My Favourites:

Digitally Transforming Utilities - Balancing Technical Innovation and Security
21 May 2018
Utilities are under competitive pressures to explore opportunities to monetise their data in creative ways ... Read more on this article originally published in Utility Week

ICS Breach - At a Manufacturing Plant Near You Soon
30 November 2015
Following the cyber attack on the Iranian nuclear facility in 2010 the cyber threat to national security and critical national infrastructure has become an area of increasing concern for governments. Although the cyber threat against national infrastructure ... Read More

Toll Fraud - Old Hacks Die Hard
31 July 2015
Forgotten by many, reported on by the few and rarely disclosed by those affected, toll fraud has never gone away and is on the increase. With single breach losses reaching in excess of $100,000 the illegal use of an organisations telecommunications can ... Read More

Back to Basics - Good Security Starts With Solid Foundations
30 April 2015
The fundamental principles of good security are simple and very easy to understand however many organisations fail dismally to apply them. It appears that there is a distinct lack of recognition of the importance of getting the basics right before adding security ... Read More

ICS Security - An Alternative Perspective
31 January 2015

Based on the lessons learnt in cyber security the tech industry would turn back time do things differently if it could. Everything from protocol design, OS design, network design and the technologies enterprises have adopted might be done differently ... Read More

Reflecting on Reflections on Trusting Trust
31 October 2014

Back in 1984 Ken Thompson delivered his Turing Award lecture entitled, 'Reflections on Trusting Trust'. His speech described a very simply attack on compliers that became known as the 'trusting trust attack'. Thompson demonstrated how to introduce a backdoor ... Read More

IPv6 Security Risks and Busines Benefits
31 July 2014
It is nearly 20 years (1995) since the standard for IPv6 was proposed in RFC1883. Even back in 1995 it was obvious that the 32bit IPv4 address space would become exhausted due to the exponential growth of the internet. The problem was exacerbated as ... Read More

Things to Think About with the Internet of Things
27 May 2014
It was around 2009 that the term 'Internet of Things' (IoT) was proposed proposed. However, not many people I speak to outside of the tech industry have ever heard the term or know what it is. This limited understanding among general consumers is ... Read More

Avoiding the Security Skills Gap
31 March 2014
There is no denying that there is a global shortage of skilled security professionals or as I like to say, 'security people'. The issue is so widely recognised that governments are concerned. Initiatives in the UK have been launched to find security talent ... Read More

The New Modus Operandi for Security Operations
31 January 2014
The security profession has never been winning the war on cyber crime. However, for many years it has been able to keep pace with it and provide a reasonable level of defense that allowed most of us to sleep soundly. Unfortunately times have changed ... Read More

The 3Ps - Passwords, Patching and People
31 December 2013
We all know that there is no 'silver bullet' when it comes to defending against cyber threats. There probably won't be a 'silver bullet', at least for the foreseeable future. However, a model does exist to achieve good security in the form of layered security ... Read More

Next Generation Malware - Just a Thought
30 November 2013
In 1983 Matthew Smith wrote the computer game Manic Miner for the ZX Spectrum. This was Britain’s first software blockbuster game. He was 17 years old when he alone wrote the game. He said in an interview in 1983, “I think it's going to get to a ... Read More

The Power of Security Awareness
23 October 2013
Security awareness is one aspect of security that I often see overlooked, and more specifically not prioritised. What is it that makes intelligent business leaders fail to see the business benefit of security awareness. Many security professionals also show little ... Read More

varlogsecurity blog
The place where I share my personal opinion and observations on the world of IT security.

© 2013

Modified heading photo. Original photo by Rick Audet. Creative Commons Attribution