I’ve been asked why I’m here and anonymous. I’m just a small ripple in a big #infosec ocean, trying to change things for the better with experiences from 22+ years of trying to keep people safe... you may not always agree with me, but that’s ok, just please #bekind to each other!

Morning @SW_Help this is parked in 2 disabled bays at #surbiton station. No blue badge on display.

Wishing you all a HAPPY NEW YEAR! Hope 2025 brings you all you wish for! As ever thankful to those working over this period to keep us safe - emergency services, armed forces and of course our #infosec teams.

Wishing everyone an enjoyable festive 🎄 break! I am very grateful to those who are working during the holidays to keep us all safe - emergency 👮 👩‍⚕️ 🧑‍🚒 services, armed forces, and of course our #infosec teams!

Yes I’m that person who has 16 people coming for Christmas 🎄 dinner and I forgot to order the Christmas pudding 🤦‍♂️ And I am out trying to find one… No one really likes it anyway, do they?

One of our sector specific business apps has just put up its renewal price by 30% stating: “We have seen a need to strengthen our product due to the evolving cyber threat landscape, as such our costs have increased” Erm, shouldn’t you be providing secure products anyway?

Some form of MFA is better than NO MFA! My mother is never going to get a smart phone 📱 so I am quite comfortable that she has SMS as a second factor, than no second factor at all!

I attended a small #infosec event last week (circa 150 attendees). I was there for the talks only but in the networking area they had 10 vendors which I did NOT visit. Got 6 calls yesterday from vendors exhibiting, all opening with “thanks for speaking with us at our stand…” 🤔

The worst part of my job is when we have to investigate colleagues. Please don’t steal data from your employers. It will never end well for anyone involved!

Anyone else’s org have a habit of allowing their staff to resign and come back as “consultants” on attractive day rates, working 2 days a week? It’s like they never left the building…

Non exec directors are rightly concerned about #infosec & need assurances the org is doing all it can to protect itself against cyber attacks. But, do they have the right knowledge / skills to: 1. Ask the right questions. 2. Understand the answers. How do we upskill the NEDs?

I am only going to say this once. If you do not have MFA on your solution you are trying to sell me, we are NOT buying it!

What’s the most bizarre vendor approach you have received? I got sent a bunch of flowers by a vendor with a card attached asking for an intro meeting. Shame it got sent to the office - I’m a home worker 🤣

Don’t you just love a passive aggressive email from a #infosec vendor first thing in the morning with your coffee. All because I would not PoC their technology. Apparently because of “lack of care for my organisation” the org will suffer a major cyber breach…

Another day and another SaaS vendor who doesn’t want to implement MFA on their solution. Sorry, you won’t be getting our business then!

I fancied cheesecake but had none in so found some mature cheddar and shortbread biscuits! Wow - tastes so good 😋

A corporate client of our business is insisting that all my colleagues who work on their account must change their passwords every 30days to keep their customer data safe. Please please please can we bin this rubbish #infosec advice. Thank you 🙏

I like to think I’m fairly handy, my dad was an mechanical, gas (corgi) & electrical engineer. Throughout my childhood we worked together on various projects including classic car restoration. However it has still taken me 4hrs & lots of swearing to install an @ikea dishwasher.

You have all the #infosec controls in place to align with {Insert your security standard of choice}, pass audit & are certified compliant on Monday. Tuesday you remove those security controls. On Wednesday can your organisation still wear the “certified to ….” Badge 🤔

a #infosec recruiter friend of mine told me of a trend they are seeing with candidates with <3yrs industry experience thinking they are right for leadership roles. The candidates get offended when the recruiter lets them down gently. Candidate feels they deserve an interview.

Can we go back to plain text emails please? #infosec life would be so much better without HTML emails.