Robin Oldham is the founder of Cydea, and previously led BAE Systems’ Security Advisory & Technical Services business, that was recognised by Forrester as one of the leading information security consultancies.
Robin helps businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
Announcing Cydea x Good Causes
Since founding Cydea eighteen months ago our mission has been to bring positive security to the world. Some of that is contributing to open source projects or releasing tools free of charge through cydea.tools. From the outset, part of that vision has always been that we will give back as best we can to charities and nonprofits that do amazing things. We’re fortunate enough now to be in a position to help and so that’s why I’m proud to be launching Cydea x Good Causes.
Risk Advisory: Microsoft Exchange 'Hafnium'
Cydea’s risk advisories are intended for senior management to aid their understanding of current events and the cyber risk posed to their organisations. If your organisation uses Exchange (specifically on-premise rather than Office 365) then please read on as this advisory directly affects your organisation and action is required by your IT team. What has happened? State-sponsored actors have discovered flaws in Microsoft’s Exchange software that is used by many organisations for email, calendar and address books and used these to breach organisations.
A template for your incident response plan
Cyber security incidents can be high-pressure situations with serious consequences for both businesses and individuals alike. That stress can compromise decision making (especially when tired!) and a good cyber incident response plan helps organisations to get their response right. Recently while working with a client on improving their blue team and incident response capability they mentioned that they hadn’t been able to find an example of a good cyber incident response plan.
Hello, World! from cydea.Tools
Introducing cydea.Tools, a collection of the tools we use in our client work and that are now freely available for any infosec team to pick up and accelerate their cyber security programme. I’ve written before about positive security and our desire to dispel fear, uncertainty and doubt. The old asymmetric threat adage pits embattled security teams in am impossible fight against ‘bad guys’ that share their tactics, techniques and procedures and only need to ‘get it right once.
Racial discrimination is systemic within information security
As I wrote in my weekly infosec newsletter over the weekend: You will, no doubt, have seen some of the horrific coverage of violence used against protesters this week… You may feel detached or removed from events however the issues are systemic and pervasive even in a ‘modern’ field like cyber security. The language we use is important. Our profession is littered with examples of out-dated terminology that has no place in modern business:
Defense in Depth discuss 'what are you defending?'
Cydea’s founder, Robin Oldham, is featured on this week’s Defense in Depth podcast discussing asset valuation. Citing our blog post, Robin’s comments were picked up by David Spark and featured on the show. "What are we defending? is a question that gets asked nowhere nearly enough. Ask it early. Ask if often." Both co-host Allan Alford and this week’s guest Bobby Ford agreed. “The first thing you have to do is identify critical activities.