The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security

I didn’t write the book, the book wrote me. Which is kind of true because I kind of wrote a lot of stuff independently and then combined it with some of my old notes that I took whilst preparing for the exam and scoured through old emails for the rest. It’s definitely not something … Continue reading The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security →

We won!!!

If you like to keep up with my ramblings on the Facebook or twitter, you'd probably have seen that not only was I nominated in several categories for the European Security Bloggers Awards, but so was Girl Cynic. Well, apparently Girl Cynic has been doing something right because she won the award for most entertaining … Continue reading We won!!! →

Spotting phishing scam emails

Phishing emails can be nasty pieces of work. They put a lot of effort into appearing legitimate in order to trick users into falling for their scams. In this video, I only take a look at this one specific email which claimed to come from Apple. There are lots of signs to look out for … Continue reading Spotting phishing scam emails →

A friend with photoshop is all you need

Jimmy is a good guy - I like him, he works in security and trains MMA. Which means if he can't gain access to your server, he'll simply beat the password out of you. Then he posted this picture on twitter in a cowboy hat. As they say, a little photoshop is a dangerous thing … Continue reading A friend with photoshop is all you need →

RSA & BSides SF 2014

For the times you feel like the ball inside a pinball machine.

Here’s full disclosure – now no disclosure

Full disclosure has announced it's shutting down. Even people far more capable than me are trying to comprehend why. One of the key grievances cited by John as to why Full Disclosure is being shut down was the constant battling against trolls - even from within the security community. It raises a number of interesting … Continue reading Here’s full disclosure – now no disclosure →

The Cyber Security Skills Gap

Monday morning and RSA 2014 has not even properly started but there I was up on stage in front of a rather packed room. Feeling jet-lagged and wishing I had more caffeine in my system, I was glad that I was simply moderating a panel which included Dwayne Melancon, Andy Ellis, Jane Lute and Mike … Continue reading The Cyber Security Skills Gap →

Bug Bounty

A bug bounty is a reward handed out by companies to people who disclose bugs or vulnerabilities to them in a responsible manner. Think of it like the wild west where anyone is deputised with powers to chase after the Kid and claim the reward dead or alive. Traditionally companies like Google and Facebook offered … Continue reading Bug Bounty →

Security Dialectic: Kaspersky Industry Analyst Summit

A tropical Island paradise, a Russian millionaire and hackers may sound like the plot of a James Bond movie, but they are actually references to Kaspersky’s industry analyst event in Punta Cana, Dominican Republic, where the company was expected to divulge its plans, aspirations and research to analysts from around the world. Four of 451 … Continue reading Security Dialectic: Kaspersky Industry Analyst Summit →

Phishing prevention

The folks at Information Security Buzz were asking a bunch of people for their tips in how to avoid phishing scams. I responded in the form of a video.