Research / Infosec Culture (2)

Making a Business Case for Information Security Training

Making a Business Case for Information Security Training

While information security training is an absolute necessity for any modern organisation, it can be surprisingly difficult to convince decision-makers to allocate funding, let alone perform a successful rollout.

Read Story

How to Define the Right Cyber Security Training Objectives and Outcomes

Identifying the right talent development areas for your organisation's infosec needs is all about asking the right questions... and listening carefully to the answers.

Read Story

Do Not Fear The AI - Embrace It

Do Not Fear The AI - Embrace It

As it stands, AI cannot completely replace a competent cybersecurity professional. However, AI can play a positive (yet limited) role in improving our effectiveness, regardless of how society is starting to believe the ultimate disruptor has arrived.

Read Story

Hard to Verify Claims of Hacking Go Both Ways

Hard to Verify Claims of Hacking Go Both Ways

Cyber espionage tends to morph into an issue of national pride. Anyone in the cyber security sector will tell you that there are a lot of attacks out there which go unreported for fear of receiving reputational retaliation by issuing unprovable blame. First Published 10th March 2020 | …

Read Story

How to Review and Improve Your Cybersecurity Training Processes

How to Review and Improve Your Cybersecurity Training Processes

Continuously improving your IT security training program is a very noble cause. However, most training leaders do not have sufficient processes in place (beyond what's in their own heads) to drive meaningful and coherent change.

Read Story

Why TPPs Matter and Attributions Do Not

Attribution is hard, and even when done successfully, it's often wrong. Instead, understanding the tactics, techniques, and procedures (TTPs) of threat actors can help you look for indicators of compromise, and help you prepare for future attacks.

Read Story

How to Condense Your Cyber Security Training Scope

The range of IT securities capabilities you can train for is limitless, and some domain areas are more valuable than others. Therefore, the right question is not "What training do you want", but "What training is good for you".

Read Story

Cybercrime in an Interconnected World

Cybercrime in an Interconnected World

Cybercriminals are not confined to one region or culture, but operate throughout the interconnected world to capitalise on evolving opportunities to steal customer data and transfer funds. Published 25th May 2016 | Latest Refresh 13th September 2022 A web that reaches from a pocket in …

Read Story

Proof of Attack vs Proof of Attacker

Proof of Attack vs Proof of Attacker

When a system is said to be under attack, compromised or a breach is suspected and/or detected, given the physical and technical challenges, is it even possible to prove who did it? First Published 15th December 2016 | Latest Refresh 13th September 2022 Sufficient due process to separ …

Read Story

The Accessible Guide to Penetration Testing

The Accessible Guide to Penetration Testing

For years, penetration testing was viewed primarily as an activity for large and complex companies. Now that it is significantly more accessible, smart (and less sophisticated) businesses are baking it into their business-as-usual activities even as early as the point of their creatio …

Read Story

Subscribe by email