Blog

77 - Progress marches on even if we aren't ready

Security is hard, that's more or less the theme of Cyberweekly every week. While I get as excited about advances and cool new toys as anyone else (ok, maybe a little more so), one of the problems we have in cybersecurity is the growing legacy of poor decisions and poor technology.

76 - General is easier than specific, or why security says no

Why do we find rules in place that say "No, you can't access twitter" even when the person asking is the social media team?

75 - Coordination is hard

In big organisations, or across nation states, coordination is really hard.

74 - Security things are still really hard

Joel and Jon are back! Hello again. We're covering for Michael just for this week while he recovers from having been slaving away on a Mauritian beach

73 - Know your users

We often engage with proxies for our real users. It doesn't matter whether you are building a product that you sell, or writing policy for an organisation, you have real users and then you have decision makers.

72 - What are our boundaries?

People get overexcited by the term Zero-Trust networking. If you read the BeyondCorp research papers, or read the excellent book on Zero-Trust Networks (affiliate link), they really say that it is about a new paradigm of computing, it is about access brokers and identity aware proxies and policy enforcement on access and all that good stuff.

71 - What actually is hostile social manipulation?

As we come into some turbulent years for democracies in the west, I think we are going to hear a lot more about hostile social manipulation in various forms. Of course we are already used to cries of “fake news” from certain sides anyways, but it’s hard to know what is meant when people talk about it.

70 - Tackling the insider threat

I've been reading Edward Snowdon's autobiography (affiliate link) this week, and it's made me think about insider attacks quite a lot.

69 - Fake news and adequate pernicious toerags

None of us like to believe that we can be defrauded, tricked or influenced. There's a fascinating bias called "unconscious bias bias" which is where people can see and identify unconscious biases in others, but cannot see them in themselves.

68 - Do we trust machines?

How much do we trust machines? It turns out, according to research I read this week, that the majority of people expect an automated aid to perform better at a task than a human. That can include examples such as navigation, driving aids, medical checklists and automated highlighting systems.

67 - How to compare or weigh risks?

Some of you will be aware that I have a love/hate relationship with risk management techniques. On one hand I am a firm believer that many organisations focus on entirely the wrong things, on back to back multi-vendor firewalls and sheep-dip antivirus systems for JSON payloads, when those things don't actually ameliorate the risks that the organisations face, they just make busy work.

66 - Are we unwilling managers

Many of us in infosec and digital are also team leads or managers of various forms, and most of us tend to be somewhat unwilling managers.