Day-Zero Normal

I wrote a CISO field brief. It’s called The Day-Zero Normal, and it exists because the AI-and-security conversation has split into two useless camps: the doom crowd writing thousand-word threads about extinction, and the “it’s just cyber kicking up another storm” crowd waving it off. Neither helps you on Monday morning.

Twenty-five years on the offensive side of this business taught me what actually shifts a program. This brief is what I’d hand a CISO who has a board meeting next week and a budget cycle next quarter.

Some of what’s in it:

• What to divest, what to double down on, and what to stand up new. A one-page reprioritization table.
• A Standing Authority Matrix your GC and CIO will actually sign, so your SOC can contain the boring 80% of incidents at machine speed without paging a director at 3 a.m.
• Why your CMDB is lying to you, and how to rebuild asset management on runtime truth joined to identity.
• The Chromebook lesson from K-12: four stacked wins any executive strives for, it’s a win for the CFO, CIO, CISO, and ultimately CEO.
• A 90-day plan with three phases, mapped to a KPI scorecard in the appendix. Metrics you can measure with tools you already have.
• How to use your cyber insurance renewal as the budget lever nobody talks about.
• Four sentences to tell your board that will stick with them.

Huge thanks to the two named reviewers: Ariel Litvin (former CISO at First Quality Enterprises) and Jacqueline Lebo (Director of Risk Advisory at SAFE, Head of the AI Workgroup at FAIR Institute). Their comments sharpened the brief in real ways.

And to the 20+ other people from every corner of the cyber space who walked this with me before publication: thank you. You’re the reason this reads in a boardroom and a C-suite, not just to practitioners. I owe you all.

If this is useful, tell me what I got wrong. I’ve been wrong before and I’ll be wrong again, and the only way any of us get this right is by comparing notes in the open.

You can download the paper here: Day-Zero Normal.pdf