This isn’t the place to make a name for yourself

It was T's first week in a new organisation and they went into a project meeting for a new product that was about to be released. T: Has this product been pen tested? Project manager (PM): We don't usually do pen tests on most systems, unless they're really high risk, and even then we wait … Continue reading This isn’t the place to make a name for yourself →

The Ying Yang of Your Engine

I recently argued that I don’t really care about an aeroplane’s engine and that I only cared about the experience I have travelling on it. Some people argued with me that the engine is very important and without an engine the aeroplane won’t fly. Allow me to elaborate my thinking with the example of a … Continue reading The Ying Yang of Your Engine →

Your engine doesn’t matter

I have flown many times in my life, but I’ve never really known the difference between a Boeing 747, 787, or whatever the numbers are. It’s not that I’m not interested in planes. I still look up in the sky when I see one flying overhead and ask myself where it’s coming from and going … Continue reading Your engine doesn’t matter →

Cybersec’s Messy Messaging

I saw an article on The Register today entitled, Crypto for cryptographers! Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. TL;DR the argument is whether or not crypto should mean cryptography or cryptocurrency. Now, I get it, it can be an emotional topic for some - but really? The majority … Continue reading Cybersec’s Messy Messaging →

5 Tips to be an awesome CISO

I’m not a CISO, I never have been and hope I never will be. It seems like a lot of hard work and stress, and if you’re the CISO at a company when you suffer a breach it’s difficult to blame the intern without a mob of security professionals criticising you. But I do observe … Continue reading 5 Tips to be an awesome CISO →

My Retirement Plan

Buy 10,000 trophies from China (max $1 each including shipping)Buy an engraverRegister a fancy domain, like, "WorldsBestSecurity.com"Send emails to companies saying they've "won" an award in some <random category>. For a mere $1000 they can get featured in the WorldsBestSecurity.com listing and receive an engraved trophy. 10,000 * 1000 = 10,000,000 Even with a 50% … Continue reading My Retirement Plan →

Your polls are bad

If you've been on LinkedIn recently, you've probably seen your feed littered with polling questions. It could be something simple as, "which of these items do you like for breakfast" or something more specific such as, "Zero Trust is good because..." Either way, I have a bit of an issue with how these are framed, … Continue reading Your polls are bad →

The Impending Reality of Virtual Reality

There's a concept around finite and infinite games. A finite game is played to win whereas an infinite game is played for the purpose of continuing. I like to think of Monopoly as an infinite game. I've never been able to complete the game, and I've yet to meet anyone that can tell me any … Continue reading The Impending Reality of Virtual Reality →

Looking for security in the wrong places

It's an old economists' joke. A person out walking at night comes across a man scrabbling on the floor under a lamppost. The man on the floor says he lost his keys. When asked when he dropped them he then replies, "Oh, I dropped them over there, but the light's better here." It's an apt … Continue reading Looking for security in the wrong places →

The bad old days

BSides London is taking place and due to the pandemic and things, I'm not going and it's put me in a contemplative mood about the early days of my career. When I started there were no such things as conferences such as BSides. We only had Infosec Europe and the most we got out of … Continue reading The bad old days →