SIGINT Emerges From the Shadows, Part One: From Top Secret to Twitter

Signals intelligence (SIGINT) agencies sit at an inflection point. Historically clandestine organisations, they are now adopting a more publicly facing outlook. Through conference appearances, media statements and their use of social media, SIGINT agencies now regularly interact in full public view. This transition has largely come out of necessity with…

APT, Simplistic as 123

The cyber security community has a lopsided understanding of threats. On the one hand, the industry has excelled at breaking down and understanding campaigns. First through the Kill Chain and Diamond Model, and more recently with MITRE ATT&CK, there is now plenty of nuance and structure baked into…

Leadership in Cyber Security

Issues of leadership are rarely considered or dealt with in a serious way in the context of cyber security. Technological problems are met with technological solutions in a way that often trumps consideration of interpersonal relationships, character and leadership. In many ways this makes sense – we want people with real…

Beyond Buzzword Bingo: A Measured Discussion of AI and Cybersecurity

Cybersecurity and AI – two words guaranteed to create a headache. Within the security community, AI is either dismissed like vegan turkey or praised as the industry's magical elixir. Either way, I think we can all agree that the level of conversation is underwhelming. There are already plenty of interesting takes…

Non-traditional State Actors: New Kids on the Block

Cyber threat reporting sits at a dichotomy. On the one hand, much furor is made of the role of non-state actors – the way in which criminal groups, proxies, hacktivists and even individuals can have an outsized impact in the threat that they pose. On the other hand, discussion of state…

Going public: governmental attribution and coalition dynamics

From Sony Pictures to NotPetya, there has been a steady uptick of governments calling out and identifying the perpetrators of cyber incidents. This shift partially reflects a more developed posture for governments responding to cyber security challenges. Cyber security remits have long been delegated to signals intelligence (SIGINT) agencies and…

Transcending Silos and Engaging With Operational Realities

Cyber security is a dispersed field, one comprising both a variety of topics (ranging from malware analysis, to psychology, to policy) and numerous stakeholders (including government, industry and academia). Silos have unsurprisingly emerged, making it critical for different communities to work together. None of this should be seen as particularly…