Category: Miscellaneous

Security is Hard; Why are you laughing?

This weekend I posted a tweet, a short simple statement – with a lot hidden behind it:

Tweet: "I say "Security is hard" a lot. Infosec professionals laugh when I do. Why are they laughing?"

Security is Hard

I was trying to provoke discussion around two opposite ends of the security spectrum. The idea that security is so difficult that we might as well abandon the whole idea and the idea that security is trivially simple but there are certain blockers in the way (such as managerial denial, being understaffed, tech debt) which are preventing any real progress. The idea being that people are laughing at the statement “Security is hard” because they so wholeheartedly believe one of the above views that they cannot see the other.

Continue reading: Security is Hard; Why are you laughing?

Becoming a Penetration Tester

The aim of this post is not to talk about how to perform effective penetration tests, but it’s more around taking the first steps towards a career as a Penetration Tester. I want to talk about the kind of things that I look for in candidates, the kind of skills that I found useful when starting out, and as a candidate what to look at first. Information Security is a huge field and you’ve got a whole career to learn all of the details, but where should you start?

Continue reading: Becoming a Penetration Tester

Data Breaches and Stock Prices

When talking to companies about the effects of hacking and data breaches I often talk to companies about the effect on stock prices and the potential for brand damage – but, does a security breach really cause a noticeable effect on share prices?¬†Incidentally I was recently working on a script to pull historical stock data for companies at specific dates. So I figured I’d test drive the new script and pull some historic data for companies immediately following a breach, to show the ultra-short term affect on their share price. So I offer my raw data here without analysis and allow you to draw your own conclusions. It’s pretty interesting to see the¬†initial drops in stock and the patterns that affect all companies and all breaches regardless of how well it is handled.

Continue reading: Data Breaches and Stock Prices