Cyber security and industry maturity are two phrases rarely heard together. The vendor hall gimmicks, perennial vaporware and billion dollar valuations always draw a wry smile from seasoned InfoSec professionals. Despite all this, if we look closely there’s signs emerging that the industry may actually be starting to mature. The best – and perhaps only …
Threat Hunting – the Beginner’s Guide
If you ask a security professional ‘what is threat hunting?’ you are guaranteed to get a wide range of answers, including: “Responding to AI-generated security alerts” “A new term for incident response” “Looking at the dark web to see if anyone is going to attack us” In fact, threat hunting is none of these things – although …
First-Time Parent in a Tech Firm
As in many industries, work in a fast-growing cyber-security firm can blur the lines, with conference calls at 10pm, proposal writing at midnight and 3am incidents a pretty common occurrence – traded against late morning starts and quiet days. Shortly before the arrival of my first child a year ago, I was worried about how …
What’s in a Name? The Unspoken Arms Race of the Cyber Security Industry
The 2016 US Government report detailing Russian malicious cyber activity named 40 separate Russian state-aligned cyber threats, drawn from security vendor marketing and research. Indeed, the advisory came with its own monicker ‘Grizzly Steppe’, bringing the names involved to 41 (plus suspected civilian groups). Despite this apparent proliferation, Russian state-aligned cyber activity is suspected to …
From Breach to Bankruptcy – How the Terminal Impact of Cyber Attacks is Accelerating
The time it takes for firms to go out of business due to cyber attack is decreasing. In 2000 it took ten years, in 2017 it took just eight months. In fact, since 2010 the cyber attack ‘time to Terminal Impact’ (bankruptcy) has pretty much halved every two years in a twisted inversion of Moore’s …
5 reasons why innovative security teams are creating genuine return for the business
Is it ever possible for security to be more than just an insurance policy? Every so often a security firm will have a go at trying to change perceptions – to convince its C-level target market that security can actually be more than just a cost-centre. For security to actually be an enabler – and …
Things I Learned from Crowdfunding my MBA
Crowdfunding my MBA was one of the best decisions I ever made – I learned as almost as much from the process as I did from the course itself. Here I’ll give you a quick view on how I did it, what I learned from it, and what you might also take from it. In …
Why is the Cyber Security Industry Addicted to Marketing?
The world’s largest cyber security firms spent startling amounts on sales and marketing last year, allocating 41% of revenue to their commercial activities. Indeed, some companies exceeded 50% and even 60%. When compared against other B2B tech firms such as Cisco, (19%) or Microsoft (17%), it’s clear that the cyber security industry is somewhat different …
White House ‘Cost of Cyber Report’ is misleading
Has the White House has got it wrong with its ‘Cost of Malicious Cyber Activity to the US Economy’ report? It estimates damages of up to $109 billion per year – which is a nice media-friendly figure, but anyone actually reading the report is likely to dismiss it because the way in which these damages …
Cyber-Security Predictions for 2018
My 2017 in cyber; 12 months in detection and response, and predictions for 2018. Supply Chain Attacks The big trend of 2017 was supply chain attacks. Your attack surface extends out beyond your firewall, and compromising your key suppliers, partners, even customers represents a trusted route straight into your organisation and we saw exponential growth …