Charity starts where the home is: stop bashing others before bashing yourselves

China, Russia, Syria, North Korea and Iran are commonly in the papers for physically attacking us, attacking us or our allies by the wire (the CAT5 cable or whatever type of cable you are using these days). The majority of people including myself agree with the above and I am not here to say these countries are perfect, far from it, they are all dictatorships.

Huawei has been in the media a lot lately though not for a few weeks now. Yes, Huawei and other Chinese manufacturers are not perfect, nor can they be fully trusted because of the government which is a one-party state like many other countries. We are bashing foreign companies and nation states for hacking us, but can we really blame them when our attitudes to cyber security and technical defences are poor?

Read more ...

A thousand words of personal thoughts on something “controversial” and topical… Huawei (pronounced: wahwey!)

Who assigns the word “controversial”, “mandarin”, “tzar” and “bizarre” to a hot topic anyway? The general people, central government politicians or the British media? The media I would say so they have something to report on!

Government confusion/mixed messages
Sometime ago the prime minister and/or the home secretary was moaning about WhatsApp aiding terrorists and how they cannot crack it which I do not buy fully. Which brings up two thoughts. 1. Politicians not knowing what they are talking about - possible. 2. Politicians lying - hmm.

In 2010 the government opened the “The Cell” in Banbury, an evaluation centre for products. At first there were concerns about it and in 2015 it got a good bill of health with room for improvements of course. In April this year Theresa May approved a deal to use them and in May there are various concerns. Mixed messages from politicians to say the least.

Read more ...

There's more to Cyber Security than Pen Testing!

QA Cyber Security Technical Consultant, Graeme Batsman, looks at Intrinsic vs. Extrinsic Project and Programme Management.

Over the last few years I have worked on different accounts from massive corporations to central government departments. Sadly, I have seen all sorts of amusing situations, for those of you that think poor security as amusing. One thing in common across most organisations, when it comes to poor security isn't necessarily the employee's lack of experience but more to do with poor management or you guessed it…. Something which makes the world go around….cash.

Numerous in house or externally managed projects/programmes get little/no security oversight let alone a Pen Test. A project/programme will have an overall Manager/Director, various leads and resources. Think about it, if a programme with a budget of tens of millions has 100 full time staff for three years, can't it afford 1-2 full time security resources? Unfortunately more often than not, this isn't the case resulting in the security versus project team staffing ration to be poor.

Read more ...