Blog

41 - The evolving practice of security

March 2, 2019

I'm speaking at QCon this coming week on the evolving practice of security and therefore it's a lot in my mind.

40 - Throwing out the baby with the bathwater

February 25, 2019

Is ITIL valuable? If you ask that at a DevOps or Agile conference, people will either stare at you blankly, or tell you horror stories of their experiences with CAB.

39 - Are developers the kingmakers?

February 23, 2019

Stephen Grady wrote a book around 5 years ago called The New Kingmakers in which he argued that people with the ability to write software would fundamentally change the way that business would operate. This hasn’t come true generally, probably a combination of developers having a myopic view of users (developers love to build for other developers, but struggle to remember that many users don’t care about the same things that they do), and the fact that while technology has advanced, most businessiness don’t take advantage of the power of developers.

38 - Digital transformation is hard

February 9, 2019

What is the strategy for doing digital transformation in a large organisation?

37 - The US dominates “cyberspace”

February 2, 2019

A long one this week, primarily because the US released the Worldwide threat assessment and the Intelligence Community strategy. This resulted in a lot of reading about various military systems and networks, which always fascinates me. I’ve tried to pick out some of the best and most relevant analysis, but I do recommend that interested people read the strategy and threat assessment themselves.

36 - What will 2019 hold for us?

January 26, 2019

I've held off on making predictions about cybersecurity. 2018 was such a bonkers year, from the SuperMicro allegations, to Russian interference everywhere, from Facebook breaches to Google+ breaches, it felt like it just kept getting crazier and crazier.

35 - Are we still learning?

January 21, 2019

How do we continue to learn? Often we are so busy and so up against the deadlines that we barely have time to complete all of our work, let alone take time for "Continuing Professional Development". Security is so often about putting out fires that if we aren't actively dealing with disaster, we are either drilling for disaster, or so exhausted that we aren't on best form.

34 - The sky is falling

January 12, 2019

2FA has been broken, and so it's all over. This was what the news seemed to scream at me this week with the release of the modlishka tool.

33 - Who are we at Cyberwar with?

January 8, 2019

Over the Christmas period, the twitter argument started by Perry Metzger has made me think and ruminate a lot on Cyber Warfare and adversarial thinking.

32 - Happy New Year

December 29, 2018

Welcome to CyberWeekly, a weekly roundup of news, articles, long form blog posts and various other miscellania that interests your author, Michael Brunton-Spall.

31 - Merry Christmas

December 29, 2018

Merry Christmas,

30 - A breach is just a failure of process

December 15, 2018

As we see breach after breach after breach, we tend to see root cause analysis processes and they always come to the same conclusion. The process wasn't in place properly and wasn't followed.