There’s never any time – A mRr3b00t Adventure

Introduction

I’ve been working with technology and its security for a while, I have travelled to different parts of the world, I’ve worked with major organisations, and I’ve worked with a whole range of organisations both from strategic advisory and at the coal face perspective. Now over the last twenty years I thought about how much has changed… and honestly, I don’t think much has.

Technology innovation, miniaturisation and adoption rates are through the roof, but I still see massively similar patterns. I’m not going to try and quote statistics, but I think it’s a fair to say the threat landscape has changed somewhat (for the worse!)

Back in the 2000s era we had networks running Windows 2000 and Windows Server 2000/2003, we had clients with open services which could largely be accessed from anywhere on the network. We had host-based firewalls from third party vendors, but these were rarely implemented, MSBlaster and Windows XP changed this dynamic somewhat, to say things haven’t improved on one front would be a lie, however the level of crime and access to technology globally has changed massively. Read more “There’s never any time – A mRr3b00t Adventure”

Changing a security posture requires changing your own behaviours

I’m sure you will have had a marketing firm or some random sales person on Linkedin tell you that security should be simple and that their product will save you from all the ATPs and nation state hax0rs under the sun. However let’s get real, thats almost certainly not true and also security isnt simple or we’d all be out of jobs and everyon woulndn’t be getting owned all the time.

Getting real

Read more “Changing a security posture requires changing your own behaviours”

Cyber Security Assesments for Normal People

Ok so you might think I’m mad with the title but bear with me!

So, the world is in an interesting place, we’ve got a pandemic, we’ve got prolific cyber crime and we have all kinds of different views on how we should tackle this problem.

Now I love a framework and there’s ton’s of them. But the truth is they are complex, detailed, nuanced and generally require a level of nerd that a lot of organistaions do not have.

In 2020 during the pandemic I decided to try and write something to simplify this position, whilst I didn’t want to be too narrow, I wanted to try and capture the breadth of cyber security that is relevent to the general purpose organistaion. I came up with a set of 140 questions which I believe are a good take on things to consider and ask when conducting a security review at a high level. (yes 140 questions is a high level view, this stuff is complex as hell at the detailed end of things, and the devil is in the detail).

Read more “Cyber Security Assesments for Normal People”

A Small Measure of Cyber Peace

The still of cyberspace

The alert queue is empty, the estate is patched, the whirr of fans hums in the background. In marketing everyone wants to be excited and to talk about the next big thing. Whilst the physical and digital worlds move at breakneck speed, there’s sometimes the opportunity to be still, to have no incidents to respond to, to have no major changes. These times can be rare, but they are also needed.

Often when I look at and use cyber maturity frameworks there is a lot of focus on cyber capabilities rather than business capabilities that are cyber enabled. What do I mean by cyber enabled? Well, you see, the way I view this game is that much like the roads serve no purpose if they are not travelled, cyber security capabilities are similar. What organisations should be looking for in my view is cyber enablement of the business rather than security as a separate domain. Integrating customer experiences with technology in a secure manner and adding value are often areas I see people not focus on. It’s a similar story with service management, the focus can be on the activity rather than the business outcomes that are enabled by digital services.

Read more “A Small Measure of Cyber Peace”
Copyright (c) Xservus Limited