Signals intelligence (SIGINT) agencies sit at an inflection point. Historically clandestine organisations, they are now adopting a more publicly facing outlook. Through conference appearances, media statements and their use of social media, SIGINT agencies now regularly interact in full public view. This transition has largely come out of necessity with…
The cyber security community has a lopsided understanding of threats. On the one hand, the industry has excelled at breaking down and understanding campaigns. First through the Kill Chain and Diamond Model, and more recently with MITRE ATT&CK, there is now plenty of nuance and structure baked into…
Issues of leadership are rarely considered or dealt with in a serious way in the context of cyber security. Technological problems are met with technological solutions in a way that often trumps consideration of interpersonal relationships, character and leadership. In many ways this makes sense β we want people with real…
Cybersecurity and AI β two words guaranteed to create a headache. Within the security community, AI is either dismissed like vegan turkey or praised as the industry's magical elixir. Either way, I think we can all agree that the level of conversation is underwhelming. There are already plenty of interesting takes…
As few weeks ago on Net Politics, Melissa K. Griffith laid out the challenges facing academics who want to study cyber conflict. She highlights the start-up costs young academics face, the scare availability of data, and the barriers to publishing. Her post sparked a lively discussion on Twitter. We are…
Cyber threat reporting sits at a dichotomy. On the one hand, much furor is made of the role of non-state actors β the way in which criminal groups, proxies, hacktivists and even individuals can have an outsized impact in the threat that they pose. On the other hand, discussion of state…
From Sony Pictures to NotPetya, there has been a steady uptick of governments calling out and identifying the perpetrators of cyber incidents. This shift partially reflects a more developed posture for governments responding to cyber security challenges. Cyber security remits have long been delegated to signals intelligence (SIGINT) agencies and…
Cyber security is a dispersed field, one comprising both a variety of topics (ranging from malware analysis, to psychology, to policy) and numerous stakeholders (including government, industry and academia). Silos have unsurprisingly emerged, making it critical for different communities to work together. None of this should be seen as particularly…