ISC2 Secure Software Development ISC2 Spotlight: Secure Software Development conference - day two Yesterday's conference sessions were interesting (you can read about them here), and today is the last day of the conference. Today's agenda: * Secure by Design: CISA's Plan to Foster Tech Ecosystem Security * SigStore to Secure the Code Supply Chain * What You Need to Know
ISC2 Secure Software Development ISC2 Spotlight: Secure Software Development conference - day one ISC2 (formerly (ISC)²) ran an online only "spotlight" (conference) on secure software development this week on the 8th and 9th of November. As this directly aligned to my work's industry (I work for a software development company), I took the time to attend this. ISC2 members
SSO Single sign on: why it's good for account management Single Sign On (SSO) is a mechanism for authenticating to separate systems using a single identity (you can read the Wikipedia article & definition here). Ever seen the "login with Facebook" or "Sign in with Apple" type buttons on websites? That's SSO at work.
work Starting a job in a hybrid working environment In 2022 I changed jobs and started working for a company that only opened the office three days a week. Here I reflect on that process after over a year.
review Review: Viewfinder (game) In Viewfinder you move around the world collecting photographs, and later taking them with a Polaroid camera. You then use the photos in your collection to solve puzzles ranging from "how do I get over there?" to "I need three batteries to power this teleporter, but I
how to Azure Static Web Apps and HTTP security headers Azure Static Web Apps is a simple service provided by Microsoft Azure that allows you to serve a website without needing to manage the underlying web server. As the name implies, the website needs to be static, i.e. you can't use PHP or other server-side code to
eVitabu dev week eVitabu dev week, March 2023 Progress made during the eVitabu dev week in March 2023.
duolingo Duolingo: thoughts after over 1,200 days I've seen a lot of changes in Duolingo over 1,200 days using the app.
AI Playing with Google Bard: writing prose In a previous post I mentioned my early experiments with Google Bard. In May and July I decided to test Bard when it came to writing some prose. Rest assured though, my blog posts will always be written by me! Note: If I've quoted Bard output I'
infosec 2023 Infosec Europe 2023, day 3 Thursday was the final day of the conference and I managed to attend a lot of sessions, some that I hadn't originally planned. Keynote: Malicious Innovation - What We Can Learn From Hackers Our keynote speaker today was Keren Elazari who highlighted to us that hackers force us
infosec 2023 Infosec Europe 2023, day 2 Day two consisted of talks rather than workshops, although I had issues attending some of the talks I was after (one was packed, the other had its previous talk overrun). I managed to get to a number of talks that were still useful though, as well as catching up with
infosec 2023 Infosec Europe 2023, day 1 This is my first in-person conference since the pandemic and I've been looking forward to it. That said, there's a small amount of nerves too as there's likely to be a lot of people in attendance. Infosecurity Europe is conference / trade show is hosted
PowerShell Using the Rapid7 InsightVM API with PowerShell An explanation and some examples for connecting to Rapid7's InsightVM API (version 3) with PowerShell.
android Android ProGuard & Serialisation - exempting files from obfuscation After battling with a problem involving obfuscated variables I wanted to share the solution.
career Changing working practices Reflecting on some of the things I do while working, and how these have changed over my career so far.
career Ten months in to being the SISO Reflections on ten (ish) months into my post as Senior Information Security Officer.
how to Using Docker for a PHP, MariaDB and Nginx project Those of you that are regular readers will notice that my posting is waaaay behind schedule, and that my goal of posting once a week has failed again so far. Sorry about that! Hopefully this post will be useful to you. I use my blog primarily for two things: because
Security Congress 2022 Catching up: on-demand sessions from (ISC)² Security Congress 2022 (ISC)² make session recordings available after the event, and with a number of sessions of interest going on simultaneously these are invaluable. Any sessions I watched prior to the end of December I received CPE / CPD credits for, but the recordings are around afterward too. Here's some summary
Things I need on my desk I saw a tweet from a computer company recently that asked people to name three things they needed on their desk. One person responded "monitor, keyboard, mouse - that was easy", but this got me wondering about what things I need versus the things that I want, or
malware Playing with some old malware Malware has been around for ages, but how do some old malware samples work on more modern Operating Systems?