Cybersecurity is not rocket science.  Mostly, it is common sense achievable via management or administrative control.

Except a few “trades” (like digital forensic, code reverse engineering, cryptography), cybersecurity will or has already become a commodity skill.  Just  like IT skill, it has integrated into every day life.

We shall not blindly invest because there is security technology, or other peers are using it, or convinced by FUD (Fear, Uncertainty, Doubt) in sales pitch.  The risk management process is the foundation to identify and justify optimal investment to mitigate cyber risks to acceptable level in reducing business impacts.

The blog section illustrates how we can always learn or refer the physical world disciplines for adoption into the cyber world.  These illustrations are mostly used by the author in the talks to enhance or reinforce the understanding.  It is intended to provide cybersecurity insights from everyday examples.