategy of cybersecurity. It's written by me, Cole Grolmus.
My mission with Strategy of Security is to provide perspectives for modern cybersecurity professionals. The purpose is to help you find your way to the top of the field — however the journey looks for you. Together, we'll do our part in shaping an industry and solving some of our time's biggest challenges.
My work happens through writing, visuals, and data. I believe in the power of mixed media. Using the right form of communication is the most effective way to share ideas.
Expect the majority of the content you see on Strategy of Security to be positive and constructive. We need new and different voices in an industry where fear and negativity are predominant. Any criticism will have positive intent. Productive discourse moves the industry forward.
To start, I'm writing free long-form articles weekly with daily short-form commentary on social media. More is planned after I'm comfortable my work is unquestionably valuable to you.
Which topics will Strategy of Security cover?
I create within the boundary of subjects I'm competent about and topics you find valuable. My goal is context: thoughtful perspectives applicable to your work and life in cybersecurity.
I get inspiration from a broad range of creators and publications. A few direct influences are Stratechery (Ben Thompson), Visualize Value (Jack Butcher), and 2PM (Web Smith). You may notice reflections of their style as I work to establish my own unique voice.
A few of the topics you can expect to see on Strategy of Security are:
Industry analysis: Analysis of broad trends, events, and news across the cybersecurity industry and ecosystem. You'll elevate your attention from news and headlines to the themes and trends that matter most.
Company analysis: Analysis of specific cybersecurity companies and products, ranging from public companies to startups. You'll discover new companies and business opportunities before others recognize them.
Abstract thinking: Explanations of concepts, theories, and principles relevant to cybersecurity leaders and operators. You'll gain a new mindset and timeless ways of thinking.
Interviews and case studies: Discussions and deep-dive studies. You'll learn from the most interesting people, companies, and events in the industry.
A few nuances about topics you should not expect to see covered on Strategy of Security:
Breaking news: Although I plan to cover some news, don't expect me to break any. Existing media does an outstanding job of breaking and reporting news timely. I'm interested in the depth and broader impact of events. This requires extra time to analyze.
Technical financial analysis: You won't see quantitative financial analyses on technical investment topics for companies I cover. Professional financial analysts are far more capable at covering companies for investors. My coverage is strategic in nature: I explain the strategy, value, and impact to you as a person working in cybersecurity.
Software development: You may periodically see code or demos. You shouldn't expect to see fully-baked apps, detailed breakdowns of exploits, or other highly technical content. I write code and previously built a commercial SaaS application. However, programming isn't among my best skills.
The content I produce will evolve, as with anything new. My objective to provide you with the maximum value possible will never change.
Who is this for?
The tagline for Strategy of Security is "Perspectives for the modern cybersecurity professional." I chose this tagline because I believe we're entering a new era. Cybersecurity is becoming mainstream: ubiquitous in culture, broadly understood, and fundamental to modern businesses.
A new class of people is leading the transformation. "The modern cybersecurity professional" is an ideal — a metaphorical representation of the combined skills, interests, and values of the people I've been fortunate to encounter in my work.
I have a long-held belief that cybersecurity will become an increasingly cross-functional discipline. The ecosystem will grow to include new people: those with a balance of business acumen, technical acumen, and global acumen.
Modern cybersecurity professionals are dimensional. They're people who possess both deep expertise and the range to understand, discuss, and apply adjacent concepts. They’re inclusive and welcoming of new people and ideas. You could call them polymaths — people with a wide range of interests both inside and outside of cybersecurity.
Defining the modern cybersecurity professional is about acknowledging emerging and non-traditional roles in the ecosystem. There is an important place for individuals who understand cybersecurity in context of business, strategy, and the world at large. If you identify as this type of person, Strategy of Security is for you.
I have spent the last two decades studying, apprenticing, and executing cybersecurity work. I am both an operator and analyst, not a journalist. I have been working in cybersecurity and tech since I was old enough to legally hold a job. Before that, it was play.
I intend to continue consulting and advising in addition to writing. In the words of Hunter Walk, Strategy of Security is one of multiple SKUs I'm working on. I believe in the mutual reinforcement of practice, experience, and study. I started this project because it's a useful (and perhaps unique) combination of the skills and experience I've been so fortunate to gain in my career.
I read from a broad range of timeless leaders. I'm current with contemporary creators. My work to embody the ideal of a modern cybersecurity professional is continuously in progress.
I have a few of the formal industry credientials, if you care about those: I'm a CISSP and CISA. I also earned an MBA from a leading business school.
I have started writing weekly articles and posting daily social media content on Twitter. I will expand social media platforms and update the publishing schedule over time. This process is under no set schedule. Quality takes priority over frequency.
If you'd like to stay updated, you can subscribe to receive emails when new articles are published. You can also follow Strategy of Security on Twitter at @strategyofsec and me personally at @colegrolmus.
Thank you for reading — I'm looking forward to making this one of the best possible uses of your time.