Musings of a vegetarian cybersecurity consultant.
Disclaimer: content can vary from music to cars, computing, news, books and rants. Views do not necessarily reflect those of my employers or clients.
-
Why does software development need zero trust?
Disclaimer: The following article is a blog post I wrote for Nexor, based on things I’ve been working on over the past few years. The last few weeks have continued to demonstrate the impact of a compromised software supply chain – whether that’s realised by malicious threat actors or lack of software quality control. CrowdStrike,…
-
Are we approaching AI’s trough of disillusionment?
The internet has criticised – jestfully – the capability of AI for several years now. It started with computer vision capabilities in their youth, where cats were often identified and inferred as dogs, when blockchain was still the hype for Y Combinator candidates and investors with more money than technical prowess. A flow chart that…
-
How do you trust artificial intelligence? (draft)
(This is a blog I am drafting for Nexor, and seeking wider thoughts and comments on before publication) Recent events in the news have us pondering a fundamental trust issue with AI models, whether that’s trusting the data with which we train them, or the result of which they infer. Large Language Model (LLM) poisoning…
-
Zero Trust is not just an architecture
Zero trust is not a magic black box product either. Those that know me are aware that I’m very much a “let’s go back to first principles” kind of person, and often that has saved me from going down rabbit holes, or has found overlooked flaws in previous enterprise architectures and highlighted a clearer path…
-
Falling in love with photography again
The last time I picked up my Fuji X-Pro 2 was to take some headshots of myself for a series of whitepapers I’m authoring as part of my day job. Purely pragmatic, given that the first was due for review the very next day as a draft, and I still had my studio equipment from…
-
DevSecOops: 3CX Hack – Supply Chain Attack
Very recently, 3CX, a VOIP and PBX software developer was compromised. According to their website, over 600,000 businesses globally use 3CX solutions to power voice communications in their business. Some customers include the NHS, Air France, PWC, just to give some context. Policy For Suspected Attacks My jaw hit the floor and bounced back, causing…
-
SecOops: Arnold Clark
Recently, Arnold Clark became one of the latest victims of note to Play ransomware. Arnold Clark customer data stolen in attack claimed by Play ransomware (bleepingcomputer.com) This has huge implications for customers of Arnold Clark, never mind Arnold Clark themselves with the potential GDPR fines involved. Customer data not only has been stolen, but presumably…
-
Ctrl + alt + del
I’ve rebooted the blog, having been wanting to post updates for ages, but not particularly wanting to fix the CI/CD pipeline I had pointing to my old colocation setup in London. Seeing as that’s long gone, and I’ve downsized to the small one in the North East, I figured I’d move back to WordPress so…
-
Lessons from containerising monolithic apps
Sometimes removing the little sanity you have to culture a bigger organisational change and engineering paradigm is worth it When I joined $COMPANY as a principal DevOps architect, I was shown around a couple of server cabinets. My boss pointed to these physical things called servers. “That’s an AMQP server. That’s a Zabbix server. That’s…
-
Coronavirus Special: Subaru Impreza WRX GC8 Import
Somehow the engine was rebuilt twice, within a fortnight. In my adventures of fixing, rebuilding and playing with old sports cars, I met a friend, Danny, who was in the need of seriously saving his Subaru Impreza WRX. He’d been sold a less than perfect, but mostly solid JDM import WRX from a private seller.…
Got any book recommendations?