Yes, I'm a bit late and this isn't much of a security video, but I guess I needed to explain where I'd been and seeing as Girl Cynic took some time out of her busy schedule to be available for some filming, I thought why not. I guess the only thing of note in the … Continue reading New job and other busy things →

Seeing as so many people (well ok 2 people) were asking me about my B-Sides London talk, I thought that rather than just send the link to the video, I'll embed it here so I can say a few words about it too.... umm this is my talk. I was considering putting a link to … Continue reading ENGLISH! Do you speak it? (Security B-Sides London Talk) →

LinkedIn, LastFM and eHarmony all suffered major password database breaches recently. But really, with so many breaches happening, did anyone even notice?

What is FUD? Is it good or bad and how can you differentiate between whats true and what's FUD? Kind of like those old adverts that used to ask, "Is it real or is it Memorex" I've probably given far too much away about my age with that line, but google it, it's totally true. … Continue reading Flame – Fact or FUD →

From a young age, kids start telling white lies to get out of trouble from their parents. These aren't usually malicious lies, it's not like they go around at night killing the neighbourhood cats. It's more small things like standing in front of you with their hands covered in paint and claiming they don't know … Continue reading Lies, Lies and Some more Lies →

What's the best security advice you've ever received? That was the question I was asking unsuspecting delegates at Infosec Europe 2012, on behalf on Tripwire. As you can see, there were a fair amount of answers around passwords. Which was... ummm... interesting. See more of my coverage at Infosec 2012, with some great interviews with … Continue reading What’s The Best Security Advice You’ve Received? →

Information Security folk aren't much different than people in other careers. When we get together and talk amongst ourselves, it can sound like a foreign language. But do we remember to revert back to normal language when we speak to non-security people?

I spent a day at Infosec Europe courtesy of my lurvely sponsors Tripwire and got the chance to speak to people who otherwise wouldn't have probably given me the time of day. So I guess the one thing you can take away from it all is that if you want to speak to CISO's and … Continue reading B-Sides London and Infosec Europe 2012 →

Security awareness training can be a bit dull and boring, so we commonly try to come up with ways on how to make it a more engaging topic for our audience. But do we end up patronising them with gimmicks and child-like messages?