Established as a practitioner-led blog, IT Security Expert examines how cybersecurity controls perform in real operational environments.
About the IT Security Expert Blog
Origins
IT Security Expert Blog was established in 2007 as an independent cybersecurity blog. With over 5 million views, the blog's aim was to provide cybersecurity awareness, debate, and practical, experience-driven commentary on security engineering, privacy, and governance. From its early years, the blog focused on translating complex technical and regulatory topics into operational insight. Rather than repeating vendor messaging or summarising headlines, its purpose was to analyse how controls function in real environments. Over time, it developed a consistent focus on evidence, accountability, and measurable security outcomes.
The blog is supported by the @SecurityExpert account on X
Editorial Approach
The IT Security Expert blog operates independently and is not affiliated with any vendor or commercial sponsor.
Its perspective is practitioner-led and grounded in operational experience rather than marketing narratives. The emphasis is on clarity, structure, and practical insight.
Where possible, commentary draws on:
• Publicly documented cyber incidents
• Regulatory developments
• Real-world assurance challenges
• Long-term observations of control behaviour
The objective is not volume, but substance.
Relationship to the Platform
While Provable Cyber Resilience provides structured research and formal publications, the blog serves as a more immediate commentary channel.
It is where ideas are explored, tested, and refined before being consolidated into longer-form work.
Contributing
Submissions are considered from practitioners who can provide original, experience-based insight aligned to the platform’s focus on control effectiveness and measurable assurance.
Promotional or vendor-led content is not accepted. Editorial review applies to all submissions.
For submission guidance, refer to the Submit a Blog Post page.
