Matt Palmer

Palmer on Cyber

Shortly after 2001, I was one of many to sign the agile manifesto for software development. This document went on to start a global movement and change how technology change is done: from grandiose projects that often failed, to iterative change that often delivered. But agile principles can be applied ... Read More

Most best practice advice on passwords is terrible. But why? This article explains which password advice should be followed and which advice is harmful, and shows you what a good password policy should contain ... Read More

Boards and non executive directors can lead from the front on cyber security and reduce risk for your organisation. Yet sometimes it is not easy to find a path forward to engage in a technical area. Here are 10 practice suggestions to take forward with your cyber security leader ... Read More

Reporting cyber security to the board involves a delicate balance. Cyber security technical details need to be turned into strategic plans that match the organization's risk tolerance and business goals. Here’s how it can go wrong, and what it takes to get it right ... Read More

Cloud security means multiple teams with a shared responsibility. The transition to cloud computing is an evolution that many organisations are still undertaking to improve efficiency, scalability, and flexibility in their operations. Cloud services offer recognised advantages, such as moving IT infrastructure costs to operating expenditure rather than capital expenditure, ... Read More

To experts, the business case for cyber security change programmes can seem clear as day — it can be hard to understand why rational business leaders may say no to investment. Yet they do.Here’s how to get a yes.Winning board support for cyber security projects is a critical challenge for ... Read More

On September 12, 2023, MGM Resorts International experienced a cyber attack that resulted in them shutting down their systems. The investigation is ongoing, but crime groups Scattered Spider and APLHV are believed to have used social engineering to hack into the company. What do we know now? And what can ... Read More

The challenge of IT Project AssuranceProject assurance can be a challenge; change programmes are notoriously complicated with many dependent parts contributing to an overall goal. Project managers often have a different view of success to their sponsors. Processes, governance, control and approach vary wildly. Controlling projects through effective change management ... Read More

Information risk and security is an infinite field of work and study. You can spend your whole life trying to gain the width or depth of knowledge necessary to do the job competently, and every day feel you know a little less than the day before.At the same time, it’s ... Read More

The focus of CISSP is purely Information Security. Having said that, its a very big field. CISSP’s reputation as a certification is for being ‘a mile wide and an inch deep’. In fact it’s so wide that rather like the Great Wall of China, you can probably see it from ... Read More