Newsletter
Expert analysis and insight direct to your inbox
Real people, real conversations
No prepackaged marketing fluff here, and no social media echo chamber. This is a private list with our unvarnished opinions and experiences working on governance risk & compliance in the real world. We will sometimes get things wrong, and we read and reply to your responses!
Incredible Value
Kindly Ops was started from a desire to reduce the burden
of regulatory compliance so that innovators can bring
their new products to market safely. We publish all our
best ideas, analysis, and latest open source tools and
techniques to our mailing list every week.
Previous issue archives
- The benefits of risk: profit and dignity
lets get personal, risk has value and brings dignity
- Thoughts on Commercial Open Source companies
we'd rather fail open
- Top AWS security tips for 2019
immediate things you can do to make your account more secure
- Governance and Risk - Firefighting and cybersecurity
we didn't always have fire departments
- Calibrate your estimates
Improve the quality of your estimates by calibrating your brain
- Are you going in the right direction?
Steering, not aiming
- Screaming in the Cloud podcast appearance
Guest appearance on Screaming in the Cloud podcast with Corey Quinn
- Our dangerous obsession with efficiency
Our dangerous obsession with efficiency
- Real World DevOps podcast appearance
Guest appearance on Real World DevOps podcast with Mike Julian
- Singapore introduces new AI model governance framework
Mandates that AI decisions must be explainable, transparent, human-centered.
- What is measurement?
What if we need to measure something with uncertainty?
- Who decides negligence?
what clues will help someone make a judgement?
- What does triage have to do with negligence?
Triage is good judgement and prioritization
- What is negligence?
Negligence is more subtle than following the rules
- The baseline will be wrong
Does the initial security controls baseline have to be perfect?
- Setting a Governance Baseline
Is it reasonable to mandate a governance / control baseline?
- How to measure Security Culture
Using the ipsative survey to diagnose culture preference
- Mental Models for Security Culture
4 models for security culture
- Culture and Ritual
using rituals to select identities or mental models
- Culture and Identity
culture and multiple identities
- Culture is Mental Models
defining culture in terms of mental models
- Error or Malice
different worldviews in system design
- Live in the feast podcast appearance
Guest appearance on Live in the Feast podcast with Jason Resnick
- DevOps approach to GRC
The Kindly Ops process for applying DevOps principles to Governance, Risk, and Compliance.
- FAIR for Quantitative Risk
Example of how to calculate Risk with the FAIR model in R.