Blog

221 - Can you define a good security culture?

It's really easy to hand wave and say that we need a better security culture, but it's really hard when you start to drill down on what that actually means.

220 - Communicating with your staff

One of the hardest challenges for new managers is learning how to communicate effectively as a manager.

219 - When is a credential not a credential?

In the move to zero-trust, the concept of credentials to authenticate users comes up a lot.

218 - Balancing security and usability

Happy new year and welcome to 2023.

217 - Raising the cost for attackers

One of the things that we don't often talk about in security is that we're often not trying to make our systems immune to attacks. Instead, what we are often trying to do is ensure that our system is too hard for the average attacker to compromise easily.

216 - Learning from the past

We aren't very good at learning from the past in cyber security.

215 - Make things open, it makes things better

As annual reports often tell us, the speed and capability of cyber crime groups and bad actors on the internet is constantly increasing.

214 - Little snippets of practice

Firstly, apologies that this weeks issue has been delayed and last weeks issue was completely missing for a number of reasons, partly because it's half term in the UK and I've been spending time with my family, and partly because I've been incredibly busy recently.

213 - When is a vulnerability not a risk?

We’re moving the dial on the visibility of vulnerabilities.

212 - The danger of frameworks

Frameworks are brilliant, they let us build something quickly, providing it’s the same shape as the framework intends.

211 - Templates and other enablers

What does it mean to secure the appsec pipeline?

210 - MFA is "simple"

For years, the security community has said that it's simple to roll out MFA.