Security Strategy?
I've worked a lot in security environments where strategy is unclear. I've worked a little in places where strategy is very clear. I've NEVER worked in a place where the security strategy is clear. "That sounds like a sweeping statement, Rob", I hear you thinking... Maybe. But someone, who has ... Read More
10 Bits of Logging and Monitoring for Architectural Success
I've been involved in a logging and monitoring project recently, and realised how close to their chests most vendors and other companies doing this type of work tend to keep their methodologies. And although a lot of people have done L&M projects, I wonder how much of the knowledge is ... Read More
Kids 1 – InfoSec 0
My son broke one of his brother's toys this morning - they were growing crystals on paper (yeah, it's all science and engineering fun in this house) and Number 1 son knocked Number 2's crystals off. 2 is 4 years old and cried, hard. 1 is 5, and came running ... Read More
Keeping My Own Agenda
6 years have passed since my last post appeared. I've been busy. I've stayed in touch with a few of you. I've had 3 children, many employers and a whole lot more experience in Security. Some of those employers haven't liked me to blog, some have specifically disallowed it. I ... Read More
Big holes in code
When I started this blog a couple of years ago, I was living and working in Barcelona, Spain. It was a glorious place and a glorious time. I genuinely loved living there, my wife and I have some very happy memories. We're about to have our first child, a boy, ... Read More
What risk isn’t
Writing blogs and having an opinion are fairly easy things to do, creating and selling a product is not. I've done both, at the same time, in fact that's why this blog exists - a marketing tool for a product I am no longer involved with, but a past-time I ... Read More
IBE and PGP
Identity-based encryption (IBE) was first proposed by Adi Shamir over 25 years ago, developed by Dan Boneh and Matt Franklin in one scheme, and Clifford Cocks in another. If these names don't mean much to you, Adi Shamir is the S in RSA (Rivest and Adleman being the R and ... Read More
Cheap as chips, safe as… chips.
I'm constantly amazed at how little strategy there is in most organisations. It doesn't matter how big or how small, I have rarely come across an organisation that has a fully joined up security strategy, which makes sense.If you think you are one of these people, please set me straight, ... Read More
Not on crack
No sooner do I start up on the old blog again than Mike pitches in and pushes me off my training wheels. Thanks Uncle Mike. No, I'm not really being a whining limey/pom bastard or whatever you call us these days. But Mike, you aren't in the UK, and, with ... Read More
Is encryption finally going to have its day?
I think so, for a number of reasons:The Government is handing down mandates.After a number of high profile incidents, including an MoD laptop left on a train, the rules are being tightened across government departments. Despite the NHS being told that they have to strip budgets back to the bare ... Read More
