This week I think I'd like a refund on my optimism. The Doxxer Gets Doxxed Someone in Spain leaked the personal details of police, prosecutors, and cyber officials across multiple platforms. They got arrested in Granada last week. The poetic justice of doxxing the very people tasked with preventing doxxing is absolutely chef's kiss. https://therecord.media/spain-arrests-suspected-hacker-for-publishing-data-on-sensitive-government-workers … Continue reading Breach of Confidence — 12 June 2026 →

I've spent the week watching people try to solve human problems with technical solutions and technical problems with human rage. Neither works as well as you'd think. Also, while I was speaking at infosec about the latest AI threats people need to be wary of, my motorbike which was in the "secure" ExCel car park … Continue reading Breach of Confidence: 05 June 2026 →

I see many job postings asking for someone who is 'passionate about cybersecurity.' Enthusiastic. A team player. Positive attitude preferred. And maybe I'm being a bit click-baity here, but they're hiring for the wrong thing entirely. The person you actually want exhibits the following: Upon receiving a beautifully wrapped gift, immediately wonders who sent it … Continue reading Are we hiring for the wrong thing? →

The film industry is running out of ideas. I know this because they have made 10 (20?) films about a group of people who drive cars aggressively (sometimes into space) and called it a franchise. Meanwhile, the entire cybersecurity industry is sitting here, completely unrepresented, absolutely bursting with the raw material of cinematic gold.Allow me … Continue reading Cybersecurity films that need to be made →

KB4con 2026 had Alex Honnold as a keynote speaker. He's someone who climbs extremely tall mountains with no ropes and no safety equipment. Just him, the rock, and a Wil-e-coyote style ending if anything goes slightly wrong. I have sat through a lot of conference keynotes. Former heads of state explaining that leadership is important. … Continue reading Alex Honnold and Other Keynote Choices →

Been a busy week. Stockholm is gorgeous in summer. The Ransomware Gang That Got Ransomed The Gentlemen ran their operation like McKinsey with malware. Tiered service levels, customer support, even an HR department. Then someone breached them using their own playbook. Turns out even criminal management consultants aren't immune to the fundamentals. You'd think people … Continue reading Breach of confidence: 22 May 2026 →

The Infosec Community Vibe Check is a recurring look at what the security community has been talking about across the Fediverse — primarily on infosec.exchange, mastodon.social, chaos.social, and defcon.social. This isn't a scientific survey. It's based on who I follow, what surfaced in my timeline during the reporting period, and the themes that kept coming … Continue reading Two Weeks in Cybersecurity… Still Cynical, Still Broken, Still Surprised →

I saw what might have been the coolest dog in Florida this week. Got a better photo the second time. Still not sure if that's a compliment to the dog or an indictment of Florida. They Just Log In Attackers stopped breaking in years ago. They log in as you now. World Password Day has … Continue reading Breach of Confidence 15 May 2026 →

I've been thinking about trust lately. Not in the abstract philosophical sense, but in the "who do you hand your house keys to" sense. Which is unfortunate timing, because this week's news suggests we've been handing our keys to some truly questionable characters. The Protection Racket Made Digital A DDoS protection firm got caught running … Continue reading Breach of Confidence: 8 May 2026 →

I may be in the minority, but I quite enjoyed Predator Badlands. But that's not the point. The movie follows a young Predator called Dek who reluctantly teams up with Thia, a damaged android. He only agrees because he can rationalise her as a tool rather than a companion. His code says hunt alone. But … Continue reading The Dek Principle →