Winning Systems & Security Practitioners 1. Introduction

1100 words, 4 1/2 minutes. Introduction “Never tell people how to do things. Tell them what to do and they will surprise you with their ingenuity." - George S. Patton If you’ve read my previous postyou’ll know that to get beneficial, long lasting, low-maintenance results in Information Security, you need winning systems. Not skills. If you like grinding monotony punctuated by periods of extreme stress and being able to tell people how busy you constantly are, you can safely return to your to-do list. »

Forget Solving The Cyber Security Skills Shortage

1100 words, 4 minutes. This post is one of a short series on structural and systemic things the Information Security industry does wrong, and what we might do about them. Disclaimer: I advocate lifelong learning, that includes professional training, product training, workshops, online or in-person courses, and academic study. The professional trainers I know who author and deliver their own material are among the most mentally agile people I’ve ever met. »

The Age Of Invisible Disasters

1400 words, 5 minutes. The Tay Bridge disaster occurred during a violent storm on 28th December 1879 when the first Tay Rail Bridge collapsed while a train was passing over it from Wormit to Dundee, killing all 70 people aboard. It is widely accepted by engineers that disasters teach us more than successes. Said another way, we don’t learn from the bridge that stays standing. After the Tay Bridge disaster there was an investigation. »

Elephant Proofing Your Web Servers

750 words, 3 minutes. The Case For Default Deny What’s free, permanently reduces your exposure to a range of potential vulnerabilities, requires no maintenance, and takes only a few minutes to implement? Most web servers are installed to serve content to unauthenticated users on the Internet. Most only have a finite list of URLs or a specific number of web apps. I’ve always thought it strange that they install in a default-permit mode. »

Arrival

1200 words, 4 1/2 minutes. Welcome to the first post of my blog. Here I explain the why, what, and how of everything else you will see on this site. If you want to know more about the who, then read this. Most of my professional life involves winning systems or processes I’ve already established, monitoring progress or performance against targets, solving recognised problems. Here is where I introduce a few new ideas in a less formal environment, and explore them with you in an atmosphere of constructive discussion so that we might test them and learn something. »