The joys of travelling

by javvad Malik with no comments

I often document my travels which have considerably increased since I became an analyst, therefore attending conferences is part of my job.

People who travel will know that you don’t always get time to see the sites or engage in anything fun. In fact, it’s pretty much travel –  do work –  travel back. So most cities I’ve only seen the airport, the inside of a cab, the inside of the conference centre and  the hotel. as I tried to depict in this 60 second video of my trip to Paris a few weeks back.

filed under Video

The greatest story ever told

by javvad Malik with 1 comment

It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.

This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.

The Greatest Story Ever Told from Twist and Shout on Vimeo.


To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.


Santa Gets Hacked! from Twist and Shout on Vimeo.



Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.

filed under Uncategorized

Amazon Instant

by javvad Malik with 2 comments

There’s been a bit of a buzz around the news that amazon may be using drones to deliver purchases within 30 minutes.

Well, that’s nothing compared to Amazon Instant!


filed under Video

The Analogies Project

by javvad Malik with no comments

I’m a contributor to the analogies project – I think it’s a great initiative. I don’t think Girl Cynic gets the idea though…

filed under Video

The top amazing people you should know about

by javvad Malik with 1 comment

Search engine optimization (or SEO) is a thing. Well, I’m not too sure how big a thing it is now, but it used to be huge. The concept was / is that if you sneak the right words onto your website or blog post, then people searching for that particular term will end up coming to you.

For example, if I just say I’m going to write about a cute cat looking adorable dressed in a Darth Vader outfit whilst on a Deathstar – I would hope anyone searching for those terms will end up landing on my website. It doesn’t really concern me if they get any value out of the content, as long as I can show that visitors are coming to my site I can monetize that.

Search engines are a bit better than what they used to be and also people are more selective in what they follow, so here’s the new trend. I like to call it ECO or Ego Clicking Optimization.

Here’s how it works in three simple steps, and how you too can get literally thousands of visits to your website.

  1. 1. Compile a list of people on twitter, facebook etc. who have loads of followers. It doesn’t matter if they are relevant to each other. The only criteria is they have a ton of followers.


  1. 2. Create a blog post entitled, “The top amazing people you should know about” or something creative like that. List out all the names you compiled in step 1. If you’re creative maybe put the names in an infographic.


  1. 3. Tweet out a link to the blog post multiple times, each time tagging several of the people in the list. Then sit back to the sound of beautiful clicks.


Why does this work? Because most people love having their ego stroked… I should know! They’ll jump at the opportunity to retweet the crap out of your post and maybe even comment about how honoured and humbled they are to be included in such an awesome list. In fact, if you do it right, you’ll get people complaining that they weren’t included in the list – which gives you an excellent reason to do a follow-up. Let’s get ECO into the dictionary!

For those of you who actually clicked to see a list of the top amazing people you should know about, please refer to the top 15 list below:

Wendy Nather


Charlie McDonnell

Natalie Tran

Wheezy Waiter

Friggin Boom

Casey Neistat

Cory Doctorow

Nicholas Percoco


Dual Core

Wesley McGrew

Freddie Wong

Jennifer Leggio

The Bloggess


filed under blog

(ISC)2 election and the butterfly effect

by javvad Malik with no comments

It had been a busy day at work and I was glad to be home. My wife had told me she’d be taking the kids out after school to a friends house so I knew no-one was home – yet I still announced loudly “Hello, I’m home.” We had been burgled a few months earlier and I still got butterfly’s coming back to an empty house. By announcing myself loudly I thought would give any burglars the chance to escape; and I would let them. The last thing I needed was a confrontation with a burglar. You see, Britain is unlike most other countries in the civilised world where scum who break into your home actually have more rights than you do, so if you end up punching them a little too hard you could end up with a criminal record.

Once I satisfied myself that the coast was clear I went to the kitchen and poured myself a glass of water and turned on the T.V. Flicking through channels I didn’t find anything of use and wondered what I could do with my ‘freedom’ over the next few hours. I find its one of the things that happens when you become a parent. You miss the freedom of not having kids at times, yet when they’re not around you don’t know what to do and wish they were back.

I’d been toying around with YouTube recently, uploading a few videos here and there with limited success. But I was still learning the art of making videos so I wasn’t that bothered by it. I thought I’d use the opportunity to make another video just to see how things went. It ended up being a short tongue-in-cheek video entitled “Benefits of being a CISSP” http://youtu.be/8DZkpynFhak . It was just a bit of fun and I didn’t think much of it at the time. However, once I published it I saw the viewing figures rise and rise. Wow – an ill-thought out video that I shot and edited in 2 hours was something people actually liked. I began to have visions of grandeur where I could earn millions from YouTube and retire.

