Management

Posts relating to security leadership and management.

Ethics and Integrity in Security

If you follow my website, you’ll have seen that I haven’t posted in quite some time. Not because I haven’t wanted to, but because I have never quite managed to find the time with everything else I’ve been working on. One of those things is getting a company up and running. I’m proud to be the managing director of Willsley Ltd which is a really fancy way of saying that I have a side gig alongside my day job as the Information Security Manager at CAF. In previous articles I’ve talked about my personal philosophy of “Always assume the worst,…
Read more

Share

Phishing in Micro and Small Businesses

Of all the cyber risks a business will face, phishing (the act of social engineering through malicious emails) has to be one of the greatest. If you go looking for information about how to defend yourself or your organisation, there’s no shortage of good information on the Internet, but what if you’re a sole trader, or you only employ a couple of people? Suddenly there’s a lot less guidance, which doesn’t help when you’re now in the position of having to both be phish aware, and know what to do to defend yourself. Phishing fact and fiction Here are six…
Read more

Share

Getting value from threat intelligence

Whether you run a security function, manage systems, or perhaps run a organisation in its entirety, a key responsibility is being aware of threats to your organisation. If your company uses IT, then information security risks should be considered as one of the most critical to your organisation. Dealing with these risks requires you to know they exist, and this is where threat intelligence is used. However, if you’re not careful, you’ll be staring at a mountain of technical, potentially conflicting, and useless information that will do nothing to make your organisation more secure. Larger organisations that have IT departments,…
Read more

Share

When security controls become theatre

If you go to the supermarket today, it’s highly likely that you’ll find yourself in a line, two metres apart leading up to a person with a counter that looks like they’d literally be anywhere else than stood at the door counting people in and out of the store. Once you’ve made it past this Gandalf-like character shouting you shall not pass! It’s straight into a labrynth of one way arrows, black and yellow tape, and people who look like they’ve been searching for the arrow that’ll take them to the checkouts since the end of March. Welcome to the…
Read more

Share

Want to work in Infosec? Impress me!

So, you’ve decided that information security (Other titles are available) is the career for you, now you just need a job. Firstly, congratulations! You’ve made an excellent choice. The threat to companies and individuals from cybercrime and cyber-enabled crime is ever growing, creating a pressing demand for skilled individuals to help protect our information, more than ever in the age of GDPR. Before you can get started in security however, you’ll have to come through someone like me – the hiring manager. Whether you’re an IT professional that wants to move into security; it’s your first security job; or you’re…
Read more

Share

TalkTalk: Words fail me

On Friday, as the whole TalkTalk hacking was blowing up in a big way, I sat down to write an article about the fiasco, if fiasco is a strong enough word to describe the mess TalkTalk find themselves in. The problem is that every time I managed to write a bit the story had once again changed. As with many things however, the more you sit and watch it, the more you recognise patterns. Two such patterns that have come out of this debacle are: Here’s another company that has failed to invest in Information Security; The CEO – Dido…
Read more

Share

Begging for Management

Picture this, you’ve completed 3 years of university delivering a dissertation, a team project and some compulsory management modules, by now you and everyone in your team should surely know how to manage effectively right? Nope. I’ve just completed a team project so badly managed that I actually dreamt about having a new manager coming in and saving us all, here’s how it happened. Week 1 (October 2011) So the 10 students comprising of 7 from Computer Science and 3 from Computing and Management are presented with 2 projects, a BAE systems project which is short and nasty and a…
Read more

Share