Hiring competent people in cybersecurity is always important, as you cannot secure what you do not understand. The trouble is often those who are performing the hiring do not have an in-depth understanding of cyber security and what specific skills and experiences are required to perform a cyber security role well. In this article, I Read more about Detecting Cyber Security BS in CVs[…]
It appears 3rd party integrations are the flavour of the month for security incidents at the moment. The latest being Ticketek Australia, where some of its customer may have had their personal details exposed, including names, date-of-birth and email; all of which was managed by a “reputable, global third-party supplier”. In other words, a global Read more about The 3rd party security nightmare[…]
Those who have been following my posts know I have an evolving love/hate relationship with online security questionnaires. Done well, they can speed up the process for the client and service provider and establish a properly shared understanding of where risks lie and how those can be managed over time. Done badly, they can be Read more about Security Questionnaires online, are they safe?[…]
First off, do you know what the biggest single cause of security vulnerabilities and successful attacks against computer systems is? A lot of people think of insufficient access controls, a lack of process, SQL injection, etc but there is something more fundamental sitting behind a lot of these that often gets overlooked. I’m talking about Read more about Protecting against the biggest security vulnerability[…]
The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What is the Defence in Depth Security Model? The Read more about The Defence in Depth Security Model Explained[…]