Those dreams weren’t to be realized, but that wasn’t the worst part. I opened up my email box one day to see an email from someone at (ISC)2. The preview showed me the first two lines and I felt a knot in my stomach. It read,


We’ve seen your ‘Benefits of Being a CISSP video’ which you created….

I didn’t want to open the email. I’d seen this kind of behaviour before from large faceless corporations. Someone at (ISC)2 must have taken offence to my video and at best the email was asking me to take it down, at worst I was looking at some legal proceedings. I cursed myself for being so stupid. In my haste and attempts to be funny I’d poked a bear, and now it had its claws out. I sat  there for what felt like an eternity before I finally exhaled loudly and clicked the mouse to open the email with a little more force than was required. To my surprise the rest of the email was nothing like I expected.


We’ve seen your ‘Benefits of Being a CISSP video’ which you created and we love it. Would you please send us the video file? We’d like to play this at an upcoming (ISC)2 event.




I still wasn’t entirely convinced and ended up exchanging a few emails to verify this was actually true. It got me curious as to what other assumptions I may have about the organisation that could be wrong so I attended the next (ISC)2 annual congress which was held in Philadelphia. I got to spend time with a number of staff, board members and executive team; where I found that a large number of my preconceptions about the organisation were wrong… very wrong. It would be an understatement to say that (ISC)2 had done a poor job of communicating all that it does and how members can benefit or get involved.

Whilst at the event I came across an initiative entitled Safe and Secure online (SSO) which provides a framework to enable members to go to schools and educate 7-14 year olds on how to remain safe online. Having children of my own, I thought it was an excellent initiative so I ended up offering to help out a little bit where I could. Upon my return home, I saw that I had been featured on the safe and secure website as a volunteer. “That’s nice of them” I thought to myself as I read through it.

Some 3,300 miles away, Bob Covello, a New York-based security professional was browsing the safe and secure website. He was interested in getting involved but wasn’t sure how effective it would be. Bob saw my profile on the website and thought he’d drop me an email. After all, he assumed he’d get a better response from a YouTuber than someone at (ISC)2.

I saw Bob’s email the next morning where he asked if it would be a good idea to become a SSO volunteer. The response was easy; it wasn’t about (ISC)2, or even security. In my mind it was all about how to give something to the local community. I wasn’t too sure about the whole onboarding process so I introduced Bob to James McQuiggan. I’d met James at (ISC)2 congress and I knew he was active in the SSO program as the lead volunteer in Florida. I hit send, and forgot about it. My job here was done.

Some weeks later I received another email from Bob. The email was full of positivity. He told me how after speaking to both James and I he went on to review the training materials and with the help of a third CISSP named Sandy Tyson he was able to make a couple of presentations at the Middle school in his neighbourhood. Not only did he receive great feedback from the school, but he told me how he felt like he’d made a bit of difference by educating some young adults and some teachers about online safety and security.

That wasn’t the end of it though; some time later the guidance counsellor from the school district invited him to come and speak about online anti-bullying. As an extension of what he had learnt through volunteering for SSO, Bob also created other presentations he uses to educate business people about online security. Bob summed up his experience with the statement;

“Volunteering for the SSO Foundation has introduced me to some of the kindest and most generous folks I have ever met, as well as teaching me to be a more caring individual.”

I sat back and reflected on it… Bob is a good man and he wanted to make a difference in his community. He would have done so without (ISC)2, James, Sandy or me . But (ISC)2 was the thread that connected us all… and that got me thinking. Despite all its fault and warts – it’s a juggernaut with over 90,000 members worldwide. That’s a vast resource of potential that can be tapped into.

Which is why I’ll be giving my support to the people I think will be the best additions to the board in the upcoming upcoming elections that run from the 16th to 30th of November 2013. (people like Jennifer http://securityuncorked.com/2013/11/who-is-this-person-running-for-isc2-board-jj/)

I’m not here to try and convince anyone of the pros or cons of (ISC)2 –  I just wanted to share a story with you about how I was a small cog in a chain reaction that enabled a man several thousand miles away to help keep children safe. If one of those children grows up happier as a result, I think it’s worth the effort. (well its better than complaining about stuff on social media)

filed under blog

44 facts about 44con

by javvad Malik with 1 comment

So I met up with my Host Unknown cohorts at 44con and we decided it would be a good idea to make 44 facts about the conference. An idea that sounded a lot easier than we assumed.

filed under Video

Procrastination, Vine and Host Unknown

by javvad Malik with no comments

Dayam! I’ve been busy… or I’ve just been procrastinating and telling everyone that I’ve been busy. Either way, the result is the same, I’m behind on work, I’m behind on videos and I don’t even seem to blog with the written word anymore.

