Alien Eye In the Sky – Weekly roundup – Ep 2

It’s been a busy week in the land of information security. But don’t worry, we’ve got it all covered in our roundup.

Links to stories in video:

Ransomware operator shut down

Stealing an AI

Nobody is bidding on shadowbrokers files

US government IP address contract ends

Don’t be Yahoo

Verizon wants $1bn discount

You don’t have to be stupid to work here

Links to other interesting stories from the week

MMD-0056-2016 – Linux/Mirai, how an old ELF malcode is recycled

Hacker releases code that powered Botnet attack against Krebs

Microsoft has announced it is to harden the edge browser for enterprise users

A really sweet presentation format and great information for incident response and security operations teams by Frode Hommedal

Thrillseekers stuck on rides at Universal Studios after massive power outage — redundancy fail? Or all part of the show?

Halvar flake was asked why he works in security – and gives a nice response. What he didn’t give was my 3 favourite answers. Good pay, Sponsorship money, and VC money

What makes call-out culture so toxic?

The three infrastructure mistakes your company must not make

Hootsuite’s CEO on what he learned from getting hacked on social media

AlienVault OTX Maltego Transforms

Singing for the Unsung Heroes of IT Security

Security Serious Week is five days dedicated to helping UK businesses understand the importance of information security. It consists of a one-day conference, the unsung heroes awards, and over 50 webinars, amongst other activities.

AlienVault was a proud sponsor of the 2016 Unsung Heroes Award, and so I went along to check it out..

The Unsung Hero Awards are designed to give the unsung heroes in IT Security the recognition they deserve.

With 14 categories and a plethora of nominations, even the shortlist began to look rather long. The event was well-attended, with winners receiving trophies in addition to superhero capes and masks. Adding much needed levity to such events that can often end up taking themselves a bit too seriously. (no pun intended).

I was there to capture all the glory of the event which turned out to be a great night.


The full list of winners is below.


  • CISO Supremo

–          Mark Jones, Allen & Overy

–          Avtar Sehmbi, HSBC

–          Dr Robert Coles, GSK

–          Thom Langford, Publicis Groupe

–          Andrew Rose, NATS

  • Godfather of Security

–          Brian Shorten, Charities Security Forum

–          Professor Fred Piper, Royal Holloway University

  • Security Avengers

–          Publicis Groupe Team

  • Best Security Awareness Campaign

–          Amar Singh, GiveADay

  • Social Media Saviour

–          Katie Sanderson, Lockcode Cyber Security

  • Mobile Mogul

–          Charles Brookson, Azenby

  • Security Leader

–          Quentyn Taylor, Canon

  • Cloud Security Superhero

–          Andrew Hardie, BCS

  • Fraud Fighter

–          Luis Aguair, Metro Bank

  • Game Changer

–          Hugh Boyes, IET Cyber Security

  • Marathon (Wo)Man

–          Vicki Gavin, Economist Group

  • Spidey Sense

–          Professor John Walker, HEX Forensics

  • Captain Compliance

–          Eddie Dynes, Gatwick Airport

  • Cyber Writer

–          Warwick Ashford, Computer Weekly





Things I hearted – no more

Things I hearted has been probably one of the most regular series of posts I’ve done in recent times. At the same time, I was doing a weekly roundup over at my AlienVault blog. So, in the interest of saving time, energy, and preserving my youthful good looks; I decided to not only combine both into one weekly roundup – but also add a video element to it.

It ends up being all the same links you love – just a new home and a new format. I’ll still be listing out all the links and stories I found interesting during the week from the world of security and beyond. But this time with added video commentary.
Let me know what you think of the newish format.

NCSAM week 1 – Assets

It’s NCSAM – National Cyber Security Awareness Month. So I am doing one theme a week for AlienVault on a good practice that companies should adopt.

For week 1, I’ve decided to talk about assets. Video is embedded, and you can read the entire blog post about why assets over on the AlienVault blog.

500 million accounts

I felt it was time to get back on the video saddle on a regular basis (famous last words). You can probably tell I’m rusty because the sound peaks are all off – I think the onboard mic on my Drift camera is a bit old.

But the big news has been around Yahoo and the massive breach. The first thing that came to my mind when reading about the breach was the fact that under a regulation like GDPR, there’s no way the details of the breach could have been kept hidden from the public for so long. According to article 33 – notification of a personal data breach to the supervisory authority,


  1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.


That’s right – 72 hours.


And GDPR is no little slap on the wrist. Under the regulation, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.


Given that in 2015 Yahoo’s revenue was reported as $4.968 billion (source: – a 2% fine would represent $99,360,000 – yep, just over 99 million.


That should cause every company facing GDPR implementation in 2018 reason to stop and think about the implications to itself.