brianmzimmer

@[email protected]
98 Followers
120 Following
141 Posts
Computer Security, Cyclist, Hockey Player, Gamer. Views are most certainly my own and not my employer's.
brianmzimmerMar 9
Lenny ZeltserMar 9

I published a 4-point approach for succeeding as a CISO, based on my experiences building and leading a security program at a high-growth company.

It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.

https://zeltser.com/ciso-leadership-lessons

#cybersecurity #infosec #CISO #leadership dership

What Being a CISO Taught Me About Security Leadership

A four-point framework to succeeding as a CISO, based on my experiences of building and leading a security program at a high-growth company. It shows how to focus on the defender's advantage and escape the unending cycle of reacting to vulnerabilities, investigating incidents, and responding to attackers' advances.

Lenny Zeltser
brianmzimmerMar 6
JA WestenbergMar 6
Nobody on LinkedIn has ever had a bad day. Every setback is a "growth opportunity." Every firing is a "new chapter." Every complete professional disaster is framed as "excited to announce." These people would describe the Titanic as "a bold pivot to submarine operations."
brianmzimmerDec 10

Really excited about my Friday. I have the following to look forward to:
1 "Check-in"
2 "Syncs"
1 "Touchbase"
1 "Catch up"
and,
1 "connect"

No real agendas. No purpose. All could be substituted for an email.

It's disappointing to see we still haven't evolved our organizational/corporate culture, at large, to accomplish the very minimal basics of preparation, respect, and time management.

Wondering out loud how long it will be before I start hitting folks with "No agenda? No attenda."

brianmzimmerNov 7

As an avid biker (as well as a husband and father), my wife drove home two points this week that I'll share:

First, I shared my location with my wife when I took long rides - sometimes alone - in Sedona and other parts of AZ. This gave her some peace of mind. When I turned it off during a road ride, she noticed immediately and freaked out. I also had a mechanical issue on the ride, which made matters worse for her. The lesson is that our family and friends really worry about us when we're on the trails and on the roads (more so on the roads). Location sharing and collision detection, and notification features are really important.

Second, given how much people worry, it's a really good idea to STFU about how dangerous riding in general is and, more specifically, how dangerous riding on the road is in the US. Did you have a close call with a 6000 lbs SUV with a texting driver? STFU about it. Did you see multiple people nearly killed? Yep. STFU about it. Our family and friends are already afraid for us. Don't share the details with them and make it worse.

#cycling

brianmzimmerNov 7

Every now and then, I post some thoughts on music I listen to and enjoy. It's called "Ear Whacks," and you can read it here. https://www.brianzimmer.com/single-post/ear-whacks-volume-5-issue-1

#music #joycemanor #sylosis

Ear Whacks Volume 5, Issue 1

Ear Whacks is a bookmark of all the music I’ve been listening to that I care to comment on. Since the last time I provided an update (which was basically 1976) there are clearly gaps in tunes I've been spinning. I’ll note something really important about me, personally: I’m terrified by complacency in music. I've written about this many times before. The idea of only listening to music from my youth or college years seriously sounds like the saddest thing I can think of. To me, it’s the equivale

BrianZimmerDotCom
brianmzimmerOct 18

I was out on the trails today and was looking at all of the ridiculous trucks and SUVs flooding the US market. I had this thought:

The next logical step for the American truck manufacturers is to build a truck without a windshield. Instead, the front of the truck will be just a wall of pure metal, chrome, plastic, and glass.

How will the driver see? Who cares. Is any of it necessary? Again, who cares?

brianmzimmerSep 17, 2025

A post in which: 1) I'm happy to have at least a few minutes to write down some thoughts, 2) I discuss a trend I see with younger people, especially women, where they say "I'm sorry" in situations where they have no reason to be, and 3) I realize I'm going to have to use LinkedIn more as a platform for my career including linking blogposts.... ugh.

https://www.brianzimmer.com/single-post/the-professional-alternatives-to-i-m-sorry

#infosec

The Professional Alternatives to "I'm Sorry."

I was in a pitch meeting a few weeks ago. The purpose of the session was to evaluate a service provider at an organization in which I’m an investor. The service provider in question was proposing three distinct types of services with a focus on one particularly high-value/high-cost service. The session was incredible; one of the best I’ve been to in years. Within minutes, we knew we had found a business partner. However, I noticed when the presenter started diving into details, there was the rep

BrianZimmerDotCom
brianmzimmerAug 29, 2025
Thinkst CanaryAug 29, 2025

It's our birthday, so we created a tiny skunk(worksy) game for you to play..

Complete all 7 continents, and we will send you a limited-edition, 10-year t-shirt.

Have fun!! (but watch out for the Canaries)

https://canary.tools/10-year

brianmzimmerJun 16, 2025
Clive ThompsonJun 16, 2025

I always find this chart by Hannah Ritchie -- of Our World In Data -- deeply informative of how disjointed is our sense of personal risk

https://x.com/_HannahRitchie/status/1133703638432526337

brianmzimmerJun 2, 2025

Really enjoyed this post:

https://srajangupta.substack.com/p/security-is-just-engineering-tech

I especially agree with the concept of merging all IR activities under the same basic business function.

Security Is Just Engineering Tech Debt (And That's a Good Thing)

Breaking the Illusion That Security Is Anything But Software Quality

Srajan’s Substack