I found this post on my computer. I can't remember where it originally was posted (if it was at all), but I found it useful and thought I'd repost it again. Articulating risks in a clear and concise manner can greatly assist your company in making the right decisions. A typical example of poor communication … Continue reading Writing Better Risk Statements →

Last week, Thom Langford wrote a post on his RSA 2019 itinerary, which featured some of the sessions he'd shortlisted to visit. I found it to be a useful list, and thought I'd try compiling my list of vendors I'd put on my shortlist to find out more about. My employer AT&T Business - 5545 … Continue reading The RSA 2019 Shortlist →

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !! — Nadine Dorries (@NadineDorries) December 2, 2017 This tweet by member … Continue reading The attitudes of credential sharing →

I have Amazon Prime, I quite like their shows, and whenever I have some time to kill I’ll watch an episode or 3. A couple of weeks ago, I thought it would be a good idea to install the official Amazon video app on my android device, so that I could download episodes and watch … Continue reading Undermining security and weakening Android →

European startup CLTRe founded by Kai Roer has spent the last couple of years examining the security awareness and user behaviour problem through the lens of security culture. Based on findings over the course of 2016, CLTRe has produced its first annual Security Culture report, co-written by Roer and Gregor Petric, Ph.D., an Associate Professor … Continue reading When culture eats awareness for breakfast →

I've followed Scott Helme's work for a while now and have been impressed with his approach. So was interested to find out that he had teamed up with BBC Click and Prof Alan Woodward to comprehensively dismantle a vendors claim to total security. Scott has published the whole story on his blog and The BBC Click … Continue reading The Growing Impact of Security Researchers →

You're the new guy in the security ops team, they're giving you training and put you on a very crucial and important job… Monitoring. You'll be told how important the job is and how it is essential to be done correctly to ensure the ongoing safety of the company. But you notice that nobody really … Continue reading How to Fake Monitoring →

For all the talk about it being an echo chamber and the like, I've met a ton of people in security whom I otherwise wouldn't have. As I was pondering over this over breakfast one morning, I came to the conclusion that I end up grouping my infosec friends into different categories. They probably look … Continue reading Infosec Friends →