A new approach to writing E-Mail

Have you recently sent an E-Mail and when the recipient responds, it is clear that they only read the first couple of lines of the message? Perhaps you wondered why your entire message was not carefully pondered by the recipient with the same diligence and attention to detail as when you wrote it. We all … Continue reading A new approach to writing E-Mail →

RSA 2016: Selfies and Alcatraz

Another year, another RSA is in the bag. From a filming perspective – it was pretty much static. Sure, I could have walked around the expo floor or the winding streets of San Francisco, but the footage would have been virtually indistinguishable from previous years. Instead, I took time out on my last day before … Continue reading RSA 2016: Selfies and Alcatraz →

Things I recently hearted

I’ve been following Steve Lord’s rawhex blog / project / thing for a while now and he never ceases to put out some great content. There are plenty of great articles which are worth checking out. Last week he posted a play-along guide to recognising backdoors using Metasploitable 2. [Info-wall warning] Yes, you have to … Continue reading Things I recently hearted →

Breaking into infosec through the backdoor: Lee Munson

“It’s a horrible feeling. Knowing that you’ve lost everything. It puts knots in your stomach and you want to run away from it all. But you’re unable to move - as if you’re completely paralysed.” It was a cold December afternoon, and I was speaking with Lee Munson. I detect an ’Essex boy’ accent in … Continue reading Breaking into infosec through the backdoor: Lee Munson →

Things I recently hearted

The Dridex gang sends <Dr evil voice> millions of phishing emails a day, infecting approximately 3-5,000 computers daily. The Government accidentally spilled the beans that Snowden was the target in the Lavabit case. It explains a few things - but serves as a reminder that government secrets aren't always that easy to keep. I didn't so much … Continue reading Things I recently hearted →

Things I recently hearted

Bsides Las Vegas is on August 2nd and 3rd at the Tuscany Suites and Casino. They are asking for volunteers. If you’ve never volunteered or helped out at a conference – particularly a Bsides, then you haven’t lived. Well OK, maybe that’s a bit strong – but seriously, you need to check out how the … Continue reading Things I recently hearted →

RSA 2016 – the roundup

Go to enough conferences and it’s easy to become jaded. When you visit the same booths, listen to the same talks, and interact with the same people, it feels like Groundhog Day. I get less excited about conferences than I used to. The security industry has always been about the long game. Changes are often … Continue reading RSA 2016 – the roundup →

Breaking the Fourth Wall

RSA is almost upon us which signifies a time of big announcements. Or at the very least, small announcements are made in a way to make them seem big. My blog has been my own walled-garden for several years now. It’s gone through many incarnations. But it’s the primary place where I jot down thoughts, … Continue reading Breaking the Fourth Wall →

Delivering bad security news

Working in IT security means that more often than not you'll be delivering bad news. Conduct a risk assessment and you'll have to explain all the risks that exist. If you're a QSA, you'll have to break the news of how the client isn't PCI compliant. And if you're a penetration tester, then... well, there's … Continue reading Delivering bad security news →

Why infosec can be like internet commentators

I try not to read the comments. Like ever. But often they are like those scabs you don't recall getting. You know it would get better if you stopped picking at it, but your fingernails can't resist the urge to scratch - that's what fingernails are for aren't they? Every now and then, I read … Continue reading Why infosec can be like internet commentators →