I noticed I haven't written anything here since February...that's probably the longest period I stayed without blogging since I started more than 10 years ago. That's unacceptable for someone who wants to stay at the top of his game and also to go beyond the parroting the sounds coming from the echo chamber. I'll definitely work to avoid this to become the new normal.

Now, what is making me put my head out of the sand again is (at least for me) an amazingly interesting topic: behavioral economics. The implications to information security are many, from the most obvious ("user" behavior) to some less evident situations (attacker point of view, risk management, SOC operations, secure coding and development, among many others).

I recently read two books that are a great introduction to the topic:

The Art of Thinking Clearly - Rolf Dobelli

Thinking, Fast and Slow - Daniel Kahneman (Nobel prize winner, seen by many as the 'father' of the field)

There are many others that I hope to add here over time, when I expand on what I've been thinking about this in our Infosec environment. More to come.



P.S. There's also an ongoing online (and free) course about BE at eDX...