I remember back in early 1996 arriving home from work and telling the future ex Mrs Langford that was going to be very busy “for the next two to three months”. There was a project going on that I decided I was going to get involved in (outside of my normal IT Manager day job) …
Tag Archives: category
You, Me, and Dystopia
We all remember the Ocean’s 11 styles of antics that criminals can emulate to gain access to IoT devices and, subsequently, the enterprise network on which they are hosted. It may have been an isolated incident, but it underscores that ANY vulnerability can be exploited. The question of “why should we be bothered now?” begs …
Beer, PowerPoint and Politics
Gone are the days when being a CISO (or even just ‘the security guy/gal’) was about actual information security or IT security. Even the term IT Security is outdated now and emphasises a one-dimensional view of what security is really about. However, I digress… The Information Security element of CISO is correct, but for various …
When It All Goes Pete Tong…
Murphy’s Law states: “If something can go wrong, it will go wrong” Many CISOs will also state: “it is not a case of if you have been breached, but rather that you have, you just don’t know it yet” Depressing as both statements sound by themselves, put them together, and you enter into a worldview …
We Have Both Types of Teaching Here; Education AND Awareness
It is an accepted truth (trust me, I am a professional), that security is often seen as just a technical profession; firewalls, DLP, DMARC, SFTP and TLAs (Three Letter Acronyms)are thrown around with gay abandon. Being resilient is a matter of hardening the OS, having a SOC fully staffed, and running the industry’s latest SIEM …
Continue reading “We Have Both Types of Teaching Here; Education AND Awareness”
CISO Basics, Part 2
In the last post, I looked at some of the less apparent activities upon becoming a new CISO, namely: In this post, we will take this a step further and closer to actual business as usual and maintaining your security team as a functional part of the organisation. Don’t say “NO!” to everything. This is …
CISO Basics, Part 1
So you want to be a CISO? Perhaps you want to be a better CISO? In many cases, you could pick up a book, attend a conference or even talk to some peers and colleagues. Of course, there will be some good advice in these approaches too, but you don’t want to be just any …
Risky Business
Risk is a topic that I like to talk about a lot, mainly because I managed to get it ‘wrong’ for a very long time, and when I finally did realise what I was missing, everything else I struggled with fell into place around it. For me, therefore, Risk is the tiny cog in the …
Document and Review
It’s unlikely that you will read a more dull and despairing title for a practical blog series than “Document & Review”, and there is a high chance that you will even consider skipping this one. If you do, however, you will be missing the most foundational aspect of your entire information security programme. Without documentation …
Agile? Or FrAgile?
(I found this piece deep in the vaults at (TL)2 Towers, so I figured I would break my non-blogging streak.) “Sensitive client code has been discovered on a GitHub repository, and it looks like one of our developers put it there. The client is upset, and their Chief Information Security Officer (CISO) wants to meet …
(TL)2 Security Ltd 