5 Steps for Securing Your Software Supply Chain

RSA Conference just published an article that I’ve written on the 5 steps for securing your software supply chain. Most modern applications are assembled from open source components with developers typically writing less than 15% of the code for their...
How Secure Is Your iPhone?

How Secure Is Your iPhone?

The Wall Street Journal has written an article that will challenge your belief on the security of your digital life. It reports on how a basic iPhone feature can allow criminals to steal your entire digital life. This basic feature is your pass code and the technique...
Your Website Might have an Unknown OSCP Dependency

Your Website Might have an Unknown OSCP Dependency

A few weeks ago, a friend who looks after a web server had an outage on their website and asked me to help troubleshoot. The cause of the outage surprised me and is the reason why I’m writing about it. The website outage was due to a dependency it had on the server of...

My Thoughts on FAIR

photo taken from yorkfair.org I recently completed the FAIR analysis fundamentals course and here are my thoughts on it. FAIR stands for Factor Analysis of Information Risk, and is the only international standard quantitative model for information security and...
Rapid Risk Assessments

Rapid Risk Assessments

That was the main take away for me from today’s talks by SANS instructor Eric Johnson. He was in the country running a workshop and talk at AISA conference in Melbourne and SANS contacted me if I was interested in having him doing a private talk to the team. I was...
Gamified Learning – Application Security

Gamified Learning – Application Security

Today we had a combined application security event with another tech company.It was the first time we ran the combined event and it involved security champions from both companies. We had planned on spending the morning reviewing 4 security concepts; XSS, CSRF, RCE...