Blog

41 - The evolving practice of security

I'm speaking at QCon this coming week on the evolving practice of security and therefore it's a lot in my mind.

40 - Throwing out the baby with the bathwater

Is ITIL valuable? If you ask that at a DevOps or Agile conference, people will either stare at you blankly, or tell you horror stories of their experiences with CAB.

39 - Are developers the kingmakers?

Stephen Grady wrote a book around 5 years ago called The New Kingmakers in which he argued that people with the ability to write software would fundamentally change the way that business would operate. This hasn’t come true generally, probably a combination of developers having a myopic view of users (developers love to build for other developers, but struggle to remember that many users don’t care about the same things that they do), and the fact that while technology has advanced, most businessiness don’t take advantage of the power of developers.

38 - Digital transformation is hard

What is the strategy for doing digital transformation in a large organisation?

37 - The US dominates “cyberspace”

A long one this week, primarily because the US released the Worldwide threat assessment and the Intelligence Community strategy. This resulted in a lot of reading about various military systems and networks, which always fascinates me. I’ve tried to pick out some of the best and most relevant analysis, but I do recommend that interested people read the strategy and threat assessment themselves.

36 - What will 2019 hold for us?

I've held off on making predictions about cybersecurity. 2018 was such a bonkers year, from the SuperMicro allegations, to Russian interference everywhere, from Facebook breaches to Google+ breaches, it felt like it just kept getting crazier and crazier.

35 - Are we still learning?

How do we continue to learn? Often we are so busy and so up against the deadlines that we barely have time to complete all of our work, let alone take time for "Continuing Professional Development". Security is so often about putting out fires that if we aren't actively dealing with disaster, we are either drilling for disaster, or so exhausted that we aren't on best form.

34 - The sky is falling

2FA has been broken, and so it's all over. This was what the news seemed to scream at me this week with the release of the modlishka tool.

33 - Who are we at Cyberwar with?

Over the Christmas period, the twitter argument started by Perry Metzger has made me think and ruminate a lot on Cyber Warfare and adversarial thinking.

32 - Happy New Year

Welcome to CyberWeekly, a weekly roundup of news, articles, long form blog posts and various other miscellania that interests your author, Michael Brunton-Spall.

31 - Merry Christmas

Merry Christmas,

30 - A breach is just a failure of process

As we see breach after breach after breach, we tend to see root cause analysis processes and they always come to the same conclusion. The process wasn't in place properly and wasn't followed.