As HMRC remind us, tax doesn’t have to be taxing. Well neither does risk management. In fact, assessing risks is something we learn from a young age. But when we don our suits and enter the corporate world, all sense of how we should manage risk seems to go out of the window.

 
 
 
A typical risk [...]

Over the years, information security has moved from being a dark art practised by a few beardies to becoming something most people understand and appreciate. Also, as time has progressed, infosec professionals have become more apt at explaining infosec to the layman in terms they all understand. Additionally security awareness programmes in most companies, coupled [...]

I’ve been asked many times, mostly by myself, as to the best way to convince business people to open their purse strings and spend some money on security.
It seems as if business people, developers, IT managers, procurement, HR, finance; basically anyone and everyone is only prepared to spend the bare minimum on security features to [...]

Unless you’re a worthless, unemployed lazy bum, you’re more than likely to have come across a process known as an interview.
For you lazy bums out there who’ve never been interviewed, an interview is a bit like what you do when buying your first car. You have little idea of what you want, but you kick [...]

Information Security used to be easy. I would spend the day emailing friends, wait until my manager hassled me for the 17th time about responding to a users query, make a couple of recommendations attaching a copy of the security policy then go back to emailing pictures which explained why there was only one female [...]

Infosec would have a better reputation if all consultants were perfect like me. When speaking to a project manager, we should have completed our research. Scoured the internet, finding out what a particular application does and how many security vulnerabilities are out there. The list goes on, but suffice to say a good consultant always [...]

Whether you call it security theatre or just a sales pitch that sets expectations too high. We’ve had lots of products and processes that have claimed to increase security only to contain enough hot air to propel one of Richard Bransons baloons across the world.
Here’s the cynical breakdown of security that was too hyped up.
Airport [...]

Pandemic flu, virus outbreaks, the end of the world. These are things that a cynic laughs in the face of… but an infosec cynic only raises an eyebrow.
If working in Infosec, which is an industry built on the solid foundations of PC viruses, has taught me anything. Its how to survive a pandemic. I look [...]

Infosec sometimes unfairly gets a lot of bad press for being a barrier to business goals and objectives. How infosec professionals don’t understand business needs and drivers. How pouring money into security is about as good as burning it.
But infosec has improved the quality of working and the lives of workers the world over. The [...]

So you want to be an infosec consultant? If you’re like most guys, its better you consider a career in risk management or audit. Or maybe you’ve already got some variation of “security” in your job title but are stuck in a rut. Results are coming slowly and career progression is almost non-existent. What you [...]