Blog

We regularly post our thinking here because ideas are best shared. It might be our approach to solving a problem (we’re not fans of reinventing the wheel!), perhaps simply something else entirely that has piqued our interest!

You can join us at @cydeaHQ on Twitter, or our LinkedIn page to discuss any of our posts. If you’d like to know each time we add a new post, you can subscribe for notifications and a few other choice bits of content.

Communicating risk

We believe in positive security that helps to protect current and future business value. Clear communication is essential for making that happen - but communication is hard, especially when you have to provide clarity about complicated things.

The paths into cyber security consulting

At Cydea, we’ve all taken different approaches to get into cyber security consulting. Cydea’s approach when recruiting has always focused on demonstrating your passion for positive security and your drive to help clients, it’s not about being the “finished article” or having followed what’s considered the ‘traditional’ path into cyber security.

Risk Advisory: Managed File Transfer Software

Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations.

Managing portfolio cyber security

A few weeks ago, we brought together people from private capital to discuss cyber security in portfolios and how value creation steers it.

How we view assets

The first thing we usually ask new clients is: What are you defending? Exploring that simple question allows us to understand how clients consider, and value, their assets.

Startup cyber security requirements

As a startup, it can be overwhelming to know where to start when it comes to cyber security, and the approaches adopted by larger organisations are often not suitable to be applied on a smaller scale as they are both costly and resource intensive.

Why you should have Incident Response playbooks

Cydea’s Incident Response plan template Incident, n: “An event that is either unpleasant or unusual.” – Cambridge English Dictionary How confident do you feel that, if your company was hit by a cyber incident, you and your team know what to do, and in what order?

Risks without impacts: attack path analysis

A little while ago, I was presented with a familiar problem statement from a Cydea client who was a cyber security manager at a large organisation: “There’s a new cyber vulnerability in the Operating System we use on the handheld devices used by our engineers out in the field; how do I communicate the resultant change in risk profile to the organisation?

What is ISO 27001?

It’s the gold standard ISO 27001 is a standard that describes how organisations can implement an ‘information security management system’ (ISMS) to govern and manage their information security risk.