Over the past 30 years, I’ve worked across operational cyber defense, product strategy, and industry research—most recently within the Chief Security Office at Lloyds Banking Group and through advisory and research roles focused on AI and quantum risk. Across each of those experiences, one challenge has remained constant:
Security leaders are overwhelmed with data, yet still lack decisive clarity.
Modern enterprises generate enormous volumes of exposure signals—vulnerabilities, identity drift, misconfigurations, control telemetry. But exposure alone does not answer the most important leadership question:
What actually matters, and what should we do about it first?
That is why I chose to join AttackIQ.
From Exposure Overload to Decision Clarity
In complex financial environments, I saw firsthand how difficult it is to translate fragmented risk indicators into confident action. Traditional reporting structures often prioritize volume over relevance. Leaders are left interpreting dashboards rather than understanding adversary pathways.
Cybersecurity must evolve from cataloging weaknesses to understanding how those weaknesses combine.
Attack path thinking changes the conversation. Instead of treating exposures as isolated findings, it frames them in the context of how an adversary would realistically chain them together to reach critical assets. That perspective transforms risk from abstract scoring into operational insight.
AttackIQ’s approach resonates because it centers on that connective tissue—linking vulnerabilities, identities, configurations, and detections into adversary-aligned attack paths that inform prioritization and resource allocation.
This is decision support, not just security testing.
CTEM as an Operating Model for Modern Defense
Through my advisory work with the MITRE Center for Threat-Informed Defense and my research leadership at ISACA examining AI and quantum implications, I’ve seen a clear industry shift toward more structured operating models.
Continuous Threat Exposure Management (CTEM) reflects that evolution.
CTEM, when implemented effectively, provides a disciplined loop:
- Scope what matters most to the business
- Discover and aggregate exposure signals
- Prioritize based on adversary-relevant attack paths
- Validate defensive performance
- Mobilize resources based on measurable impact
What’s critical is that validation is not the endpoint—it is a feedback mechanism that strengthens decision-making. The real objective is informed, confident action.
AttackIQ operationalizes CTEM in a way that connects threat-informed intelligence with business context. That alignment is essential as organizations modernize their defensive posture.
Preparing for AI-Accelerated Risk
AI and emerging technologies are reshaping both enterprise innovation and adversary capability. Organizations must move quickly, but they cannot afford to move blindly.
Security programs need structured, threat-informed decision support to balance innovation with resilience.
By combining adversary intelligence, attack path modeling, and continuous measurement, organizations gain clarity about where to invest, what to harden, what to tune, and what risk is acceptable.
That is a fundamentally different posture from reactive remediation cycles or compliance-driven reporting.
It is proactive, contextual, and strategic.
Why AttackIQ
I have known the AttackIQ team through years of collaboration in the threat-informed defense community. What stands out is not just technical capability, but a clear conviction that cybersecurity must mature into a decision science.
Security leaders deserve more than lists of exposures. They deserve actionable insight rooted in real adversary behavior and aligned to business priorities.
AttackIQ is advancing that vision—helping organizations move from fragmented exposure visibility to cohesive, threat-informed decision support.
That mission aligns deeply with my experience across operations, governance, and emerging technology risk.
I’m excited to contribute to the next phase of that journey.
