Blog
101 - Making the most of our tools
Whenever I go to a new client and meet their security team, one of the things I always try to get a good glimpse of is their security tools. How do they track risks on projects? store penetration test results? set and enforce policies on development teams?
100 - What's next?
Welcome to the 100th edition of Cyberweekly! I can't really believe that I've done this for almost 2 years now, and that I've stuck with it, and that people still message me to tell me that they find it useful. I've said before, I mostly write this for my own use, and hopefully people find it useful as a side effect, but it forces me to be more methodical with my reading and my analysis that I do all the time anyway.
99 - Collaboration, Risk and Data
Major General Copinger-Syme’s speech is a rousing affair that outlines 3 areas of opportunity for the UK Military complex that digital disruption is going enable. These are challenges around collaboration, around risk and around use of data.
98 - Governance isn't a dirty word
I've spent a long time working in Agile. I was on one of the first really big agile programmes of work at the Guardian, and introduced to many of the concepts by people who went on to be great thinkers and definers in agile development.
97 - How to work from home
I'm sorry to tell you this, but I don't think the global quarantines are going to end anytime soon.
96 - The cloud is more secure
I’m bored of the Zoom infosec debacle at the moment, so I thought I’d look more at one of my favourite hobby horses, the adoption and use of the cloud and how to use it securely.
95 - We don't know what people do with our data
I've had a busy week where I've spent a lot of time writing some data protection impact assessments and privacy policy type stuff. It's felt a little like fiddling while rome burns to be honest.
94 - Is remote working just letting the enemy inside the walls?
As pretty much every organisation in the UK and US has made urgent moves towards remote working, there are security and technology teams scrambling to enable remote access for their staff and to make it work. VPN's are being overloaded, broadband connections saturated and terminal service licenses being exceeded in many organisations.
93 - Tools shape our thinking
The more I look at how digital transformation and digital culture is going, the more I realise that one of our big problems is the lack of attention to the tooling that we use.
92 - What justifies lawful interception
You may have seen the "interesting" video about backdoors from Huawei this week, which has been widely panned as company based propaganda. However it does raise an interesting point (and referencing the story from last week), that legally mandated lawful interception points are also backdoors into systems.
91 - Who actually is security and what are we for?
A recent tweet asked people to write a scary story in just 3 words. I replied with "Security says no", and a reply "Who is security" caused me to reply with "we're all security".
90 - How do we deal with personal data?
Editors Note: Delayed by a day this week because I've been away on holiday and flights back were delayed. That also explains all the comments and analysis helpfully provided by Joel this week. Thanks Joel.