I saw a recent LinkedIn post describing the fairly common issue of burn out in the cyber security world. One of the commenters on the story outlined the psychological challenge known as Bateson’s Double-Bind. If you are unfamiliar (as I was) with this description, do take a look at the Wikipedia link here. I’d previously […]
In historic blogs now lost in the mists of the Internet, I’ve written about this before. There is something odd about cyber people who have to show the extent of their knowledge to other cyber people. At. Every. Possible. Moment. I experience this so frequently that it’s rarely worth writing about here. But it happened […]
I’ve been having a running disagreement with someone senior to me for some time now, and I thought it worth posting on here. The backstory is that I’m generally keen on Threat Modelling. I say generally, as there is a value discussion to be had around it. Done properly with the right input at the […]
I’m involved with a number of teams and projects who have all drunk the automation kool-aid. Now, to be clear – I’m not against automation. I’m thinking here about the use of DevSecOps stacks/Infra as Code etc. We’ve all no doubt been involved (either as the initiator or a bystander) in incidents caused by the […]
You will recall from Part 1 and Part 2 that I bemoaned the flagellation of the security tools industry for failures in security and therefore the occurrence of breaches. The real question is: given there is a problem here, what should we do about it. If security tooling is not the answer, what is? Well, […]
You’ll recall my observation from Part 1 that increasingly tools are being used in place of thought and rigour. Its worth setting out what I mean by thought and rigour in the context of this issue, so briefly this is how I define it (constrained by a desire for brevity). Lack of understanding of context: […]
…or at least that’s how it feels As a security practitioner its easy to dismiss agile practices – the ‘just enough’ architecture, short term if any planning and reliance on vanilla solutions as good enough are an anathema to anyone who has been around security for a while – particularly if you are a security […]
Fractional Polymath 