LinkedIn Posts

Here are some articles I’ve published via LinkedIn. Connect with me on LinkedIn here.

Build your own vendor cybersecurity questionnaire

Published 20 July 2020

If you’re wrestling with cybersecurity due diligence for your supply chain, but not sure where to start, here are some ideas!

Prove your worth with ROSI, InfoSec posse!

Published 25 February 2020

If you’re in security analysis or management you need to be in a position to prove the value of your initiatives. If you’re not sure where to start, you’ll find this article to be a useful primer. Don’t be put off by the dull acronym!

Are exploit authors criminals?

Published 21 January 2020

Could security researchers go to prison just for doing their jobs? The Computer Misuse Act seems to open up that possibility. What do you think?

Security as a differentiator

Published 24 December 2019

Is information security a means to an end? Or an end in itself? Can you ever use security to sell your business?

As you enjoy some turkey, mince pies, mulled wine and chocolates during this season, why not spend a moment considering how 2020 can be the year that security makes your business better. I’m sure there’s nothing you’d rather do.

How to speak good like wot I do

Published 7 December 2019

Bothered by vocal tics? Not sure when to use reflexive pronouns? When we communicate, a little polish – not airs and graces, but conscious improvement – can go a long way. Here are some thoughts on how we can avoid misrepresenting ourselves when we speak.

Gigantic data breach! What to do?

Published 25 November 2019

You may have read the recent news about the 1.2bn records ‘data breach’. Concerned if you’re affected? (Yep, you are affected.) Unsure what to do?

Here I attempt to demystify this unwelcome revelation and offer some practical suggestions for those with privacy concerns.

Many Fine Acronyms (or how MFA saves the day)

Published 13 November 2019

Passwords aren’t enough anymore. But acronyms like ‘MFA’ and ‘2FA’ can easily seem intimidating or technical. Which is a shame, because all we’re doing is MPB – Making Passwords Better.

Hopefully this article will clear things up. (Spoiler: it’s easy!)

Cybersecurity: It’s [Not] All About the Money

Published 6 November 2019

Is the way to improved cybersecurity spending increasing amounts of money? Throwing more resource at the challenge?

In most areas of life, we realise that to get better, we need to practise. I suggest that information security is no different.

What do you think?

Patch or be Pwned

Published 28 October 2019

Are you keeping Microsoft Office updated? If not, you’re at serious risk of a data breach, identity theft, or fraud.

Infosec Ethics – Ten Commandments

Published 21 October 2019

Do we need an ethical framework for information security? I think it could help. So here’s my starter for ten.

Ten Dangers of Generic Accounts

Published 14 October 2019

You wouldn’t share a toothbrush; don’t share a user account.

Infosec Ethics & Virtues – the why

Published 9 October 2019

Some say “do no harm”ā€‹. As information security professionals, why not instead say, “Do good – and lots of it?”ā€‹

Don’t Be Chicken Little

Published 4 October 2019

As cybersecurity practitioners, we have a duty to resist the urge to cry wolf.