Crossing the road
Last week I spoke for Jersey Cyber Security Centre ( CERT.JE) about the changing threats facing us — from the very active offensive cyber campaign forming part of the war in Ukraine, to the emerging threat from AI tools that can be used for harm as well as for good.But the important part ... Read More
How to start a career in cyber security (or anything else)
Photo by Andrea De Santis on UnsplashI was asked again today by someone just starting out, how to start a career in cyber security. What did I do, and should they do the same?The answer: Don’t follow my path.My path has so far taken me through landscape gardening, accountancy, financial audit, internal audit, ... Read More
Welcome to never-war
Recently I was invited to share my thoughts on our current threat landscape and emerging cyber risks, and how to plan for the right actions to respond to this risk. I am unfortunately increasingly pessimistic about the risk outlook, though not necessarily our ability to respond.What we are seeing today is ... Read More
How to build a cyber capable board
Photo by Benjamin Child on UnsplashIn just a few years, cyber has transformed from the nerd in the corner into the Kim Kardashian of risk. Everyone, it seems, has an opinion on the issue. That’s because it’s serious — businesses can be built on, and destroyed by, cyber risk.The World Economic Forum’s Global Risks ... Read More
We’re not hiring unicorns. But that doesn’t mean any less effort.
Image copyright CERT.JE / Matt PalmerBy any assessment the effort I’m going to hire well feels extreme. Far more so than I have done in the past. I wanted to work a bit harder to reach potential candidates in a small market and give everyone an opportunity to work with us, ... Read More
What the Titanic can teach us about cyber risk
TitanicAny company that has been around long enough will have stories that define or explain its culture or purpose. When I was CISO at Willis Towers Watson, one of those stories was how Willis Faber arranged the insurance for the Titanic. The risk of launching such a ship would have ... Read More
Practical Steps to Reducing Cyber Risk
Cyberattacks are hard to contain and can quickly impact any organisation — whether a target or not.Photo by Rostislav Artov on UnsplashReminding us of this fact, recent tensions in Ukraine and a range of cyberattacks that crippled their government websites last month resulted in warnings issued by US and UK cyber bodies.Back in 2017, in ... Read More
When Privacy conflicts with Security, here’s how to fix it
Data protection and cyber security priorities can often feel in conflict. However some simple tools can help you get everyone on the same page.This article reflects on a talk I delivered for the Channel Islands Information Security Forum as part of Data Protection Week.Photo by Jason Dent on UnsplashIn the theoretical world ... Read More
How to share bad news
Management theory is full of advice on how to share isolated elements of bad news amongst lots of good. But what about when the news is mostly bad?The Deepwater Horizon Oil Spill in 2010 was definitely bad news. But was it shared well? Credit: DVIDSHUB on Flickr (creative commons)In real life ... Read More
What Do IT Auditors Really Do?
To operations, technology and cyber security leaders, auditors are often seen as a necessary evil. As a result, how audits are actually delivered often feels like witchcraft. So what exactly do they do all day?Understanding the IT audit process is valuable to operational leaders. Photo by Scott Graham on UnsplashIf you’ve ever ... Read More
