Breaking news – Lemonade compromised

by javvad Malik with 1 comment

Lemonade is big business – lemonade made from natural ingredients even more so… but what happens when your lemonade isn’t quite what you thought it was? We bring you this special report.

filed under Video

2013 roundup with friends

by javvad Malik with 3 comments

If 2013 was a movie… these are the end credits.


filed under Video

APT Predator

by javvad Malik with no comments

When I was an intern, we found a database. It looked like – like, butchered. The old mainframe women in the basement crossed themselves… and whispered crazy things, strange things. “El Diablo cazador de hombres.” Only in the hottest years this happens. And this year the cooling system failed. We find data servers sometimes without data… and sometimes, much, much worse. “la amenaza más avanzado que el hombre” means the threat that is more advanced than man.

filed under Video

2014 Information Security Predictions

by javvad Malik with no comments

It’s the time of the year where people come out with their annual security predictions… I took some inspiration from these posts by Martin McKeayDave Lewis and Steve Ragan to come up with my own security predictions.

Warning – these predictions are so mind-blowingly awesome that you’ll think I really do possess psychic powers!

Warning 2 – Please seek professional advice before investing in anything based upon these predictions, stock value may go up or down, your home may be repossessed if you cannot keep up repayments.


filed under Video

The joys of travelling

by javvad Malik with no comments

I often document my travels which have considerably increased since I became an analyst, therefore attending conferences is part of my job.

People who travel will know that you don’t always get time to see the sites or engage in anything fun. In fact, it’s pretty much travel –  do work –  travel back. So most cities I’ve only seen the airport, the inside of a cab, the inside of the conference centre and  the hotel. as I tried to depict in this 60 second video of my trip to Paris a few weeks back.

filed under Video

The greatest story ever told

by javvad Malik with 1 comment

It’s December – and it’s kind of a tradition that every year I get together with the fine folk at Twist and shout to make a Christmas video.

This year, however we decided to do something different, so along with my Host Unknown companions Thom and Andy, we set out to do something serious that captures a great story.

The Greatest Story Ever Told from Twist and Shout on Vimeo.


To see where the Christmas tradition started, check out Santa gets hacked and it’s sequel below.


Santa Gets Hacked! from Twist and Shout on Vimeo.



Santa Gets Hacked – Aftermath from Twist and Shout on Vimeo.

filed under Uncategorized

Amazon Instant

by javvad Malik with 2 comments

There’s been a bit of a buzz around the news that amazon may be using drones to deliver purchases within 30 minutes.

Well, that’s nothing compared to Amazon Instant!


filed under Video

The Analogies Project

by javvad Malik with no comments

I’m a contributor to the analogies project – I think it’s a great initiative. I don’t think Girl Cynic gets the idea though…

filed under Video

The top amazing people you should know about

by javvad Malik with 1 comment

Search engine optimization (or SEO) is a thing. Well, I’m not too sure how big a thing it is now, but it used to be huge. The concept was / is that if you sneak the right words onto your website or blog post, then people searching for that particular term will end up coming to you.

For example, if I just say I’m going to write about a cute cat looking adorable dressed in a Darth Vader outfit whilst on a Deathstar – I would hope anyone searching for those terms will end up landing on my website. It doesn’t really concern me if they get any value out of the content, as long as I can show that visitors are coming to my site I can monetize that.

Search engines are a bit better than what they used to be and also people are more selective in what they follow, so here’s the new trend. I like to call it ECO or Ego Clicking Optimization.

Here’s how it works in three simple steps, and how you too can get literally thousands of visits to your website.

  1. 1. Compile a list of people on twitter, facebook etc. who have loads of followers. It doesn’t matter if they are relevant to each other. The only criteria is they have a ton of followers.


  1. 2. Create a blog post entitled, “The top amazing people you should know about” or something creative like that. List out all the names you compiled in step 1. If you’re creative maybe put the names in an infographic.


  1. 3. Tweet out a link to the blog post multiple times, each time tagging several of the people in the list. Then sit back to the sound of beautiful clicks.


Why does this work? Because most people love having their ego stroked… I should know! They’ll jump at the opportunity to retweet the crap out of your post and maybe even comment about how honoured and humbled they are to be included in such an awesome list. In fact, if you do it right, you’ll get people complaining that they weren’t included in the list – which gives you an excellent reason to do a follow-up. Let’s get ECO into the dictionary!

For those of you who actually clicked to see a list of the top amazing people you should know about, please refer to the top 15 list below:

Wendy Nather


Charlie McDonnell

Natalie Tran

Wheezy Waiter

Friggin Boom

Casey Neistat

Cory Doctorow

Nicholas Percoco


Dual Core

Wesley McGrew

Freddie Wong

Jennifer Leggio

The Bloggess


filed under blog

(ISC)2 election and the butterfly effect

by javvad Malik with no comments

It had been a busy day at work and I was glad to be home. My wife had told me she’d be taking the kids out after school to a friends house so I knew no-one was home – yet I still announced loudly “Hello, I’m home.” We had been burgled a few months earlier and I still got butterfly’s coming back to an empty house. By announcing myself loudly I thought would give any burglars the chance to escape; and I would let them. The last thing I needed was a confrontation with a burglar. You see, Britain is unlike most other countries in the civilised world where scum who break into your home actually have more rights than you do, so if you end up punching them a little too hard you could end up with a criminal record.

