Stuff Shoved Under blog

The Cynic’s guide to ISO27001

Nearly every security practitioner is familiar with the ISO27001 standard for information security. A lot of companies base their internal security policies on it and third parties use certification to it as a gold standard. But, what do the statements, recommendations and controls actually mean? Working for very large organisations, I learnt them to mean…

filed under blog

An Article about Information Security Articles

Edit: Despite almost qualifying as a senior citizen, my award-winning friend Thom Langford agreed to write me a guest post (seeing as he writes guests posts for everyone else). I did not impose any conditions except that the topic be relevant and not self-serving in the slightest.       I found myself writing an article that I didn’t…

filed under blog

Vegas from afar

One of the rules from our Infosec Rockstar video was that even if you can’t attend a con, you should tweet as if you’re there. Well, I kind of messed up on that tweeting part – but despite me not being at Bsides, Blackhat or Defcon this week, I’ve been living vicariously through the tweets…

filed under blog

A recap for Eve and Gillis

I often shoot myself in the foot by agreeing to doing things and then realizing it eats up a lot more of my time than I’d originally anticipated which is why I haven’t been blogging or making videos much recently. Some of the things that have been consuming my life lately have included (cue fast-paced…

filed under blog

Infosec conferences – client side vs server side

Because infosec has cured cancer, ended poverty and created a utopian paradise that the villain in Demolistion Man could only dream of – the industry often finds itself trying to fix the really big issues via twitter and other social media platforms as well as within the hallways of conferences as to what is wrong…

filed under blog

Security and the cobra effect

Some people just want to watch the world burn. Others just want to give bad security advice. Check out Troy Hunt’s blog post on the matter.

filed under blog, Video

The CISSP companion handbook: A collection of tales, experiences and straight up fabrications fitted into the 10 CISSP domains of information security

I didn’t write the book, the book wrote me. Which is kind of true because I kind of wrote a lot of stuff independently and then combined it with some of my old notes that I took whilst preparing for the exam and scoured through old emails for the rest.   It’s definitely not something…

filed under blog

We won!!!

If you like to keep up with my ramblings on the Facebook or twitter, you’d probably have seen that not only was I nominated in several categories for the European Security Bloggers Awards, but so was Girl Cynic. Well, apparently Girl Cynic has been doing something right because she won the award for most entertaining…

filed under blog

A friend with photoshop is all you need

Jimmy is a good guy – I like him, he works in security and trains MMA. Which means if he can’t gain access to your server, he’ll simply beat the password out of you. Then he posted this picture on twitter in a cowboy hat.  As they say, a little photoshop is a dangerous thing…

filed under blog, Uncategorized

Here’s full disclosure – now no disclosure

Full disclosure has announced it’s shutting down. Even people far more capable than me are trying to comprehend why. One of the key grievances cited by John as to why Full Disclosure is being shut down was the constant battling against trolls – even from within the security community. It raises a number of interesting…

filed under blog