Robin Oldham is the founder of Cydea, and previously led BAE Systems’ Security Advisory & Technical Services business, that was recognised by Forrester as one of the leading information security consultancies.
Robin helps businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
A template for your incident response plan
Cyber security incidents can be high-pressure situations with serious consequences for both businesses and individuals alike. That stress can compromise decision making (especially when tired!) and a good cyber incident response plan helps organisations to get their response right. Recently while working with a client on improving their blue team and incident response capability they mentioned that they hadn’t been able to find an example of a good cyber incident response plan.
Hello, World! from cydea.Tools
Introducing cydea.Tools, a collection of the tools we use in our client work and that are now freely available for any infosec team to pick up and accelerate their cyber security programme. I’ve written before about positive security and our desire to dispel fear, uncertainty and doubt. The old asymmetric threat adage pits embattled security teams in am impossible fight against ‘bad guys’ that share their tactics, techniques and procedures and only need to ‘get it right once.
Racial discrimination is systemic within information security
As I wrote in my weekly infosec newsletter over the weekend: You will, no doubt, have seen some of the horrific coverage of violence used against protesters this week… You may feel detached or removed from events however the issues are systemic and pervasive even in a ‘modern’ field like cyber security. The language we use is important. Our profession is littered with examples of out-dated terminology that has no place in modern business:
Defense in Depth discuss 'what are you defending?'
Cydea’s founder, Robin Oldham, is featured on this week’s Defense in Depth podcast discussing asset valuation. Citing our blog post, Robin’s comments were picked up by David Spark and featured on the show. "What are we defending? is a question that gets asked nowhere nearly enough. Ask it early. Ask if often." Both co-host Allan Alford and this week’s guest Bobby Ford agreed. “The first thing you have to do is identify critical activities.
Five insights from the Security Watercooler
Last week we trialled an idea for running short video calls for people to share knowledge and experiences of different security topics. We called these Security Watercoolers and had a great response. These are the five most interesting things - aligned to NIST Cybersecurity’s Identify, Protect, Detect, Respond, Recover - that we learned from the sessions last week: A risk universe provides a structured way to categorise things that have happened in the past, and think about what may happen in the future, when identifying risk scenarios relevant to your organisation.
Security Watercooler: Communicating your recovery, with Jessica Lennard
This week we are trialling an idea around a virtual ‘Security Watercooler’. 25~30 min video calls to break up the day and showcase different viewpoints. Check out more about the concept here. Today Robin Oldham was joined by Jessica Lennard to discuss the communicating your recovery. Here are the summary notes from the call: For lots of security people ‘recovery’ has very technical roots: rebuilding and patching systems, addressing security vulnerabilities, and so on.