Cyber Security News & Current Events


Recent Posts

Formula 1, Cyber Vendors and Selling Fences

Posted by Sash on 15/03/19 5:32 PM

This weekend's Formula 1 Grand Prix has an unlikely parallel to the cyber security industry. You see, Formula 1 is a precisely engineered environment, where suspension load is modelled across the 300 or so corners of the calendar and components designed to only experience 40% of their rated strength.

Read More

In Europe for GDPR – Impressions Comparing it to Lessons from Australia’s Privacy Act NDB

Posted by Sash on 25/05/18 2:58 PM

I have been in Europe for a couple of weeks now working on some longer-term strategic initiatives for Security Centric. My work brought me into a larger number of organisations than I normally would in my usual consulting life, and a consistent hot topic was GDPR. This is hardly surprising considering the gradual tidal wave of privacy policy update emails we have all be subjected to, as organisations align their compliance programs ahead of the deadline which comes into effect in a few hours across the EU.

Read More

WannaCry: Nothing New Here Apart from a Catchy Name

Posted by Sash on 17/05/17 1:17 PM

Even the catchy name is not particularly innovative (Heartbleed has to take that prize over others such as BEAST and POODLE).

Read More

Security Centric joins PCI QSA program, but for different reasons

Posted by Sash on 14/05/15 2:05 PM

QSA organisations and individual assessors usually complete the final phase of a PCI DSS compliance program – that is, a final audit. Whilst Security Centric is a QSA organisation, only a small proportion of engagements are to perform the final compliance audit.

Read More

Complete Heartbleed Protection in Under 36 Hours From Discovery

Posted by Sash on 14/04/14 4:20 PM

Much has been written about the OpenSSL Heartbleed vulnerability, which affects the TLS heartbeat mechanism used by some versions of the OpenSSL library. Numerous open source and commercial products use affected versions of OpenSSL for their implementation of PKI, including enterprise hardware and software products.

Read More

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|


Recent Posts