Cybersec’s Messy Messaging

I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some - but really? The majority … Continue reading Cybersec’s Messy Messaging →

5 Tips to be an awesome CISO

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe … Continue reading 5 Tips to be an awesome CISO →

My Retirement Plan

Buy 10,000 trophies from China (max $1 each including shipping)Buy an engraverRegister a fancy domain, like, "WorldsBestSecurity.com"Send emails to companies saying they've "won" an award in some <random category>. For a mere $1000 they can get featured in the WorldsBestSecurity.com listing and receive an engraved trophy. 10,000 * 1000 = 10,000,000 Even with a 50% … Continue reading My Retirement Plan →

Your polls are bad

If you've been on LinkedIn recently, you've probably seen your feed littered with polling questions. It could be something simple as, "which of these items do you like for breakfast" or something more specific such as, "Zero Trust is good because..." Either way, I have a bit of an issue with how these are framed, … Continue reading Your polls are bad →

The Impending Reality of Virtual Reality

There's a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game. I've never been able to complete the game, and I've yet to meet anyone that can tell me any … Continue reading The Impending Reality of Virtual Reality →

Looking for security in the wrong places

It's an old economists' joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, "Oh, I dropped them over there, but the light's better here." It's an apt … Continue reading Looking for security in the wrong places →

The bad old days

BSides London is taking place and due to the pandemic and things, I'm not going and it's put me in a contemplative mood about the early days of my career. When I started there were no such things as conferences such as BSides. We only had Infosec Europe and the most we got out of … Continue reading The bad old days →

The Terminator had it all wrong

It's really easy to become complacent in security when the bad guys aren't focussing you. But when the evil eye of Cyber Sauron casts its gaze your way, you soon realise your silver bullets were only silver-plated. As lockdowns around the world ease to a degree and many organisations are welcoming staff back into the … Continue reading The Terminator had it all wrong →

Ransomware gangs aren’t very bad

Ransomware is the big threat to all organisations. It's the worst thing to ever happen on the internet. All ransomware gangs need to be hunted down and shut down wherever they may be. No ISP should be left unturned, no router left unexamined. They all need to be burnt to the ground! But is that … Continue reading Ransomware gangs aren’t very bad →

All security products are good

I tried to be a bit click-baity with my headline by saying all security products are good. But I think I failed in making it very enticing. That's typically a problem with click bait, if you don't go big, you don't really generate a ton of interest. And if you go too big, then you … Continue reading All security products are good →