All Posts

88% of published CVEs carry an exploitation probability below 10%. If your backlog is ordered by CVSS score, most of the effort it consumes is aimed at vulnerabilities attackers are ignoring. This episode delivers a working alternative: EPSS, the CISA KEV catalogue, and SSVC applied to real CVEs.

Most organisations track vulnerability management metrics. Far fewer track metrics that change anything. This episode examines what to measure, where each metric delivers the most value, and why programmes that solve for security have no difficulty during audits while those that solve for compliance struggle to demonstrate whether they are reducing risk at all.

Vulnerability Management programmes rarely fail because individual components are weak. They fail because the people, processes, and technology were designed independently and have drifted apart under operational pressure. Episode 4 of the CAXA Technologies Security Operations Series examines the operating model that turns pillar capabilities into operational reality, and provides a diagnostic framework for identifying where misalignment is constraining your programme.

Buying a better scanner doesn't help if your asset inventory has significant gaps. This episode examines the five pillars every VM programme depends on, maps how they interact as a dependency chain, and explains why the visible symptom is often far from the actual constraint.

Every vulnerability takes a journey through your organisation. This episode examines the seven stages of that lifecycle and reveals where programmes typically stall. Understanding this journey is the first step to making it shorter.

Vulnerability management extends beyond patching, but most programmes plateau before becoming truly risk-informed. This opening episode examines why the fundamentals of asset visibility, prioritisation rigour, and remediation ownership determine programme effectiveness far more than tooling investments.

Leadership often creates the illusion that time is abundant and relevance secure. Memento Mori challenges that comfort. It reminds us that roles shift, identity must evolve, and the real measure of leadership is whether the work holds when we step aside.

As leaders rise, the work changes shape. The satisfaction of direct impact gives way to the discipline of trust. Oikeiosis explores how leadership evolves from personal control to stewardship — from doing the work to designing the systems that let others succeed. It is about carrying responsibility without collapse, and finding strength in alignment rather than authority.

Apathēia teaches that calm leadership is not detachment but reliability. When leaders manage their own reactions, they create space for others to think clearly and act with confidence. Over time that steadiness becomes a foundation for psychological safety. Teams stop managing the leader’s mood and start focusing on meaningful work.

Leadership isn’t a solo act. Sympatheia reminds us that every decision moves through people, processes, and systems that depend on one another. When leaders act without that awareness, trust erodes and progress turns costly. True leadership isn’t about control; it’s about keeping the system healthy so others can do their best work.

Epictetus taught that some things are up to us, and some are not. For leaders, that insight becomes a way to steady teams under pressure. By helping people see what is truly theirs to act on, leaders show trust, protect focus, and give work meaning. The Dichotomy of Control is not about ignoring adversity, but about carrying it with clarity, dignity, and progress.

Leadership is more than optimism. The Stoics practised Premeditatio Malorum — imagining setbacks before they came. By applying this discipline through techniques like pre-mortems and scenario planning, leaders can anticipate shocks, act with calm, and build organisations resilient enough to keep moving forward when disruption inevitably arrives.

Purpose sets the path. Value proves the journey. Discipline keeps you walking it.