First of what may turn into a series of GRC day job related posts. Here I’m highlighting challenges for anyone involved with system security audits or assessments. This isn’t about merits of various […]
It’s a tough trick to put gut reactions in a box, but that’s what I’m trying to do (a tidge unsuccessfully). I’m not now claiming some intellectual high ground, just pausing […]
An old fashioned tale of reporting lines impacting effective communication, missing due diligence, disgruntled insiders, social engineering, technical risk blinkers, political incident response and risk owners not being armed with the information they need.
A journey from first internet encounters to Minecraft mods, while mindful of the risks and benefits of online adventuring
This isn’t about getting your staff drunk on tonic infused Hendricks, Bombay Sapphire, or Beefeater (depending on your office-hours drinking policy), this is about putting a face to security, then building knowledge and […]
The cyber headline says ‘JUMP’, do you say ‘How high?’ Here we suggest turning red-teaming on it’s head to raise awareness of the defence status quo and build confidence in the response to new nasties.