Around 2006 / 2007 I began blogging and tried to get into video blogging. Although I’d been working in information security for 7 years up to that point, I wasn’t well-connected in terms of what conferences ran, who the influencers were, or who the editors of any of the numerous security magazines or websites were. […]

Social channels are an oft-overlooked area when it comes to information security. Social channels are left in the hands of marketing departments for customer engagement purposes. However, the adoption of social digital tools for the purposes of conducting business is widespread and largely unregulated, creating a major area of risk for organisations. If we look […]

Overall, technologies can be pretty straightforward to secure. Teach software not to execute a certain command, block a port, or alert on a set of conditions, and it will abide. Humans, on the other hand are not as easy to harden against attacks. These attacks are frequently delivered through emails, text messages, social media, or […]

This video was prompted by discussions with someone that was adamant that they would never, never, everrrrr put their logs in the cloud. I enquired as to why they weren’t open to the option, and their response was that they don’t believe that sensitive information like logs should be in the cloud. Now that’s all […]

It’s coming up on my 3 year anniversary at AlienVault – and after a conversation with a friend, it dawned on me that I don’t think I’ve ever really explained what AlienVault does. So, when I was in Austin this last week I recruited some of my colleagues to help make this short video to […]

A lot of individuals and companies of all sizes often use the phrase where they ‘think’ they’ve been hacked or breached, or had some form of unwanted event. There is usually a lack of conviction in this statement, and in hindsight it’s not easy to validate. Sure, one could use a service like haveibeenpwned.com to […]

Anytime we discuss security, it’s mainly to talk about the failures. So I’m taking time out today to spread some positivity to all those security folks that have made it through the week without an incident occurring.  

via IFTTT After its 2015 breach, the Information Commissions Office (ICO) has released a very thorough report which highlights a number of deficiencies in Carphone Warehouse’s security. I’ve summed up some of the key points in dramatic fashion The report well worth a read: http://ift.tt/2AM6B7B

It dawned on me, that I’ve never written a browser extension before. And there are words IT Security articles continually overuse that I wish they wouldn’t. So, I combined both these together and wrote a chrome extension that would change commonly misused words to something a little more interesting. Examples: – IoT becomes ‘cheap connected […]

2018 has kicked off with a flurry of M&A activity in the infosec space. There have been four that I’ve been aware of, Barracuda acquired Phishline Cyxtera acquired Immunity Inc Verizon acquired Niddel Threatcare acquired Savage Security I wonder how many more deals will be announced between now and RSA. Either way, it looks like […]

I recently had my 17 anniversary… which is almost as long as I’ve been working in information security. Information security is great for communication, and communication is great for all relationships and friendships.

The cool researchers over at freedom to tinker found two scripts that exploit browsers built in login managers to retrieve and exfiltrate ID’s. Below is the email I sent, and the reply from OnAudience     The script that OnAudience uses can be found here if you have time, check out this tweet thread between […]

Threatcare has announced a $1.4m seed round led by Moonshots Capital and includes Flyover Capital and Firebrand Ventures. The Austin-based company was founded in 2014 by CEO Marcus Carey. Its flagship product, Violet, is a SaaS-based offering that enables continuous security validation through attack simulations. For many security departments, the question they are often faced […]

If everyone and their dog is talking about Meltdown and Spectre, then it would be negligent of me to not keep up with all the cool kids. Website for the vulnerabilities: Meltdown Attack Google Project Zero blog NCSC’s advice Linus Torvalds statement

Work for long enough in one industry for any period of time and you end up speaking an entirely language altogether. This isn’t necessarily a bad thing, in many cases it’s convenient and allows rapid communication amongst peers. However, in Information security we need to be mindful when communicating with non security, or even non […]

I thought I’d kick off the new year by poking around the news stories, surely not much could have happened. But quite a lot did unfortunately. In the video are the top 3 stories or headlines that caught my attention, but more importantly, I think we should make a pact to stop using these buzzwords […]

Fuelled by a twitter conversation both Adrian Sanabria and Anton Chuvakin posted articles here and here, sharing some good tips on what makes a good briefing and common pitfalls to avoid. As a former (recovering?) analyst, I thought it only right that I jump on the bandwagon and share my thoughts on the topic. What […]

M&A in the infosec world has waited for the holiday season to go all out splashing its cash. A flurry of activity has occurred at the tail end of the year with considerable consolidation. Proving that encryption and identity management is no slouch, Thales has made an eye-watering bid of $5.7bn to acquire Gemalto, a […]

Infosec companies don’t always get the love they deserve from the markets once they IPO. As Barracuda Networks discovered despite posting respectable profitable growth. PE firm Thoma Bravo stepped in, paying $27.55 per share for Barracuda in a $1.6bn move taking it private. The market can be unforgiving, even when a company like Barracuda is […]

Honoured to be the guest editor for Infosecurity Magazine yesterday. It was a day of fun which involved several things: 1. The announcement was made, which included this video 2. I took over their twitter account for an hour (brave of them) 3. I submitted a guest editorial 4. Had a Q&A with the real […]