Category Archives: Uncategorized

I love the GDPR

Because I finally have a way to stop IT vendors calling me



The First Tuesday of the Week

Tuesday 3rd February

First Tuesday

I wonder if the young ladies who wear the black dresses to serve us (mostly) middle-aged, (mostly) middle-management, (mostly) middle-class chaps ever wonder what it’s like on the other side of the canapé tray.  It’s not easy eating rubberised Chinese food and making small talk with people whose professional function is to stop their colleagues doing the things that they’d like.

Fair play to Verracode though.  The usual low-sell from persistent chaps.

But what about the Nosh?  Not enough I say.  Not enough.  And too much rubber.

It’s dark and it’s a network. It’s the Dark Net

NED Darknet 30 January

I must confess that I liked this one.  The indefatigable Greg Jones gave an excellent debrief on the Darknet using some weird font which made his presentation look like The Nightmare Before Christmas meets The Matrix.  Well cool and well worth the trip into town.  Greg did overrun somewhat though, but I think on balance it was worth it.  Whatever lecture we missed can’t have been half as good as the exposition of the Darknet, TOR and various other vegetables.  Most impressive as Greg always knows his onions.  Particularly interesting was taking a peek at some of the actual sales and auction sites selling the various goods that most people want to own but don’t want to actually be caught buying, it made a refreshing change to actually see something on sale, rather than the usual platitudes implying that such-and-such is on sale for “fifty dollars”.  A mistake that one of the later presenters made, unfortunately.  Now I’m sure that the Security Architect who works for Visa also knows her Togaf from her Toga, but she fell into that rather obvious trap that tech-light presenters do and tried to befuddle her audience.  She threw lots of arcane, unattributed statistics at us and while I’m sure that some must have been correct, I didn’t see any empirical evidence supporting the assertions about the “number of businesses who can’t recruit the right staff”.  Dear heart, what is a business in the cold light of day?  She also annoyed some of us by constantly referring to the cost of her favourites in “dollars”, presumably she can’t put the numbers into a spreadsheet to convert to cowrie shells which are God’s own currency.  The we had more sales pitches dressed up as thought leadership by the usual anonymous crowd.

An informal little gathering of about fifty or so listened politely and then opined through the usual faux questions.  At one point I felt myself wondering what would have happened if I had turned left out of the lift and gone to the Nursing Gastrointestinal Conference.  I once had gastroenteritis so I think I am well qualified to attend such a conference and I am sure that we’d all have learned something interesting by swapping at least one of the lectures over.

I wanted to ask the police commissioner why the police simply don’t take financial crime seriously if the victim is not a corporation.  For example, if you get your cheques forged, they simply won’t help.  But I didn’t.  Because I’m a craven coward.  So I waited to the end at mid day and went back to the office.

The greats included:

  • Commissioner Adrian Leppard, City of London Police
  • Greg Jones, Director, Digital Assurance
  • Rashmi Knowles, Chief Security Architect EMEA, RSA
  • Martin Jordan, Chairman, NED Forum
  • Paul Webster, Global Head of Technology Audit, Vodafone Group
  • Ross Dyer, Technical Director, Trend Micro
  • Dan Buckley, Director EMEA and APAC, Core Security
  • Phil Huggins, Vice president, STROZ FRIEDBERG

But what about the nosh?  The morning started very well with super little biscuits and pastries filled with custard and other such sugar and fat fests.  Tea of course.  But no lunch, which was a shame.  Perhaps next time the sponsors could spring for bowl of crisps.  I regret not jumping over to the nursing section as they had what looked like a lovely plate of salad, but I thought that as I don’t exactly look like an off-ward but on-duty nurse that trying to explain why I was snaffling a free plate of scran might not do my immortal soul any good.

rant, Rant, RANT I SAY

28 January RANT Emerging Threats in Cybersecurity

I wonder what the future will bring?  Well, the truth is, answering what is easy.  It’s the when that’s hard.

I was none the wise after this event.  Despite a hefty degree of heckling, the splendid Monica Salgado kept us all under control.  What does the future bring? “Internet of Things” says one bright spark (internet of what, exactly? says me). “Stupid users” says another (shurely not this one, says me). Same old same old says I.  But I am just Cassandra in another frock.

Difficult questions expertly dodged by

  • Mónica Salgado, Senior Lawyer – Data Protection, Visa Europe
  • Jason Creasey, Managing Director – Jerakano Limited
  • Arthur Barnes, Principal Threat Manager EMEA – Pearson plc
  • Morgan LLoyd, CISSP, Technology Evangelist – Cisco UK & Ireland

Usual crowd at top floor of The Counting House.  I still think the Rant has outgrown the facility.

But what about the scran?  Of course, the beauty is the free bar.  Which is only any use if you drink alcohol.  I’m cutting it out so my largesse was limited.  The food was disappointing.  Strange chicken curry, rice, chips and a rather odd vegetarian chickpea-and-pasta-tomato-paste.  I don’t think the chef intended the pasta to turn into wallpaper paste, but the end result was a carbohydrate overload.  I know that the Counting House catering team can do better as they have laid on Orange Food before.  I had to come home and have an oatcake.

It was twenty years ago today …

Wednesday 14th January

IET Royal Institute

We’va all seen the Royal Institute Faraday on the telly.  It’s the one where a load of children ohh and aah about flashy science.  It’s sort of famous in its own, quaint, way.

Well, let me tell you: it aint half uncomfortable.  Tonight’s little pontificum featured a splendid panel of experts.  We had a couple of Big4 consultants, someone who works in Government and business bloke.  I presume that the Big4 are still enforcing “public speaking” in their staff non-billable objectives:  there’s money in the old infosec rope.  The Department for Business and Something Assistant Director gave a good overview of the Government’s Cyber Security Essentials, though it probably covered old ground for some.  She gave an impressive list of her credentials in her introduction, I’m not sure exactly what and Assistant Director does but is certainly sounded good.  The chap from the rail told us how information is important and how it’s important to secure it.  Can’t say I envy his much.

  • CHRIS POTTER, Partner at PwC (co-author of the UK government survey on information security breaches over the last 15 years),
  • ORLA MACRAE, Assistant Director of Cyber Security at BIS
    (The Department for Business Innovation and Skills);
  • PETER GIBBONS B.E.M, Head of Cyber Security at Network Rail
  • RICHARD HORNE, Cyber Security Partner at PwC UK

The usual self-aggrandising audience questions, lightened by the observation from one individual questioning the veracity of some of the statistics relayed by the Big4 chaps, who had the good grace to admit to their failings and to claim that it was intentional, but not misleading.

The room seemed pretty full, a couple of hundred of the old guard British Computer Society types along with some younger chaps talking about how much code they’d written.  Nice.

But what about the nosh?  Unusually the pre-speaking scran was better than the after-event.  We had lovely little pastries, all sugar and fat with teas of course.  Afterwards we were given wine with peanuts which left me feeling a little deflated.

Gartner Security Summit 2014

Gartner Security and Risk Management Summit 2014
8-9 September 2014

I went so you don’t have to and put the photos on facething

Excellent two days with the geeks-in-suits.  At least two presenters referred to Gartner analysts as “cats” as in “herding”.  Something about them being independent types who don’t like to be told what to do.

It’s quite a full-on couple of days with minimal free time:  perhaps a few minutes between the teas.

We started with key points about your policy
 Why Your Policy is Broken and How You Can Fix It Jay Heiser
Jay explained the benefit of strucuture

Mr bonner in a tinfoil hat


At bsides