Blog

257 - Focusing on the right things

I was taken over the last few weeks at how often we focus on the wrong things. The things that are exciting, interesting and appear in the media are often vastly disproportionate to the actual impact on the business.

256 - The AI Issue (again)

This is Cyberweekly 256, the first Cyberweekly whose issue number can’t be held in a single byte! So maybe I should say that its Cyberweekly 0x0100.

255 - Principles that underpin our security education

I constantly use the refrain around “it’s not a technology problem, it’s a people problem” in a lots of contexts.

254 - The real AI risk? Bad code, not just bad actors

It's been quite a week and I was really hoping to not talk about Deep Seek at all this week, but it sits at a really interesting nexus of thoughts around vulnerabilities and AI that has been on my mind all week.

253 - Here little phishy

Phishing remains one of the biggest problems for firms in 2025, and we don't seem to be doing the right things about it.

252 - Keeping secrets secret

Our technical systems are filled with secrets, from passwords to API keys or even just internal IP addresses if you listen to some slightly tiresome threat modelling aficionado's

251 - It's not what you know, but who you know

Two sides of the same coin today, a reminder that who you know and how you interact with them is more important in many cases than the technical details.

250 - Is this thing on?

Welcome to 2025, and the first newsletter in 7 months, and my 250th newslatter!

249 - We rely on people, but do we look after them?

Over a career spaning some 25 years, I've learned multiple programming languages, I've learned complex API's, memory management techniques, implemented mathmatical algorithms, led teams building systems at scale, and worked to defend systems from advanced cyber adversaries, and throughout all of that, the focus has almost relentlessly been on the technology and the platforms.

248 - On the subject of passwords

I hope you've all had a glorious week. The UK had the early May bank holiday weekend and I've had a delightful holiday with the return of the sunshine, so I didn't write an edition last weekend as I was enjoying a much needed break instead.

247 - Delivering what the users want

In Charles Arthur's book on cyber attacks, Cyber Wars (amazon affiliate link), Charles pointed out that the stock price of companies that suffered public breaches often dipped ever so slightly straight after an attack and then rebounded up. Consumers it seems didn't care whether their service providers were hacked or not, and in one case study, it was shown that only people who were considering leaving that quarter anyway actually left, and new customer signups continued at normal pace, which somewhat counter-intuitively, got rid of some of the more difficult customers, and replaced them with loyal ones!

246 - Walking the floor as a leader

After last weeks newsletter, I was contacted by a few people to mention that the combination of pieces about "moving away from the shop floor" resonated quite strongly with them.