Usually my research ends up behind the 451 paywall, but I noticed the good folk at Guidance Software have made one of my recent reports 'free' to download at their site behind a registration wall. It's part of research I'm doing looking at the insider threat market and I’d be interested to hear your views … Continue reading Is there a traitor in our midst? →

Nearly every security practitioner is familiar with the ISO27001 standard for information security. A lot of companies base their internal security policies on it and third parties use certification to it as a gold standard. But, what do the statements, recommendations and controls actually mean? Working for very large organisations, I learnt them to mean … Continue reading The Cynic’s guide to ISO27001 →

Edit: Despite almost qualifying as a senior citizen, my award-winning friend Thom Langford agreed to write me a guest post (seeing as he writes guests posts for everyone else). I did not impose any conditions except that the topic be relevant and not self-serving in the slightest.       I found myself writing an article that I didn’t … Continue reading An Article about Information Security Articles →

One of the rules from our Infosec Rockstar video was that even if you can’t attend a con, you should tweet as if you’re there. Well, I kind of messed up on that tweeting part – but despite me not being at Bsides, Blackhat or Defcon this week, I’ve been living vicariously through the tweets … Continue reading Vegas from afar →

I often shoot myself in the foot by agreeing to doing things and then realizing it eats up a lot more of my time than I’d originally anticipated which is why I haven’t been blogging or making videos much recently. Some of the things that have been consuming my life lately have included (cue fast-paced … Continue reading A recap for Eve and Gillis →

Because infosec has cured cancer, ended poverty and created a utopian paradise that the villain in Demolistion Man could only dream of – the industry often finds itself trying to fix the really big issues via twitter and other social media platforms as well as within the hallways of conferences as to what is wrong … Continue reading Infosec conferences – client side vs server side →

I didn’t write the book, the book wrote me. Which is kind of true because I kind of wrote a lot of stuff independently and then combined it with some of my old notes that I took whilst preparing for the exam and scoured through old emails for the rest.   It’s definitely not something … Continue reading The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security →

If you like to keep up with my ramblings on the Facebook or twitter, you'd probably have seen that not only was I nominated in several categories for the European Security Bloggers Awards, but so was Girl Cynic. Well, apparently Girl Cynic has been doing something right because she won the award for most entertaining … Continue reading We won!!! →