Blog
197 - Are we getting better or not?
It's incredibly difficult to legitimately measure our effectiveness at cybersecurity.
196 - Knowing when you are compromised, and doing something about it
“Just log more” is the advice that we see most often from cybersecurity defenders and cyber talking heads (which reminds me of Max Headroom).
195 - Do we understand our supply chain?
Betteridge's law should tell you the answer to this!
194 - Talking to yourself
Happy sunday on a gloriously sunny day. Some of you might have noticed that I didn't send a newsletter last week, and I'd love to have a good excuse, but in reality, it's the start of summer and the UK has a number of public holidays that make for long weekends. I write this newsletter in my spare time, often at the weekend, and when we have a long weekend, I'm far more likely to spend time with my family, so I simply didn't get around to it. Apologies if you felt you missed out, but sadly, writing this newsletter doesn't pay the bills and my day job takes up vast amounts of my time and attention in the week, so it's best effort from me, and as the summer moves on and we have more holidays, we might miss a few weeks. As always, your comments, stories and recommendations always help and I'm happy to include others links and commentary in here, so drop me a message if you'd like to contribute.
193 - Remaining vulnerable
How you deal with vulnerabilities is critical to your organisations approach to security.
192 - Integrity in the software supply chain
We sometimes talk about "securing the software supply chain" as if it will prevent bugs and issues, which isn't quite accurate.
191 - Risk and Reward
Humans are funny creatures, we're afraid of flying but drive cars on a daily basis despite one being the safest form of travel and the other being the most dangerous.
190 - It's not zero trust, it's moving trust
Zero trust is the architecture we talk about where there is zero trust in the fact that the requests are "coming from inside the network".
189 - Trusting your source
I’ve referred before to the excellent XKCD cartoon that reminds us that huge amounts of modern commercial systems and code rely on a library maintained by a single open source developer somewhere in Nebraska.
188 - Trust networks
How networks affect us all is both intuitive and supremely unintuitive at the same time.
187 - Advanced attackers aren't always advanced
This week has had a lot of cyber security pundits confused that their predictions of the coming cyber apocalypse haven't come true.
186 - Managing people is our job
I'm going to start this week by explaining why I'm not talking about the situation unfolding in Ukraine.