Books by Greg Hay
Practical thinking on cybersecurity, governance, and organisational risk.
Checked, Not Secured
Inside the Gap Between What Governance Reports Say and What Attackers Actually See
Organizations invest millions in security programs, pass rigorous audits, and check every governance box — yet attackers continue to slip through with ease. Checked, Not Secured exposes why.
Through methodical analysis and painfully recognizable scenarios, this book reveals how institutional drift creates real vulnerabilities: incident response plans that predate key personnel changes, endpoint detection tools that miss critical servers, SIEM systems with thirty-day log retention when evidence trails run forty-two days long. Not dramatic failures — the mundane, natural entropy of complex organizations moving faster than their documentation.
Essential reading for CISOs, security directors, governance professionals, and executive leadership who sense the disconnect between their security posture and their actual protection.