Tech debt of remote working

The Shodan blog posted some trends in internet exposure, which like most of the Shodan research is very interesting. One part that caught my eye was this. The number of devices exposing RDP to the Internet has grown over the past month which makes sense given how many organizations are moving to remote work. It's … Continue reading Tech debt of remote working →

Lost All The Money

After a several year hiatus, many creative differences, multiple instances of rage-quitting, and several occasions of ghosting so good that Patrick Swayze would have been proud - the group I founded, Host Unknown, has released it's much-awaited third song. We've covered security certifications, and we've tackled risk management. But this time, we've locked on to … Continue reading Lost All The Money →

Writing Better Risk Statements

I found this post on my computer. I can't remember where it originally was posted (if it was at all), but I found it useful and thought I'd repost it again. Articulating risks in a clear and concise manner can greatly assist your company in making the right decisions. A typical example of poor communication … Continue reading Writing Better Risk Statements →

The RSA 2019 Shortlist

Last week, Thom Langford wrote a post on his RSA 2019 itinerary, which featured some of the sessions he'd shortlisted to visit. I found it to be a useful list, and thought I'd try compiling my list of vendors I'd put on my shortlist to find out more about. My employer AT&T Business - 5545 … Continue reading The RSA 2019 Shortlist →

The attitudes of credential sharing

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !! — Nadine Dorries (@NadineDorries) December 2, 2017 This tweet by member … Continue reading The attitudes of credential sharing →

Undermining security and weakening Android

I have Amazon Prime, I quite like their shows, and whenever I have some time to kill I’ll watch an episode or 3. A couple of weeks ago, I thought it would be a good idea to install the official Amazon video app on my android device, so that I could download episodes and watch … Continue reading Undermining security and weakening Android →

When culture eats awareness for breakfast

European startup CLTRe founded by Kai Roer has spent the last couple of years examining the security awareness and user behaviour problem through the lens of security culture. Based on findings over the course of 2016, CLTRe has produced its first annual Security Culture report, co-written by Roer and Gregor Petric, Ph.D., an Associate Professor … Continue reading When culture eats awareness for breakfast →

The Growing Impact of Security Researchers

I've followed Scott Helme's work for a while now and have been impressed with his approach. So was interested to find out that he had teamed up with BBC Click and Prof Alan Woodward to comprehensively dismantle a vendors claim to total security. Scott has published the whole story on his blog and The BBC Click … Continue reading The Growing Impact of Security Researchers →

Make your vote count

The prestigious European Security Blogger awards are upon us. For those unfamiliar with the European Security blogger awards, it's an award ceremony for bloggers who specialise in security and reside in Europe - at least that what I hope it means. I am fortunate enough to have made it into the finals in five of … Continue reading Make your vote count →

How to Fake Monitoring

You're the new guy in the security ops team, they're giving you training and put you on a very crucial and important job… Monitoring. You'll be told how important the job is and how it is essential to be done correctly to ensure the ongoing safety of the company. But you notice that nobody really … Continue reading How to Fake Monitoring →