There have been a number of articles in the press recently on how the UK government has agreed with social media platforms like Whatsapp and Facebook to share user's encrypted messages with police. While it's true that GCHQ and various civil servants have been trying to push for interception capabilities on these platforms for a while now, despite the headlines, nothing has actually been agreed. This is down to two main problems: that encryption doesn't work that way, and that the proposal is da

"The long term benefits of sunscreen have been proved by scientists, whereas the rest of my advice has no basis more reliable than my own meandering experience. I will dispense this advice, now." Following on from my previous article about getting started in Cyber Security, I want to move on to certifications. I've interviewed a lot of people over the years. A lot. And then I've had to built out and lead teams for various clients with the people I interviewed and hired. Certifications are a rec

Along with "You can't say that" and "Hey, how'd you get in here?", one of the things I've been hearing from people recently is "How do I get a career in Cyber Security?" I thought I'd throw my notes from those conversations in a sort of Liber Primus for those interested in moving into Cyber Security - either as a side hustle or a career. First: what is it you actually want? I need to be honest - if you're in it for the money, there's much better options out there. Work in finance. Become a pol

Google had previously tried to break usability on the web by removing the “www.” and “http(s)://” parts of the URL displaying in Chrome. Facing a strong backlash from users, they quietly shelved the plans. Now they are trying again, with the same nonsense excuses for it: “ The Chrome team values the simplicity, usability, and security of UI surfaces. To make URLs easier to read and understand, and to remove distractions from the registrable domain, we will hide URL components that are irrelevan

There’s lots of flag waving about how the ICO finally has some teeth, and how GDPR is going to keep companies on their toes from now on. Nothing will change. GDPR will have no impact on cyber security apart from employing a lot more auditors, with even more ineffectual checklists. The ICO’s “record breaking fine” will result in zero improvements in cyber security. Companies should be punished financially for having weak security when handling customer’s data — but it’s the executive team who s

Support when you need it, where you need it. Even with high-tech security in place, many companies still suffer cyber attacks due to simple set-up blunders. Most companies that suffer a cyber attack believed it would never happen to them. What makes it even harder to understand is the costly, cutting-edge security they had in place to deter hackers. But, these strong defences turn out to be a cyber Maginot Line if they’re not activated or deployed properly – ineffective because they could be e

Tom Kranz, Director of Cyber Lab at 6point6, a technology consultancy, writes that the digital skills shortage is a permanent thorn in the cyber industry’s side that needs to be tackled now before it’s left to fester any longer and cause real long term damage. Despite being exaggerated by many as a full-blown crisis, the talent shortage is actually something that needs properly addressing, not hyperbole. With hackers ramping up attacks and developing increasingly sophisticated tools and methods

There is growing evidence that cyber attacks are now deliberately targeting executives and board members – not businesses themselves – which shows that attackers believe this group is particularly vulnerable as well as valuable. More must be done to raise awareness of potential cyber threats at board level, as well as supporting businesses in developing a strategy that offers solutions to combat potential weaknesses in a company. Typically, hackers attack companies and their employees to steal

There is growing evidence that cyber attacks are now deliberately targeting executives and board members – not businesses themselves – which shows that attackers believe this group is particularly vulnerable as well as valuable. More must be done to raise awareness of potential cyber threats at board level, as well as supporting businesses in developing a strategy that offers solutions to combat potential weaknesses in a company. Typically, hackers attack companies and their employees to steal

To access this content please sign in or register below for free

Fear, uncertainty and doubt (FUD) has become an ever-looming cloud over the cyber sector in recent years as companies and suppliers pounce on the opportunity to capitalise on this rhetoric and peddle their wares to fearful customers. To misquote the age-old advertising maxim: fear sells. Of course, the big problem with this is that customers and, businesses – people – become immune to the constant avalanche of outlandish claims and equally outlandish fears. “FUD fatigue” is something that, unfo

Cybersecurity can often seem like a murky world of espionage and counter-espionage; where men in blacked out vans kidnap carefully chosen nerds from the streets of the country’s small towns to keep us safe from those pesky bad guys. However, to succeed in the world of cyber security you do not require a specific set of skills as the Liam Neeson of Taken 1, 2 and 3 will have you believe. This does beg the question of what do cybersecurity experts look for when hiring the next generation of keyboa

I often get complaints from clients that their IT projects are always cumbersome, delivered late and over budget. They’ve had an impact on the business, certainly, but it’s far from a positive one. There’s a lot of blame to go round for this, and finger pointing can be fun, but what needs to be done is to get our C-level stakeholders and project sponsors to understand the implications of proposed work versus timelines. Building a solution as a green field implementation is easy - there’s nothin

Everyone should be familiar with John Boyd’s OODA loop - Observe, Orient, Decide, Act. There are a number of variations (pick a favourite!) but the basic premise remains the same: you gather information before acting. Witnessing recent transformation projects that have run into difficulties, or foundered completely, I’ve seen people trying to use a twist on this - the DAOO loop. Transformation projects are complex, and as I’ve discussed before, they should never be driven by technology or impl

Our newsfeeds are filled with hundreds of articles about Amazon's S3 failure on Tuesday. Doom, gloom, S3 down in US-East-1 and cascading failure - dogs and cats, living together: mass hysteria! It's been covered on Forbes, Business Insider - even The Daily Mail and The Sun (hardly bastions of technology reporting, but "OMG Instagram is down!" cuts off their supply of click bait). The real story is not about S3 taking a nap, nor about the cascading failures across Amazon's services, nor about Am

A 2013 report by McKinsey showed that 70% of transformation programs fail. We’ve all seen our fair share of high profile disasters - the BBC digital transformation, the NHS National Programme for IT and the Co-Op Bank’s failed core banking systems replacement are all prominent examples. Working with many clients across different vertical markets, there are a few common themes I’ve seen. These can basically be boiled down to: • technology is an enabler, not the solution I see the first one cons

Larry Ellison: What Am I Missing About Cloud? Things have been settling down a bit since the rush of information from Oracle after their takeover of Sun Microsystems was approved. The webcast was a marathon event, and it contained a lot of useful (and re-assuring) information for those of us who deal with Sun on a daily basis.As usual, Larry Ellison's keynote speech was the highlight of the event. Mad Larry is one of the few CEOs left in IT who feels powerful or comfortable enough in his positi

A big statement? Sure, but one backed with lots of examples other than this newest one about IBM's interest in buying Sun: • Oracle enters the hardware business in partnership with HP, potentially angering its other partners. • HP is coming out with data switches for datacenter applications, coming in conflict with Cisco. • Even Google is rumored to be developing a router. • Cisco is not only entering the server market, but expanding the concept to treat computing, networking, storage, and virtu

You have your resilient network in place. Dual switches, dual routers, HSRP, failover, redundant firewalls -- they're all there. Now, what about your Sun boxes? Having two network interface cards (NICs) on your Solaris server, with the primary NIC failing over to the secondary, seems like an obvious and easy task, yet there are many pitfalls that make it unnecessarily complicated. In this article, I'm going to explore how to provide redundant NICs simply and cheaply. I'm not going to be coverin