Date: 4 Apr 2025
I had an engaging discussion with David Gadd about the misunderstanding of the CISO role. (Be interested in your views whether you think the CISO role is fully understood and if it isn't, why not! Comment in the LinkedIn post below ⬇️)
Your iPhone houses your entire digital existence - from cherished photographs and private messages to sensitive banking information and beyond. Whilst Apple's iPhone with the latest iOS offers impressive built-in security, it's not simply a "set and forget" arrangement. To properly shield your digital life from criminals, I recommend taking several straightforward measures. None of these steps are intrusive and shouldn't hamper your user experience.
Updated on 2025-11-12 with new security feature of iOS26. As a result it is now a list of 6 recommendations. To ensure the link works, I have not changed the blog post title.
Yesterday, 24th February 2025, I received the heartbreaking news that one of the cybersecurity vendors I had worked with since 2006, Skybox Security, has closed its doors.
The announcement came as a shock, first shared with employees on a call and later communicated to channel partners via email. Skybox Security was once a visionary company, yet it has now faced an unfortunate end.
My thoughts are with all the former employees whose lives have been suddenly disrupted. I sincerely wish them strength and resilience in navigating this transition and finding new opportunities that match their talents and expertise.
Let’s take a moment to reflect on Skybox Security’s journey and the lessons to be learned.
I am lost for words, so I will be brief - you can read my opinion piece on this from a couple of weeks back here: ./2025-02 UKGov our data is not yours to take/our data is not yours to take.md
This blatant disregard for the people's privacy by the UK government will do nothing to protect us more from criminals. They will continue to use existing and new tools that offer end-to-end data encryption outside of the reach of any government.
I have had Advanced Data Protection activated since it was released in 2023. Sadly, I will be losing this privacy protection someday.
The article was published by Help Net Security and can be read here
The copy of the article:
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. This revelation deeply concerns me – it is a blatant overreach that threatens privacy, security and civil liberties.
Having been using Apple devices and services since 2006, I trust Apple, which has built its reputation on user privacy, is unlikely to comply. The company has previously resisted similar demands, even suggesting that it would rather leave the UK market than compromise its privacy standards. This raises an urgent question: should technology companies be forced to bow to government pressure and bring in George Orwell's 1984 nightmare, or should they remain steadfast in protecting our privacy rights? In this context, I agree with Edward Snowden summary on privacy:
“Saying you don’t care about privacy because you have nothing to hide is like saying you don’t care about free speech because you have nothing to say.” -- Edward Snowden, Link to Reddit
This article was first published by Help Net Security and can be accessed on their website in International English spelling.
What if I told you that what you may have learned about protecting information and information systems is incomplete? Curious? Then read on.
The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents.
In this article, I will analyse the CIA triad, point out its deficiencies, and propose to standardize the terminology involved and expand it by introducing two additional elements.
In this edition of the Cyber Insights blog, I want to cover the often-overlooked topic of business cybersecurity external posture, written mainly for business executives.
Over the past 12 months, I have had several discussions with business leaders and small startups about the image their organisations are portraying to potential attackers, usually cybercriminals seeking ransom money.
This article also features in the Computer Weekly / TechTarget Cyber Security ThinkTank: https://www.computerweekly.com/opinion/In-the-cloud-effective-IAM-should-align-to-zero-trust-principles
The topic of “best practices in IAM” is complex due to the intricacies of Identity and Access Management (IAM) and the unique policies, processes, and procedures of each organisation. Therefore, a one-size-fits-all approach does not work.
"Innovate fast and fail faster!" is a mantra that many fintech companies are following. Some successfully, some not so much.
Take example of Revolut, who seem to top the UK charts for the most fraud complaints.
(source: https://www.bbc.co.uk/news/articles/cj6epzxdd77o )
Originally published on: https://www.linkedin.com/pulse/lessons-from-bank-fraud-featuring-revolut-vladimir-jirasek-xakqe/
In a typical enterprise, a division of responsibilities is codified: an IT team runs IT systems and a security team operates security systems. There might not be any risk of security systems affecting IT systems until the security tools are running on end-user devices, servers and as active elements in the network (Firewall admins will agree with me, they get lots of unwarranted grief from IT teams that “firewall is slowing things down”).