Continuous Pen Testing – Pros and Cons

It seems quite a few businesses are resorting to using 3rd parties to implement continuous pen testing for not only their own products but also for online services they also consume – this can be a very bad idea and lead to a false sense of security. In the face of it regularly scanning an Read more about Continuous Pen Testing – Pros and Cons[…]

Singapore’s TraceTogether Token

Singapore has developed a physical token to enable elderly and vulnerable people to easily be contact traced without the need of having the TraceTogether app. The device also overcomes some of the issues that are being faced with the mobile app, including battery drainage and issues when the app is running in the background or Read more about Singapore’s TraceTogether Token[…]

Security Event Logging, why it is so important

Every once in awhile I get asked why detailed event logging is so important when setting up cybersecurity controls at a business. In this article will attempt to explain why this is critically important. To log or not to log, that is question… When it comes to logging security events and being able to make Read more about Security Event Logging, why it is so important[…]

How much should you spend on an external PenTest?

External Penetration Tests today come in all shapes and sizes, from the rudimentary highly automated scanning to the more detailed and human-driven PenTests, with often widely ranging costs to boot (3 to 4 times difference is not unusual for essentially the same thing). Sometimes it’s difficult to work out what form of external PenTest is Read more about How much should you spend on an external PenTest?[…]

Cyber Crime

Encrypt Email addresses at Rest

It seems not a day goes by without some major data breach occurring on businesses systems. Anywhere from a few thousand records to many millions at a time, containing information ranging from names, addresses, telephones number, dates of birth and account details, etc. One thing I have noticed, that seems to be a constant throughout Read more about Encrypt Email addresses at Rest[…]

Latest print of book is out

This a quick post to say that I have just received the latest print of my book, now updated to cover off recent changes in legislation, plus some changes from feedback given by readers – much thanks! This makes the book even more useful to those looking to properly secure personal information in businesses and Read more about Latest print of book is out[…]

Will the last AU based start-up please turn off the light?

It appears the Australian Federal Government is determined to do a Thelma & Louise and literally drive off a cliff into the abyss over truly mindless and ill-conceived legislation as concerns encryption, privacy and security. It has the potential to make us totally uncompetitive in global information technology markets and cut off at the knees a fledgling Read more about Will the last AU based start-up please turn off the light?[…]

First book published

This a quick post to say that my first book has now been published on Amazon. In total its taken a good 9 months from the initial idea. The book focusses on Personal Information Security and how in business personal information needs to be secured and protected. The book is full of lots of practical Read more about First book published[…]

PII Hacking

Privacy and Security go hand in hand

In our modern world its difficult to comprehend how many systems hold various bits of information on you, it ranges from banks, credit score agencies, dentists, all the way to SaaS providers and your telco. Social networks also have mountains of information on you that they mine to work out your personal preferences, so they Read more about Privacy and Security go hand in hand[…]

API Security – Carefully does it!

API’s are a convenient and handy way to get different computers systems to talk to each other, but often they are also an easy way to get in by the backdoor deep into computer systems. In this article, we look at few of the most common mistakes made and what you can do about it. Read more about API Security – Carefully does it![…]

Australian Privacy Policy

Privacy and Your Business, what are the risks?

Privacy is a big concern if you are running a business, regardless of size. All businesses need to keep sensitive information about their customers, staff, associations and potential customers – all of this will contain information that pertains to individuals which could cause them (and you) harm if illegal accessed or divulged. Further the ability Read more about Privacy and Your Business, what are the risks?[…]

KRACK – Securing Your Wifi Network

Given the release of the KRACK vulnerability, it is becoming very clear you need to take additional steps to make your Wifi network more secure. You should take this as a wake up call to understanding the risks inherent with a Wifi network and just how easily it can be used to gain access into Read more about KRACK – Securing Your Wifi Network[…]

User Authentication, you must do it right!

I must admit, one of my all time pet peeves is when engineers do not implement their user authentication service in the right way to be defendable against an attack. Take for the instance the recent hack against Zomato in which they had 6.6m hashed user passwords stolen. The real problem here is not that the Read more about User Authentication, you must do it right![…]

Arduino Hydreon RG-11 Optical Rain Sensor, with Solar Sensor

This is part of the TechEd Section. As mentioned previously, I was on the look out for a suitable Solar sensor to provide measurement of the strength of the Sunlight on our property. Now where the RG-11 is located is actually quite an ideal place for determining Solar light levels, as it has a clear Read more about Arduino Hydreon RG-11 Optical Rain Sensor, with Solar Sensor[…]

Arduino Hydreon RG-11 Optical Rain Sensor interfacing

This is part of the TechEd Section. My project of tying together various sensors to work out what is happening around the property is taking shape. I just took delivery of the Hydreon RG-11 Optical Rain Sensor a few days ago, cost $99 plus postage from Ocean Controls.  A nifty little unit that makes use Read more about Arduino Hydreon RG-11 Optical Rain Sensor interfacing[…]

The Evils of Technical Debt

Technical Debt – A phrase that brings shiver to any experienced engineer or software architect. In this article I’ll explore why it is so Evil and a few basic things you can do to stop it bringing your whole business to a go slow state. (This is a follow-up article from my talk on Technical Read more about The Evils of Technical Debt[…]