A short of collection of brain rumblings and other things from past presentations I gave, in the form of quotes. It’ll continue to be updated as I remember them.

It’s not what you say, it’s when and how you say it.
If you’re happy with your plan, you are not doing it right.
Competent security teams cannot be created after breaches occur.
Change your mindset, change their mindset.
It’s what you don’t see that ultimately gets you. And you can’t know what you don’t see until someone makes you see it.
Disrupt that.
The most effective means of protecting yourself and your property is the liberal use of common sense reinforced with a high state of security awareness.
Act, don’t react.
When in doubt, red team it. It’s all about execution. If you fail to execute correctly, the rest was for nothing.