A lot of this has to do with Vine. As if YouTube wasn’t bad enough, Vine offers sucks you in with videos which are only 6 seconds long. What’s the worst that could happen in 6 seconds? Well… I became a dad, but aside from that it’s 6 seconds of videos one after another and before you know it you’ve spent the whole evening going through a pack of hot chilli Doritos’ and Vine videos only to wake up with a stiff neck, no battery on your phone and a dusting of Doritos’ over your top.

In other news Host Unknown went live with its first episode last week. It’s a mess and I wasn’t even intending to be part of it. In fact I laughed at Andy and Thom when they approached me for tips about doing a video and told them that they were just a couple of unknown hosts. Next think I know they’ve called the show Host Unknown and the producers are begging me to make a cameo appearance to add some much needed star power. At least, that’s how it sounded to me in my head.

Check out the shenanigans we got up to at Infosec Europe and hold on to your seats for our factual documentary when we were at 44con.



filed under Video

War Driving 101

by javvad Malik with 1 comment

A few weeks ago a non-tech friend said he’d heard someone talk about this thing called War Driving so I explained that essentially, War Driving is about locating WiFi access points and recording their geographical location.

Upon seeing a confused look, I told him that he too could undertake a very basic form of wardriving using any device that has wifi capabilities. Basically, to turn it on and see which access points are broadcasting their location and writing down the details. Of course he didn’t believe that anyone would go through all that trouble, so to prove him wrong, Girl Cynic and I went on a little adventure.

filed under Video

(ISC)2 Congress 2013 recap: Talks, weird DM’s & Rick Rolling

by javvad Malik with no comments

It was my first time in Chicago, which I must say did not live up to its reputation of being windy at all – in fact the weather was quite pleasant. But I wasn’t in town to see the sites or enjoy the mild weather; I was here for the (ISC)2 Congress conference.

I do quite enjoy Congress – like any conference; particularly one in its 3rd year it has its pros and cons. But for the most part the talks were good, the people were decent and there was a total absence of drunk or hung-over kids looking to pwn your devices as is standard at most hacker-con type conferences.

The Talks

You know how if a movie has a great opening sequence, it gets you on a high and you anticipate what happens throughout the rest of the movie. Well, I started off Congress by attending Chris Nickerson’s talk on Red Team testing and identifying risks of physical and IT security convergence. Not only is does Chris have some excellent viewpoints – but he’s not afraid to call a spade a spade.

After that I had to get my game face on as I was on a panel along side Eric Jacobs, Spencer Wilcox, James McQuiggan, Dan WaddellForrest Foster  and was pulled together and moderated by Tony Vargas  – It seemed to go well and we even made it into a Dark Reading article.

I made it to two great talks delivered by Spencer Wilcox, one on mobile device privacy and geolocation and another on the gamification of security. I particularly like the gamification talk which went into many different concepts and aspects of what makes a game appealing, why people play and how some of those techniques can be used in security both at a technical and human level.

Tim Wilson facilitated an interesting discussion with Julie Peeler and Rohyt Belani on end user awareness and changing behaviors.


Meme’d Forever

Eve Adams  gave a cool talk that gave practical tips on how one can improve their resume and further career in infosec. She even meme’d me with a slide – I’m still trying to work out if this was a good or bad thing.

Meme'd forever


Awkward Messages


Whilst at conferences, the best way to usually communicate with others is via some form of social media. I find twitter direct messaging works pretty well for this and I’m used to seeing someone message me asking where I am, discussing which talks are worth attending or what lunch plans are. So I was quite surprised when I received this message from Andrew Hay.


Screen Shot 2013-09-29 at 11.42.23

This message worried me as I’m only around 5’6 (in heels) and Andrew is something like 6’5 and a former rugby player. So I responded in the only way I could – honestly.


Screen Shot 2013-09-29 at 11.42.47

As I sent the message, I kind of got the feeling that my profile picture probably didn’t come across too well and I was apprehensive about the response I would get… so you can imagine my surprise when I saw this.


Screen Shot 2013-09-29 at 11.42.58

I politely excused myself and avoided contact for the rest of the conference.


The Rick Roll


Often when I go to conferences I end up making a video of my adventures. I was short on ideas and time at Congress – so ended up rick rolling the attendees by getting them to sing the chorus one word at a time. Guess you should never trust a guy with a camera asking you to say one word to “test out his mic”


filed under Video