Make your cyber world more secure and 
your life easier -- design thinking for cybersecurity

Join us on our contact page. Then, read on...


The cyber community has never known more than we know today, nor has it had more funding and sophisticated technology. 

Yet, incidents and breaches continue. The harsh Cyber Forensics realities are that most incidents and breaches are self-inflicted. And state-sponsored attacks are more intense by rogue states and their proxies. 

In business terms, you lose customers, competitive edge, time to market, and most assuredly, suffer heavy costs and burnout.  Mighty companies fall due to structural flaws and group think, as in Jim Collins’ “How the Mighty Fall.” They fail to quickly adapt proven methods and stay ahead of competitors. 

Cyber teams are also failing to adapt quickly and stay ahead of enemies. Financial-reporting style control structures were never relevant, structurally sound or reliable. And people, process and technology can be misapplied.

How can this be?

Perhaps the main reason is that cyber pros – caught between structural flaws, flawed controls and policies, and group think – are simply not taking advantage of terrific and proven methods. There are “Good to Great” methods that drive strong business outcomes and are easily applicable to managing cyber risk. 

Cyber success, like business, requires tools designed for the dynamic and chaotic cyber system. Tools designed for more static systems, such as financial reporting-style controls (ICFR), naturally break when applied to the dynamic cyberworld. In business, poorly designed product management and controls leads to miserable sales. In cyber, rigid frameworks and illusion of adequate controls and policies lead to breaches and low resilience. You are vulnerable, no matter how hard you work to fix implementation. 

Yet it was another single piece of information that really hit us hard. After questioning audiences at conferences for over a decade, we found that only about 1% of attendees take away an idea that they implement in the next year. Of those, some stated it was only a minor improvement. With that stark reality, it is no surprise that incidents and breaches continue, costs remain high and cyber teams are burnt out. In short, cyber people face a treacherous climb. 

We believe that by going through this site, thinking through the implications – taking time to learn more through the online coursesyou can gain what you need to make your cyber world more secure and your life easier.

Think. Design. Cyber. has been created from the journeys of Brian Barnier, Prachee Kale and many others. 

Brian Barnier is a sailor, head of analytics at ValueBridge Advisors and co-founder of Think. Design. Cyber. He is the pioneer of life-like scenario analysis and industrial-strength design thinking in cybersecurity and a leader in systems thinking and math in cyber. He served on ISACA bodies that created Risk IT and COBIT5, spokesperson for both. He currently serves on the ISACA Journal panel and Taylor & Francis EDPACS editorial board. ISACA's ITAF 2020 points to his work in risk assessment. He is one of the first three “Fellows” of OCEG -- the Open Compliance & Ethics Group.

He authored 200+ articles, recently Cybersecurity: The Endgame -- with Prachee Kale. Part 1 was honored the EDPACS 2020 Article of the Year. Part 2 published in 2021. In 2021, he received the Joseph J. Wasserman Award from from ISACA NYM. In 2015, he received the V. Lee Conyers Award from ISACA GWDC. At IBM, Nokia & AT&T he led teams to 9 patents – 6 heavily used during COVID. At AT&T he led a groundbreaking internal security initiative to enable new product sales. At IBM he launched the first secure distributed messaging software, created the security as a process solution team, co-founded the GRC community of practice and #1 FinTech blogger. 

He is the author of The Operational Risk Handbook (Harriman House, Great Britain, 2011), a contributor to Risk Management in Finance (Wiley, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley, 2014). At the City University of New York, he teaches a graduate seminar in data analytics viewed as #1 by several associations and guest lectures in cybersecurity. 

Prachee Kale is an expert generalist with a love of learning and growth. She is executive coach (focused on cybersecurity and risk professionals), strategist, speaker, writer, dot connector, and breaking the mold. She is the author of an award winning EDPACS article on cybersecurity, currently seconded to apply her business acumen to diversity and inclusion and corporate social responsibility. She previously served in corporate America in cybersecurity and management consulting. Fun facts... heard about PCR tests? She’s done them as a bioscientist... working with HIV infected cells. And, she loves swimming and sailing!


And many others...

From past centuries and current times who are gratefully credited in The Operational Risk Handbook, the online course and other writing.

Plus hundreds and thousands of others whom we have met in corporate life, advisory assignments and public programs who have commented and refined the application of critical thinking, systems thinking and design thinking to cybersecurity.

Together, this makes the use of industrial-strength thinking so proven and practical. 


Is the critical thinking, systems thinking and design thinking for cybersecurity project of ValueBridge Advisors, LLC

insights are based in the expertise of our principals, some reflected in product management chapter of The Operational Risk Handbook, Harriman House, 2011.

© Copyright 2010-2022. All rights reserved. ValueBridgeAdvisors, LLC