Blog

89 - Trust in security

February 15, 2020

A short one this week I’m afraid. Prepping for half term and a heavy workload this week have conspired against me. So most of the stories are from the backlog from before Christmas.

88 - There's no certainty in risk management

February 10, 2020

If you've never seen a risk matrix, then the idea of talking about risks being unlikely, rare, likely and contrasting that with the impact of the risk might seem unusual to you. Here is a sample risk matrix to help with the below

87 - How much of a target are you?

February 1, 2020

Our ego likes to tell us that we are special, that attackers have carefully picked out organisation out of millions of others, that they have taken the time and energy to research us online, get to know our executives, our staff, our technologies before striking.

86 - Tackling only what we can

January 25, 2020

We often want to fix everything around us. We want to fix systems, processes, and entire organisations all at once. And then we burn out unable to get the fixes we need in place.

85 - Change is scary for people

January 18, 2020

"Security is important, you must patch now".

84 - What would cyberwar look like?

January 11, 2020

Last week I deliberately avoided talking about the Iran/USA international issues because I felt like there was not enough real information and too much misinformation floating around and I didn't want to add to it. I meant to be explicit about it, and forgot while writing the introduction. I'm still going to avoid talking directly to the ongoing conflict. There are many better news sources on foreign affairs who are far more qualified than me to talk about that stuff.

83 - Poor incentives for cybersecurity industry

January 4, 2020

Welcome back for the first newsletter in 2020.

82 - What do we mean by threat model?

December 14, 2019

You often here security researchers talk about “That’s not in my threat model”, “This is secure only for a certain threat model”, or “the lock is invincible to the people who do not have a screwdriver” , but most of us don’t really know what a threat model is, and our users certainly don’t.

81 - What does best practice even mean?

December 7, 2019

It's a short one this week because I'm currently touring Australia speaking at Yow! Brisbane conference, and I've therefore been enjoying the sun and heat.

80 - How secure are cryptocurrencies

November 30, 2019

With China making clear moves that it intends to have some form of Government backed digital currency. Whether that is a "cryptocurrency" and based on a blockchain or whether it is some other managed digital currency, a government backed digital currency has potential to change quite a lot in finance.

79 - Do we know why things go right?

November 23, 2019

In security, we spend a lot of time thinking about how things fail.

78 - Enough with the cyber-nonsense

November 16, 2019

Applications that aren’t immune to compromised endpoints; Nation states that want to steal your lunch; System administrators might have built backdoors into your photo backup system.