A short of collection of brain rumblings and other things from past presentations I gave, in the form of quotes. It’ll continue to be updated as I remember them.

It’s not what you say, it’s when and how you say it.
If it’s stupid but works, it isn’t stupid.
If you’re happy with your plan, you are not doing it right.
Competent security teams cannot be created after breaches occur.
The bad guys don’t obey our security policies.
Change your mindset, change their mindset.
Always have a plan.
Always have a back-up plan, because the first one probably won’t work.
Always have an escape plan because all the rest of the plans will fail.
It’s what you don’t see that ultimately gets you. And you can’t know what you don’t see until someone makes you see it.
Disrupt that.
The most effective means of protecting yourself and your property is the liberal use of common sense reinforced with a high state of security awareness.
Act, don’t react.
When in doubt, red team it. It’s all about execution. If you fail to execute correctly, the rest was for nothing.
I have my target, and it’s an almost impossible target, and I am not changing it, and fuck if I care, I will try...
Life is like a box of shit, you always know what you’re gonna get... Invest in crappy security, and you will get crappy security.
The solution is in the problem. Work the problem.
If you’re happy with your security, so are the bad guys.
Tremendous detailed planning, violent execution.