Once I satisfied myself that the coast was clear I went to the kitchen and poured myself a glass of water and turned on the T.V. Flicking through channels I didn’t find anything of use and wondered what I could do with my ‘freedom’ over the next few hours. I find its one of the things that happens when you become a parent. You miss the freedom of not having kids at times, yet when they’re not around you don’t know what to do and wish they were back.

I’d been toying around with YouTube recently, uploading a few videos here and there with limited success. But I was still learning the art of making videos so I wasn’t that bothered by it. I thought I’d use the opportunity to make another video just to see how things went. It ended up being a short tongue-in-cheek video entitled “Benefits of being a CISSP” http://youtu.be/8DZkpynFhak . It was just a bit of fun and I didn’t think much of it at the time. However, once I published it I saw the viewing figures rise and rise. Wow – an ill-thought out video that I shot and edited in 2 hours was something people actually liked. I began to have visions of grandeur where I could earn millions from YouTube and retire.

Those dreams weren’t to be realized, but that wasn’t the worst part. I opened up my email box one day to see an email from someone at (ISC)2. The preview showed me the first two lines and I felt a knot in my stomach. It read,


We’ve seen your ‘Benefits of Being a CISSP video’ which you created….

I didn’t want to open the email. I’d seen this kind of behaviour before from large faceless corporations. Someone at (ISC)2 must have taken offence to my video and at best the email was asking me to take it down, at worst I was looking at some legal proceedings. I cursed myself for being so stupid. In my haste and attempts to be funny I’d poked a bear, and now it had its claws out. I sat  there for what felt like an eternity before I finally exhaled loudly and clicked the mouse to open the email with a little more force than was required. To my surprise the rest of the email was nothing like I expected.


We’ve seen your ‘Benefits of Being a CISSP video’ which you created and we love it. Would you please send us the video file? We’d like to play this at an upcoming (ISC)2 event.




I still wasn’t entirely convinced and ended up exchanging a few emails to verify this was actually true. It got me curious as to what other assumptions I may have about the organisation that could be wrong so I attended the next (ISC)2 annual congress which was held in Philadelphia. I got to spend time with a number of staff, board members and executive team; where I found that a large number of my preconceptions about the organisation were wrong… very wrong. It would be an understatement to say that (ISC)2 had done a poor job of communicating all that it does and how members can benefit or get involved.

Whilst at the event I came across an initiative entitled Safe and Secure online (SSO) which provides a framework to enable members to go to schools and educate 7-14 year olds on how to remain safe online. Having children of my own, I thought it was an excellent initiative so I ended up offering to help out a little bit where I could. Upon my return home, I saw that I had been featured on the safe and secure website as a volunteer. “That’s nice of them” I thought to myself as I read through it.

Some 3,300 miles away, Bob Covello, a New York-based security professional was browsing the safe and secure website. He was interested in getting involved but wasn’t sure how effective it would be. Bob saw my profile on the website and thought he’d drop me an email. After all, he assumed he’d get a better response from a YouTuber than someone at (ISC)2.

I saw Bob’s email the next morning where he asked if it would be a good idea to become a SSO volunteer. The response was easy; it wasn’t about (ISC)2, or even security. In my mind it was all about how to give something to the local community. I wasn’t too sure about the whole onboarding process so I introduced Bob to James McQuiggan. I’d met James at (ISC)2 congress and I knew he was active in the SSO program as the lead volunteer in Florida. I hit send, and forgot about it. My job here was done.

Some weeks later I received another email from Bob. The email was full of positivity. He told me how after speaking to both James and I he went on to review the training materials and with the help of a third CISSP named Sandy Tyson he was able to make a couple of presentations at the Middle school in his neighbourhood. Not only did he receive great feedback from the school, but he told me how he felt like he’d made a bit of difference by educating some young adults and some teachers about online safety and security.

That wasn’t the end of it though; some time later the guidance counsellor from the school district invited him to come and speak about online anti-bullying. As an extension of what he had learnt through volunteering for SSO, Bob also created other presentations he uses to educate business people about online security. Bob summed up his experience with the statement;

“Volunteering for the SSO Foundation has introduced me to some of the kindest and most generous folks I have ever met, as well as teaching me to be a more caring individual.”

I sat back and reflected on it… Bob is a good man and he wanted to make a difference in his community. He would have done so without (ISC)2, James, Sandy or me . But (ISC)2 was the thread that connected us all… and that got me thinking. Despite all its fault and warts – it’s a juggernaut with over 90,000 members worldwide. That’s a vast resource of potential that can be tapped into.

Which is why I’ll be giving my support to the people I think will be the best additions to the board in the upcoming upcoming elections that run from the 16th to 30th of November 2013. (people like Jennifer http://securityuncorked.com/2013/11/who-is-this-person-running-for-isc2-board-jj/)

I’m not here to try and convince anyone of the pros or cons of (ISC)2 –  I just wanted to share a story with you about how I was a small cog in a chain reaction that enabled a man several thousand miles away to help keep children safe. If one of those children grows up happier as a result, I think it’s worth the effort. (well its better than complaining about stuff on social media)

filed under blog