I am starting a new adventure tonight: teaching information security to a community group.

I consider it my mission to make enterprise information risk management principles something that “just plain folks” can put into practice.

Threat assessment, vulnerability management and asset valuation are all possible at any scale.  And with those three things we have a risk profile, right?  So why doesn’t this happen more?

I will be updating here as I move into this new phase of my “life’s work.”