Lies, Lies and Some more Lies

From a young age, kids start telling white lies to get out of trouble from their parents. These aren't usually malicious lies, it's not like they go around at night killing the neighbourhood cats. It's more small things like standing in front of you with their hands covered in paint and claiming they don't know … Continue reading Lies, Lies and Some more Lies →

What’s The Best Security Advice You’ve Received?

What's the best security advice you've ever received? That was the question I was asking unsuspecting delegates at Infosec Europe 2012, on behalf on Tripwire. As you can see, there were a fair amount of answers around passwords. Which was... ummm... interesting. See more of my coverage at Infosec 2012, with some great interviews with … Continue reading What’s The Best Security Advice You’ve Received? →

Business Speak

Information Security folk aren't much different than people in other careers. When we get together and talk amongst ourselves, it can sound like a foreign language. But do we remember to revert back to normal language when we speak to non-security people?

B-Sides London and Infosec Europe 2012

I spent a day at Infosec Europe courtesy of my lurvely sponsors Tripwire and got the chance to speak to people who otherwise wouldn't have probably given me the time of day. So I guess the one thing you can take away from it all is that if you want to speak to CISO's and … Continue reading B-Sides London and Infosec Europe 2012 →

Is Lord Sugar an Anonymous Member?

Lord Alan Sugar is Britain’s answer to Donald Trump. Well as much as in that he’s the man behind the desk firing people on the UK’s “Apprentice”. He’s also pretty active on twitter having just short of 2 million followers, so it’s not an understatement to say, he’s pretty popular and influential when compared to … Continue reading Is Lord Sugar an Anonymous Member? →

CISSP Reloaded–Domain 7: Applications and Systems Development

This is the 7th part on my CISSP Reloaded where I am revisiting the 10 CISSP domains I studied for many years ago to see what has changed and how much of it I have retained as well as adding in my own personal thoughts, experiences and rambles into the mix. Read the other domains … Continue reading CISSP Reloaded–Domain 7: Applications and Systems Development →

Security Awareness Tips

Security awareness training can be a bit dull and boring, so we commonly try to come up with ways on how to make it a more engaging topic for our audience. But do we end up patronising them with gimmicks and child-like messages?

System Hardening

System hardening is a term used frequently. But what does it exactly mean and are you doing it right? In simple terms, any system or device out of the box comes with all its bells and whistles belling and whistling. Which is great if you're going to use it to backup your holiday pictures at … Continue reading System Hardening →

CISSP Reloaded–Domain 6, Operations Security

I’ve made it past the mid-way point, I think a bit of self-back patting are in order! This is the 6th part on my CISSP Reloaded where I am revisiting the 10 CISSP domains I studied for many years ago to see what has changed and how much of it I have retained as well … Continue reading CISSP Reloaded–Domain 6, Operations Security →

Incident Management

When you're faced with an incident what do you do? Do you even realise there's an incident? Do you ignore it? Or do you hide under the covers? All these things happen and usually the best laid plans usually end up in the bin when an incident does strike. How can one prevent this? Think … Continue reading Incident Management →